Red Hat Bugzilla – Bug 175405
CVE-2005-3964 Open Motif libUil Buffer Overflows
Last modified: 2007-08-30 16:01:00 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20051012 Netscape/8.0.4
Description of problem:
05.49.12 CVE: Not Available
Title: Open Motif libUil Open_source_file Buffer Overflow
Description: Open Motif is an open version of the Motif GUI toolkit.
It is vulnerable to a buffer overflow issue due to improper use of the
"strcpy" function. Successful exploitation may result in a remote
compromise or local privilege escalation depending on the affected
application linked to the library. Open Motif version 2.2.3 is
Version-Release number of selected component (if applicable):
05.49.27 CVE: Not Available
Platform: Cross Platform
Title: Open Motif libUil Diag_issue_diagnostic Buffer Overflow
Description: Open Motif is an open version of the Motif GUI toolkit. A
buffer overflow vulnerability affects libUil and can leave
applications which link to the library vulnerable. The issue exists in
the "diag_issue_diagnostic()" function and is caused due to the use of
the "vsprintf()" libc procedure. Open Motif version 2.2.3 is affected.
I looked up both bid 15684 and 15686 at securityfocus, and it appears that these
two vulnerabilities are both addressed in CVE-2005-3964 (though that CVE is not
mentioned in either bid). So I believe that these issues are the same as what
this bug ticket was opened for.
On April 4th, RHEL issued RHSA-2006:0272 for this issue, for RHEL 2.1, 3, & 4.
This leads me to believe that this overflow issue affects all of our distros.
"A number of buffer overflow flaws were discovered in OpenMotif's libUil
library. It is possible for an attacker to execute arbitrary code as a
victim who has been tricked into executing a program linked against
OpenMotif, which then loads a malicious User Interface Language (UIL) file.
"Users of OpenMotif are advised to upgrade to these erratum packages, which
contain a backported security patch to correct this issue."
This issue was tackled for RHEL in Bug #174814, and should be tackled for FC4 in
Bug #174815 (but doesn't seem to be yet).
This issue has been tackled by Thomas Woerner for FC4 in Bug #174815 now, but
still needs fixing for the other Fedora-Legacy-supported releases -- at least
Even though Legacy has dropped support for FC1 and FC2 at this time, should we
still issue updated packages for openmotif for those (since this bug was opened
when we were still supporting those releases?)
(In reply to comment #3)
> Even though Legacy has dropped support for FC1 and FC2 at this time, should we
> still issue updated packages for openmotif for those (since this bug was opened
> when we were still supporting those releases?)
yes, if possible
Fedora Legacy project has ended. These will not be fixed by Fedora Legacy.