Public bug reported:
---------- Forwarded message ----------
From: Anon Sricharoenchai <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>, Ubuntu Bug Tracking System
<[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Date: Mon, 19 Jun 2006 21:09:17 -0700 (PDT)
Subject: mimms: patch to fix many buffer overflows vulnerability
Package: mimms
Version: 0.0.9-1
Severity: grave
Justification: user security hole
Tags: security patch
According to the patch attached in this report, it has many possible buffer
overflows.
For example,
- memcpy(buf, data, length) without bounding the limit of "length",
while "length" depend on the input data incoming from the internet.
- read(s, data, BUF_SIZE) in main(), where BUF_SIZE is much greater than
sizeof(data) which is only 1024 chars allocated in main(), while
BUF_SIZE is defined as 1024*128.
-- System Information:
Debian Release: testing/unstable
Architecture: i386 (i686)
Kernel: Linux 2.6.10-5-386
Locale: LANG=C, LC_CTYPE=thai
Versions of packages mimms depends on:
ii libc6 2.3.5-1ubuntu12 GNU C Library: Shared libraries an
ii libgcc1 1:3.4.2-2ubuntu1 GCC support library
ii libpopt0 1.7-4 lib for parsing cmdline parameters
ii libstdc++5 1:3.3.4-9ubuntu5 The GNU Standard C++ Library v3
ii libuuid1 1.35-6ubuntu1 Universally unique id library
-- no debconf information
** Affects: mimms (Ubuntu)
Importance: Untriaged
Status: Unconfirmed
** Attachment added: "patch to fix many buffer overflows vulnerability in mimms"
http://librarian.launchpad.net/3152675/mimms-0.0.9.buffer_overflow.diff
--
patch to fix many buffer overflows vulnerability
https://launchpad.net/bugs/50932
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
