Date: Mon, 2 Jan 2006 14:50:09 +0900 (JST) From: KOMATSU Shinichiro <koma2@lovepeers.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/91202: security/vuxml: Add the entry of perl sprintf vulnerability (CVE-2005-3962) Message-ID: <20060102055009.AA73211498@koma2-45.wins.timedia.co.jp> Resent-Message-ID: <200601020600.k0260Ham021461@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 91202 >Category: ports >Synopsis: security/vuxml: Add the entry of perl sprintf vulnerability (CVE-2005-3962) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Jan 02 06:00:16 GMT 2006 >Closed-Date: >Last-Modified: >Originator: KOMATSU Shinichiro >Release: FreeBSD 5.4-RELEASE-p8 i386 >Organization: >Environment: FreeBSD 5.4-RELEASE-p8 i386 >Description: Patch for CVE-2005-3962 (fixes for sprintf formatting issues) has already been fixed in ports tree, but not documented in VuXML. Note that perl 5.6.2 is not marked as vulnerable by Bugtraq, I am not certain whether it is true or not. >How-To-Repeat: >Fix: Index: vuln.xml =================================================================== RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v retrieving revision 1.920 diff -u -r1.920 vuln.xml --- vuln.xml 1 Jan 2006 21:40:15 -0000 1.920 +++ vuln.xml 2 Jan 2006 05:25:29 -0000 @@ -34,6 +34,52 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="bb33981a-7ac6-11da-bf72-00123f589060"> + <topic>perl, webmin, usermin -- perl format string integer wrap vulnerability</topic> + <affects> + <package> + <name>perl</name> + <range><ge>5.6.0</ge><lt>5.6.2</lt></range> + <range><ge>5.8.0</ge><lt>5.8.7_1</lt></range> + </package> + <package> + <name>webmin</name> + <range><lt>1.250</lt></range> + </package> + <package> + <name>usermin</name> + <range><lt>1.180</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>According to Perl Development page:</p> + <blockquote cite="http://dev.perl.org/perl5/news/2005/perl_patches_fix_sprintf_buffer.html">; + <p>Dyad Security recently released a security advisory + explaining how in certain cases, a carefully crafted format string + passed to sprintf can cause a buffer overflow. This buffer overflow + can then be used by an attacker to execute code on the machine. + This was discovered in the context of a design problem with the Webmin + administration package that allowed a malicious user to pass + unchecked data into sprintf.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2005-3912</cvename> + <cvename>CVE-2005-3962</cvename> + <bid>15629</bid> + <url>http://www.dyadsecurity.com/perl-0002.html</url>; + <url>http://www.dyadsecurity.com/webmin-0001.html</url>; + <url>http://dev.perl.org/perl5/news/2005/perl_patches_fix_sprintf_buffer.html</url>; + <url>http://www.webmin.com/security.html</url>; + </references> + <dates> + <discovery>2005-09-23</discovery> + <entry>2006-01-02</entry> + </dates> + </vuln> + <vuln vid="9fff8dc8-7aa7-11da-bf72-00123f589060"> <topic>apache -- mod_imap cross-site scripting flaw</topic> <affects> >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060102055009.AA73211498>