Bug 497913 (CVE-2009-1515)
Summary: | CVE-2009-1515 file: heap-based buffer overflow in cdf_read_sat() | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | dnovotny, jbj, mbacovsk |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-06-16 07:02:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Vincent Danen
2009-04-27 20:28:45 UTC
hello, I have reported the issue to file upstream Secunia has issued an advisory about this: http://secunia.com/advisories/34881/ Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1515 to the following vulnerability: Name: CVE-2009-1515 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1515 Assigned: 20090504 Reference: MISC: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603 Reference: MISC: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820 Reference: CONFIRM:ftp://ftp.astron.com/pub/file/file-5.01.tar.gz Reference: BID:34745 Reference: URL: http://www.securityfocus.com/bid/34745 Reference: OSVDB:54100 Reference: URL: http://www.osvdb.org/54100 Reference: SECUNIA:34881 Reference: URL: http://secunia.com/advisories/34881 Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information. Despite the allusion to it above, file 5.01 does *not* fix what the python.msi file breaks. file 5.02 which was released today corrects the issue: ~/Download/tmp/file-5.02/src/ >% ./file --magic=../magic/magic.mgc ~/Desktop/python-2.6.2.msi /home/vdanen/Desktop/python-2.6.2.msi: CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Title: Installation Database, Subject: Python 2.6.2, Author: Python Software Foundation, Template: Intel;1033, Revision Number: {7D2E52BC-98BB-493F-BC14-CFF942D2FB84}, Number of Words: 2, Number of Pages: 200, Name of Creating Application: Python MSI Library ~/Download/tmp/file-5.02/src/ >% ./file --magic=../magic/magic.mgc --version lt-file-5.02 magic file from ../magic/magic.mgc Hello, I updated to 5.02 in rawhide (F12). F11 has development freeze right now, so I cannot put the new version there... Hi, Daniel. I just got the go-ahead from Jesse so you can push this for F11 despite the freeze. If you could do that, that would be fantastic. Thanks! OK, built and filed a ticket in releng trac ( https://fedorahosted.org/rel-eng/ticket/1740 ) file-5.02-1.fc11 was successfully tagged into f11-final Sorry, Daniel, but 5.03 is out now with more CDF-related security fixes: http://mx.gw.com/pipermail/file/2009/000383.html There is no CVE name as of yet. (In reply to comment #9) > Sorry, Daniel, but 5.03 is out now with more CDF-related security fixes: OK, requested dist-f11 tag https://fedorahosted.org/rel-eng/ticket/1785 (F12 already done yesterday) file-5.03-1.fc11 successfully tagged into f11-final |