Bug 885893 (CVE-2012-6303)

Summary:

CVE-2012-6303 tcl-snack: multiple buffer overflows

Product:

[Other] Security Response

Reporter:

Vincent Danen <vdanen>

Component:

vulnerability

Assignee:

Red Hat Product Security <security-response-team>

Status:

CLOSED UPSTREAM

QA Contact:

Severity:

low

Docs Contact:

Priority:

low

Version:

unspecified

CC:

tcallawa

Target Milestone:

---

Keywords:

Security

Target Release:

---

Hardware:

All

OS:

Linux

Whiteboard:

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2019-06-10 10:59:42 UTC

Type:

---

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Bug Depends On:

885894

Bug Blocks:

Attachments:

Description	Flags
Proposed patch by Michael Karcher to fix CVE-2012-6303	none

Description Vincent Danen 2012-12-10 22:41:44 UTC

CVE-2012-6303 was assigned by MITRE to multiple buffer overflows in WaveSurfer (not shipped) and the Snack Sound Toolkit (tcl-snack):

Disclosures:    http://www.exploit-db.com/exploits/19772/
                http://secunia.com/advisories/49889/
Product source: http://www.speech.kth.se/snack/
                http://wavesurfer.svn.sourceforge.net/viewvc/wavesurfer/trunk/wavesurfer/
                (The www.speech.kth.se site refers to "Snack v2.2.10
                 released December 01 Bug fix release" but this is
                 apparently about December 01 2004 -- not about a 2012
                 release.)

No fix is available as of yet.

Also note that the only things that use tcl-snack in Fedora is amsn and coccinella, but I couldn't find a way to change the sounds that play, which means the end user would need to download this crafted sound file from somewhere and associate it as a sound in either program somehow (possibly these IM clients will play remote sounds as well, not sure).  Also, there is a python-snack that makes use of tcl-snack, but I'm unaware of any programs that use python-snack.

Comment 1 Vincent Danen 2012-12-10 22:42:23 UTC

Created tcl-snack tracking bugs for this issue

Affects: fedora-all [bug 885894]

Comment 2 John Paul Adrian Glaubitz 2013-01-02 00:22:44 UTC

Created attachment 671186 [details]
Proposed patch by Michael Karcher to fix CVE-2012-6303

Hi,

I am attaching a patch created by Michael Karcher which fixes the problem. I have tested his patch on Debian with libsnack 2.2.10 and WaveSurfer 1.8.8p3, the crashes do no longer occur.

I have uploaded the updated snack package into Debian already. Please review and hopefully apply the patch in Fedora as well.

Cheers,

Adrian

Comment 3 Fedora Update System 2013-01-12 00:41:03 UTC

tcl-snack-2.2.10-17.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 4 Fedora Update System 2013-01-12 15:10:01 UTC

tcl-snack-2.2.10-17.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 5 Fedora Update System 2013-01-12 15:19:53 UTC

tcl-snack-2.2.10-17.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Tazz 2018-03-01 20:16:04 UTC

The previous private comment is for informational and documentation purposes only.  The specific format will be used by another tool.

Not sure if this bug should still be "Status = New" though.

Comment 8 Product Security DevOps Team 2019-06-10 10:59:42 UTC

This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.