Bug 152672 - PWLib: Carefully crafted messages can cause a Denial of Service on a application.
PWLib: Carefully crafted messages can cause a Denial of Service on a applicat...
Status: CLOSED CURRENTRELEASE
Product: Fedora Legacy
Classification: Retired
Component: Package request (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://www.openh323.org/
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-02-15 03:04 EST by David Lawrence
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:23:29 EST
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0097
https://rhn.redhat.com/errata/RHSA-2004-048.html

A test suite for the H.225 protocol (part of the H.323 family) provided by
the NISCC uncovered bugs in PWLib prior to version 1.6.0. An attacker
could trigger these bugs by sending carefully crafted messages to an
application. The effects of such an attack can vary depending on the
application, but would usually result in a Denial of Service. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0097 to this issue.



------- Additional Comments From jonny.strom@netikka.fi 2004-02-15 03:11:07 ----

A backported fix for RH 7.3 is avalible from:

http://www.linuxsolutions.fi/~johnny/fedora_legacy/rh73/

pwlib-1.2.12-3.7.3.1.legacy.i386.rpm       dd31c44d1ea0d8e6341bcd0604bb64f1

pwlib-devel-1.2.12-3.7.3.1.legacy.i386.rpm cb18cb98e1e620b63122ebd7dd01c2f4

pwlib-1.2.12-3.7.3.1.legacy.src.rpm        a61430ef95666aa0d41d9162d6053ea5

pwlib-1.2.12-ranges.patch                  2dc35057a654f2a057491a008b1650c0 


I did some testing with Gnomemeeting that uses pwlib and it seems to work ok,
note that Gnomemeeting can crash on exit this is an old bug in gnomemeeting not
caused by this fix. In addition if someone wants to do testing with other users
trough an ILS server so is the new addres ils.seconix.com.



------- Additional Comments From jkeating@j2solutions.net 2004-02-24 18:01:57 ----

Red Hat didn't ship w/ pwlib.  Building 8.0 rpms.



------- Additional Comments From jkeating@j2solutions.net 2004-02-24 19:12:55 ----

Pushed to updates-testing due to timeout.



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:23 -------

This bug previously known as bug 1296 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=1296
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Unknown severity major. Setting to default severity "normal".
The original reporter of this bug does not have
   an account here. Reassigning to the person who moved
   it here, dkl@redhat.com.
   Previous reporter was jonny.strom@netikka.fi.
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.


Note You need to log in before you can comment on or make changes to this bug.