Bug 175405 - CVE-2005-3964 Open Motif libUil Buffer Overflows
CVE-2005-3964 Open Motif libUil Buffer Overflows
Status: CLOSED WONTFIX
Product: Fedora Legacy
Classification: Retired
Component: openmotif (Show other bugs)
unspecified
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://www.securityfocus.com/bid/1568...
impact=moderate, LEGACY, rh73, rh90, ...
: Security
Depends On: 174815
Blocks:
  Show dependency treegraph
 
Reported: 2005-12-09 15:52 EST by John Dalbec
Modified: 2007-08-30 16:01 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-30 16:01:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Bugzilla 174814 None None None Never

  None (edit)
Description John Dalbec 2005-12-09 15:52:03 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20051012 Netscape/8.0.4

Description of problem:
05.49.12 CVE: Not Available
Platform: Unix
Title: Open Motif libUil Open_source_file Buffer Overflow
Description: Open Motif is an open version of the Motif GUI toolkit.
It is vulnerable to a buffer overflow issue due to improper use of the
"strcpy" function. Successful exploitation may result in a remote
compromise or local privilege escalation depending on the affected
application linked to the library. Open Motif version 2.2.3 is
vulnerable.
Ref: http://www.securityfocus.com/bid/15686/info 

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:
Comment 1 John Dalbec 2005-12-09 15:56:49 EST
05.49.27 CVE: Not Available
Platform: Cross Platform
Title: Open Motif libUil Diag_issue_diagnostic Buffer Overflow
Description: Open Motif is an open version of the Motif GUI toolkit. A
buffer overflow vulnerability affects libUil and can leave
applications which link to the library vulnerable. The issue exists in
the "diag_issue_diagnostic()" function and is caused due to the use of
the "vsprintf()" libc procedure. Open Motif version 2.2.3 is affected.
Ref: http://www.securityfocus.com/bid/15684/info 
Comment 2 David Eisenstein 2006-05-28 02:52:50 EDT
I looked up both bid 15684 and 15686 at securityfocus, and it appears that these
two vulnerabilities are both addressed in CVE-2005-3964 (though that CVE is not
mentioned in either bid).  So I believe that these issues are the same as what
this bug ticket was opened for.

On April 4th, RHEL issued RHSA-2006:0272 for this issue, for RHEL 2.1, 3, & 4.
   <http://rhn.redhat.com/errata/RHSA-2006-0272.html>
This leads me to believe that this overflow issue affects all of our distros.

"A number of buffer overflow flaws were discovered in OpenMotif's libUil
library. It is possible for an attacker to execute arbitrary code as a
victim who has been tricked into executing a program linked against
OpenMotif, which then loads a malicious User Interface Language (UIL) file.
(CVE-2005-3964)

"Users of OpenMotif are advised to upgrade to these erratum packages, which
contain a backported security patch to correct this issue."

This issue was tackled for RHEL in Bug #174814, and should be tackled for FC4 in
Bug #174815 (but doesn't seem to be yet).
Comment 3 David Eisenstein 2006-07-30 02:40:09 EDT
This issue has been tackled by Thomas Woerner for FC4 in Bug #174815 now, but
still needs fixing for the other Fedora-Legacy-supported releases -- at least
FC3 now.  

Even though Legacy has dropped support for FC1 and FC2 at this time, should we
still issue updated packages for openmotif for those (since this bug was opened
when we were still supporting those releases?)
Comment 4 Jesse Keating 2006-08-13 10:50:16 EDT
(In reply to comment #3) 
> 
> Even though Legacy has dropped support for FC1 and FC2 at this time, should we
> still issue updated packages for openmotif for those (since this bug was opened
> when we were still supporting those releases?)

yes, if possible
Comment 5 Jesse Keating 2007-08-30 16:01:00 EDT
Fedora Legacy project has ended.  These will not be fixed by Fedora Legacy.

Note You need to log in before you can comment on or make changes to this bug.