Bug 910330 (CVE-2012-6128)

Summary: CVE-2012-6128 openconnect: Stack-based buffer overflow when processing certain host names, paths, or cookie lists
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: dwmw2, jrusnack
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,public=20121028,reported=20130211,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,fedora-all/openconnect=affected,epel-all/openconnect=affected,cwe=CWE-121
Fixed In Version: OpenConnect 4.99 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-12-08 11:19:01 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On: 910331, 910333    
Bug Blocks:    

Description Jan Lieskovsky 2013-02-12 06:03:04 EST
A stack-based buffer overflow flaw was found in the way OpenConnect, a client for Cisco's "AnyConnect" VPN, performed processing of certain host names, paths, or cookie lists, received from the VPN gateway. A remote VPN gateway could provide a specially-crafted host name, path or cookie list that, when processed by the openconnect client would lead to openconnect executable crash.

Relevant upstream patch:
[1] http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/26f752c3dbf69227679fc6bebb4ae071aecec491

References:
[2] http://www.openwall.com/lists/oss-security/2013/02/11/9
[3] http://www.infradead.org/openconnect/changelog.html
Comment 1 Jan Lieskovsky 2013-02-12 06:05:32 EST
This issue affects the versions of the openconnect package, as shipped with Fedora release of 17 and 18. Please schedule an update.

--

This issue affects the versions of the openconnect package, as shipped with Fedora EPEL 5 and Fedora EPEL 6. Please schedule an update.
Comment 2 Jan Lieskovsky 2013-02-12 06:06:55 EST
Created openconnect tracking bugs for this issue

Affects: fedora-all [bug 910331]
Affects: epel-all [bug 910333]
Comment 3 Vincent Danen 2013-02-12 17:01:27 EST
This was assigned CVE-2012-6128:

http://www.openwall.com/lists/oss-security/2013/02/12/7
Comment 4 Fedora Update System 2013-02-24 03:46:31 EST
openconnect-4.08-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2013-02-24 03:58:17 EST
openconnect-4.08-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2013-06-17 15:07:54 EDT
openconnect-4.08-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2013-06-17 15:08:31 EDT
openconnect-4.08-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.