GLSA 200810-01: WordNet: Execution of arbitrary code
| Опасность: | средняя |
| Заголовок: | WordNet: Execution of arbitrary code |
| Дата: | 07.10.2008 |
| Ошибки: | |
| ID: | 200810-01 |
Сводка
Multiple vulnerabilities were found in WordNet, possibly allowing for the execution of arbitrary code.Назначение
WordNet is a large lexical database of English.
Уязвимые пакеты
| Пакет | Уязвимый | Нетронутый | Архитектура(ы) |
|---|---|---|---|
| app-dicts/wordnet | < 3.0-r2 | >= 3.0-r2 | All supported architectures |
Описание
Jukka Ruohonen initially reported a boundary error within the searchwn() function in src/wn.c. A thorough investigation by the oCERT team revealed several other vulnerabilities in WordNet:
- Jukka Ruohonen and Rob Holland (oCERT) reported multiple boundary errors within the searchwn() function in src/wn.c, the wngrep() function in lib/search.c, the morphstr() and morphword() functions in lib/morph.c, and the getindex() in lib/search.c, which lead to stack-based buffer overflows.
- Rob Holland (oCERT) reported two boundary errors within the do_init() function in lib/morph.c, which lead to stack-based buffer overflows via specially crafted "WNSEARCHDIR" or "WNHOME" environment variables.
- Rob Holland (oCERT) reported multiple boundary errors in the bin_search() and bin_search_key() functions in binsrch.c, which lead to stack-based buffer overflows via specially crafted data files.
- Rob Holland (oCERT) reported a boundary error within the parse_index() function in lib/search.c, which leads to a heap-based buffer overflow via specially crafted data files.
Воздействие
- In case the application is accessible e.g. via a web server, a remote attacker could pass overly long strings as arguments to the "wm" binary, possibly leading to the execution of arbitrary code.
- A local attacker could exploit the second vulnerability via specially crafted "WNSEARCHDIR" or "WNHOME" environment variables, possibly leading to the execution of arbitrary code with escalated privileges.
- A local attacker could exploit the third and fourth vulnerability by making the application use specially crafted data files, possibly leading to the execution of arbitrary code.
Обход
There is no known workaround at this time.
Решение
All WordNet users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-dicts/wordnet-3.0-r2"
Ссылки
Наличие
Этот GLSA и любые обновления для нее доступны для просмотра на сайте Gentoo Security:
Опасения?
Безопасность является одной из главных задач Gentoo Linux и первостепенное значение обеспечить конфиденциальность и безопасность машин наших пользователей. Любые соображения безопасности должны быть адресованы security@gentoo.org или в качестве альтернативы, вы можете сообщить об ошибке на https://bugs.gentoo.org.
Лицензия
Copyright 2010 Gentoo Foundation, Inc; текст ссылки принадлежит его владельцу(ам). Содержание этого документа распространяется на условиях лицензии Creative Commons - Attribution / Share Alike.