Bug 885893 - (CVE-2012-6303) CVE-2012-6303 tcl-snack: multiple buffer overflows
CVE-2012-6303 tcl-snack: multiple buffer overflows
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20120712,reported=2...
: Security
Depends On: 885894
Blocks:
  Show dependency treegraph
 
Reported: 2012-12-10 17:41 EST by Vincent Danen
Modified: 2018-03-01 15:16 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed patch by Michael Karcher to fix CVE-2012-6303 (688 bytes, patch)
2013-01-01 19:22 EST, John Paul Adrian Glaubitz
no flags Details | Diff

  None (edit)
Description Vincent Danen 2012-12-10 17:41:44 EST
CVE-2012-6303 was assigned by MITRE to multiple buffer overflows in WaveSurfer (not shipped) and the Snack Sound Toolkit (tcl-snack):

Disclosures:    http://www.exploit-db.com/exploits/19772/
                http://secunia.com/advisories/49889/
Product source: http://www.speech.kth.se/snack/
                http://wavesurfer.svn.sourceforge.net/viewvc/wavesurfer/trunk/wavesurfer/
                (The www.speech.kth.se site refers to "Snack v2.2.10
                 released December 01 Bug fix release" but this is
                 apparently about December 01 2004 -- not about a 2012
                 release.)

No fix is available as of yet.

Also note that the only things that use tcl-snack in Fedora is amsn and coccinella, but I couldn't find a way to change the sounds that play, which means the end user would need to download this crafted sound file from somewhere and associate it as a sound in either program somehow (possibly these IM clients will play remote sounds as well, not sure).  Also, there is a python-snack that makes use of tcl-snack, but I'm unaware of any programs that use python-snack.
Comment 1 Vincent Danen 2012-12-10 17:42:23 EST
Created tcl-snack tracking bugs for this issue

Affects: fedora-all [bug 885894]
Comment 2 John Paul Adrian Glaubitz 2013-01-01 19:22:44 EST
Created attachment 671186 [details]
Proposed patch by Michael Karcher to fix CVE-2012-6303

Hi,

I am attaching a patch created by Michael Karcher which fixes the problem. I have tested his patch on Debian with libsnack 2.2.10 and WaveSurfer 1.8.8p3, the crashes do no longer occur.

I have uploaded the updated snack package into Debian already. Please review and hopefully apply the patch in Fedora as well.

Cheers,

Adrian
Comment 3 Fedora Update System 2013-01-11 19:41:03 EST
tcl-snack-2.2.10-17.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2013-01-12 10:10:01 EST
tcl-snack-2.2.10-17.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2013-01-12 10:19:53 EST
tcl-snack-2.2.10-17.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Tazz 2018-03-01 15:16:04 EST
The previous private comment is for informational and documentation purposes only.  The specific format will be used by another tool.

Not sure if this bug should still be "Status = New" though.

Note You need to log in before you can comment on or make changes to this bug.