150713 – CAN-2005-0706 Buffer overflow in grip

Bug 150713 - CAN-2005-0706 Buffer overflow in grip

Summary: CAN-2005-0706 Buffer overflow in grip

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	grip
Sub Component:
Version:	3
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Bill Nottingham
QA Contact:
Docs Contact:
URL:
Whiteboard:	impact=moderate,public=20050309,sourc...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-03-09 21:49 UTC by Josh Bressers
Modified:	2014-03-17 02:52 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-03-10 00:19:13 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2005-03-09 21:49:23 UTC

+++ This bug was initially created as a clone of Bug #150712 +++

This issue was discovered by Dean Brettle

While investigating a crash of grip on my FC3 system, I've come across
what appears to be a long-standing remote buffer overflow vulnerability.
Specifically, if the CDDB server (eg freedb.org) returns more than 16
matches (exact or inexact) for a CD, grip will write past the end of a
stack-based array.  I think that means that a hostile server or a
hostile 3rd party submitter to the CDDB server could exploit the bug (by
embedding exploit code in the overflowing matches).

Comment 1 Josh Bressers 2005-03-09 21:49:56 UTC

This issue should also affect FC2

Comment 2 Josh Bressers 2005-03-09 21:50:08 UTC

Patch is located here:
https://sourceforge.net/tracker/index.php?func=detail&aid=1160134&group_id=3714&atid=303714

Comment 3 Bill Nottingham 2005-03-10 00:19:13 UTC

Fixed.

Note You need to log in before you can comment on or make changes to this bug.