Bug 188108 - CVE-2006-1550 Dia multiple buffer overflows
CVE-2006-1550 Dia multiple buffer overflows
Status: CLOSED DUPLICATE of bug 190942
Product: Fedora Legacy
Classification: Retired
Component: dia (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://mail.gnome.org/archives/dia-li...
impact=moderate, LEGACY, rhl73, rhl9,...
: Security
Depends On: 187401 187402
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-05 23:18 EDT by David Eisenstein
Modified: 2007-04-18 13:41 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-05-12 19:27:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Eisenstein 2006-04-05 23:18:04 EDT
+++ This bug was initially created as a clone of Bug #187401 +++

Dia multiple buffer overflows

infamous41md discovered three buffer overflows in Dia's xfig importer.
The issues are caused by unchecked input from the xfig file.

The patch can be found here:
http://mail.gnome.org/archives/dia-list/2006-March/msg00149.html


This issue also affects RHEL2.1

-- Additional comment from bressers@redhat.com on 2006-03-30 13:44 EST --
Created an attachment (id=127062)
Demo Exploit #1


-- Additional comment from bressers@redhat.com on 2006-03-30 13:44 EST --
Created an attachment (id=127063)
Demo Exploit #2


-- Additional comment from bressers@redhat.com on 2006-03-30 13:45 EST --
Created an attachment (id=127064)
Demo Exploit #3
Comment 1 David Eisenstein 2006-04-05 23:59:15 EDT
CVE-2006-1550 states:

"Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87
and later before 0.95-pre6 allow user-complicit attackers to have an unknown
impact via a crafted xfig file, possibly involving an invalid (1) color index,
(2) number of points, or (3) depth.'

Fedora Legacy versions affected
  Distro      Package
  -------     ------------------------------
  RHL 7.3     dia-0.88.1-3
  RHL 9       dia-0.90-11
  FC1         dia-0.92.2-1
  FC2         dia-0.92.2-3.1
  FC3         dia-0.94-5.fc3

FC4 issued an errata, FEDORA-2006-261 <http://tinyurl.com/kyrry>, issued on
2005-04-05, related to Bug #187402.  (dia-0.94-13.fc4).

Also, since dia was transferred to Fedora Extras for FC5, an errata (or update)
was issued by them in Bug #187556 (dia-0.94-21).

I am wondering -- does anything in the system depend on dia?  If not, would
it be in our interest to upgrade RHL7.3, RHL9, FC1 & FC2 to dia-0.94, since
that is the version for which the patch had been created?  We've had pretty good
success upgrading mozilla and ethereal in that way. . . .
Comment 2 kashif 2006-04-20 06:19:37 EDT
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system.  The kernel handles the basic functions
of the operating system:  memory allocation, process allocation, device
input and output, etc.The Dia drawing program is designed to be like the
Windows(TM) Visio
program. 
 Dia can be used to draw different types of diagrams, and
includes support for UML static structure diagrams (class diagrams),
entity relationship modeling, and network diagrams.  Dia can load and
save diagrams to a custom file format, can load and save in .xml format,
and can export to PostScript(TM).
Comment 3 Marc Deslauriers 2006-05-12 19:27:50 EDT

*** This bug has been marked as a duplicate of 190942 ***

Note You need to log in before you can comment on or make changes to this bug.