Bug 115563 - CAN-2004-0097 PWlib/OpenH323 vulnerabilities
CAN-2004-0097 PWlib/OpenH323 vulnerabilities
Status: CLOSED DUPLICATE of bug 114310
Product: Fedora
Classification: Fedora
Component: pwlib (Show other bugs)
1
All Linux
high Severity medium
: ---
: ---
Assigned To: Alexander Larsson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-02-13 10:58 EST by Leonard den Ottolander
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-21 14:01:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
SPEC file to add CVE-CAN-2004-0097 ranges patch (5.57 KB, text/plain)
2004-02-13 11:00 EST, Leonard den Ottolander
no flags Details
Patch taken from RHL 9 to address CVE-CAN-2004-0097 (1.29 KB, patch)
2004-02-13 11:01 EST, Leonard den Ottolander
no flags Details | Diff

  None (edit)
Description Leonard den Ottolander 2004-02-13 10:58:58 EST
Vulnerabilities in PWLib were found after running the NISCC OpenH323
test suite.

"Of the nearly 4500 tests in the suite, OpenH323 failed two of them,
which took three lines of code to fix. These pointed out several other
potential problems as well, so the total changes were about 20 lines." 

Fix:
http://cvs.sourceforge.net/viewcvs.py/openh323/pwlib/src/ptclib/asnper.cxx?r1=1.8&r2=1.6

The pwlib-1.4.7-ranges.patch applies cleanly against pwlib-1.5.0 from
Fedora Core 1.
Comment 1 Leonard den Ottolander 2004-02-13 11:00:23 EST
Created attachment 97647 [details]
SPEC file to add CVE-CAN-2004-0097 ranges patch
Comment 2 Leonard den Ottolander 2004-02-13 11:01:55 EST
Created attachment 97648 [details]
Patch taken from RHL 9 to address CVE-CAN-2004-0097

This patch patches cleanly against Fedora Core 1's pwlib-1.5.0.
Comment 3 Leonard den Ottolander 2004-02-13 11:11:56 EST
Just a question as I stumbled on hunk #2 (#3 in the original patch) as
well: Shouldn't that function return len for this version of the code?
The return value was only changed to 0 in later versions of the code.
Changing it to 0 here might lead to unexpected results.
Comment 4 Alexander Larsson 2004-02-17 03:42:13 EST
Well. That was basically a bugfix i applied at the same time as the
security fix. :)
Comment 5 Mark J. Cox (Product Security) 2004-02-17 08:36:05 EST

*** This bug has been marked as a duplicate of 114310 ***
Comment 6 Leonard den Ottolander 2004-02-17 15:46:30 EST
Yeah, I figured that out (comment #4). Had a closer look and saw the
length should not be returned by the function but only in &len.
Comment 7 Red Hat Bugzilla 2006-02-21 14:01:12 EST
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.