Re: [FDSA] Multiple Vulnerabilities in Your Computer (all versions)

[3APA3A <3APA3A () SECURITY NNOV RU>]

Well, I cant' say it's all fake... It's all junk.

FD> OpenSSL 0.9.7j
FD>   openssl-0.9.7j/fips-1.0/aes/fips_aesavs.c 973: User supplied data
FD> copied into fixed length buffer on the stack with no length
FD> verification.

Buffer  overflow in non-suid test application (not compiled by default).
Not security.

FD> SSH 3.2.9.1
FD>   ssh-3.2.9.1/lib/zlib/contrib/minizip/minizip.c 187: User supplied
FD> data copied into fixed length buffer on the stack with no length
FD> verification.

Identical to CVE-2007-1657 and is probably fixed in the same time. Local
overflow in non-suid application (minizip). Do not affect SSH. Only this
one can be considered as low risk vulnerability.

FD> Apache 1.3.37
FD>   src/regex/split.c 164: User supplied data copied into fixed length
FD> buffer on the stack with no length verification.

Local  buffer  overflow  in  non-suid  test  application,  which  is not
compiled by default. Not security.

FD> Samba 3.0.25b
FD>   samba-3.0.25b/source/popt/poptparse.c 27: Integer overflow in size_t
FD> which is later used in heap allocation. Buffer then copied into this
FD> memory resulting in heap overflow.

This one is fake.

    size_t nb = (argc + 1) * sizeof(*argv);

    ...
    
        nb += strlen(argv[i]) + 1;

    ...
        
    dst = malloc(nb);
        
Mathematical  provement:

nb <= memory already allocated for argc and argv < size of address space
nb < size of address space
QED


-- 
~/ZARAZA http://securityvulns.com/
Всегда будем рады послушать ваше чириканье (Твен)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/