Bug 115563 - CAN-2004-0097 PWlib/OpenH323 vulnerabilities
Summary: CAN-2004-0097 PWlib/OpenH323 vulnerabilities
Status: CLOSED DUPLICATE of bug 114310
Alias: None
Product: Fedora
Classification: Fedora
Component: pwlib   
(Show other bugs)
Version: 1
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Alexander Larsson
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-02-13 15:58 UTC by Leonard den Ottolander
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-21 19:01:12 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
SPEC file to add CVE-CAN-2004-0097 ranges patch (5.57 KB, text/plain)
2004-02-13 16:00 UTC, Leonard den Ottolander
no flags Details
Patch taken from RHL 9 to address CVE-CAN-2004-0097 (1.29 KB, patch)
2004-02-13 16:01 UTC, Leonard den Ottolander
no flags Details | Diff

Description Leonard den Ottolander 2004-02-13 15:58:58 UTC
Vulnerabilities in PWLib were found after running the NISCC OpenH323
test suite.

"Of the nearly 4500 tests in the suite, OpenH323 failed two of them,
which took three lines of code to fix. These pointed out several other
potential problems as well, so the total changes were about 20 lines." 

Fix:
http://cvs.sourceforge.net/viewcvs.py/openh323/pwlib/src/ptclib/asnper.cxx?r1=1.8&r2=1.6

The pwlib-1.4.7-ranges.patch applies cleanly against pwlib-1.5.0 from
Fedora Core 1.

Comment 1 Leonard den Ottolander 2004-02-13 16:00:23 UTC
Created attachment 97647 [details]
SPEC file to add CVE-CAN-2004-0097 ranges patch

Comment 2 Leonard den Ottolander 2004-02-13 16:01:55 UTC
Created attachment 97648 [details]
Patch taken from RHL 9 to address CVE-CAN-2004-0097

This patch patches cleanly against Fedora Core 1's pwlib-1.5.0.

Comment 3 Leonard den Ottolander 2004-02-13 16:11:56 UTC
Just a question as I stumbled on hunk #2 (#3 in the original patch) as
well: Shouldn't that function return len for this version of the code?
The return value was only changed to 0 in later versions of the code.
Changing it to 0 here might lead to unexpected results.


Comment 4 Alexander Larsson 2004-02-17 08:42:13 UTC
Well. That was basically a bugfix i applied at the same time as the
security fix. :)

Comment 5 Mark J. Cox 2004-02-17 13:36:05 UTC

*** This bug has been marked as a duplicate of 114310 ***

Comment 6 Leonard den Ottolander 2004-02-17 20:46:30 UTC
Yeah, I figured that out (comment #4). Had a closer look and saw the
length should not be returned by the function but only in &len.


Comment 7 Red Hat Bugzilla 2006-02-21 19:01:12 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.


Note You need to log in before you can comment on or make changes to this bug.