Bug 122345 - CAN-2003-0856 busybox also contains netlink flaw
CAN-2003-0856 busybox also contains netlink flaw
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: busybox (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-05-03 11:23 EDT by Steve Grubb
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-08-31 12:19:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch that addresses the problems. (1.92 KB, patch)
2004-05-03 11:25 EDT, Steve Grubb
no flags Details | Diff
Revised patch (1.92 KB, patch)
2004-05-06 08:42 EDT, Steve Grubb
no flags Details | Diff

  None (edit)
Description Steve Grubb 2004-05-03 11:23:25 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.4.2)
Gecko/20040308

Description of problem:
Last November a bug was found in iproute, CAN-2003-0856. Busybox has
taken the same code from iproute-2.4.7 libnetlink.c and adjusted its
error message functions. The code in busybox was never updated when
the libnetlink vulnerability was discovered. Therefore it might be
susceptable to the same kind of attack.

There is also 2 other programming bugs. One being a potential buffer
overflow in dos2unix.c.

Version-Release number of selected component (if applicable):
busybox-1.00.pre8

How reproducible:
Didn't try

Steps to Reproduce:
Found during code review.

Additional info:

I will attach a patch to this bug report.
Comment 1 Steve Grubb 2004-05-03 11:25:09 EDT
Created attachment 99913 [details]
Patch that addresses the problems.

Please apply and test.
Comment 2 Steve Grubb 2004-05-06 08:42:57 EDT
Created attachment 100039 [details]
Revised patch

I re-reviewed the patch and found that the buffer overflow was not completely
handled. It needed to check for BUFSIZE-3. BUFSIZE-1 is the last addressable
byte, the loop increments the index by 2. That is why it needed to be
BUFSIZE-3. This revised patch has been accepted by the upstream author.
Comment 3 Daniel Walsh 2004-07-20 09:38:18 EDT
Upgrading to busybox-1.0.0.rc1  should fix this problem.
Will be in Rawhide tomorrow.

Note You need to log in before you can comment on or make changes to this bug.