oss-sec mailing list archives

Re: CVE id request: Multiple buffer overflow in unixODBC

From: Henri Salo <henri () nerv fi>
Date: Wed, 30 May 2012 19:56:02 +0300

On Wed, May 30, 2012 at 10:07:02AM +0200, Tomas Hoger wrote:

On Tue, 29 May 2012 09:42:42 -0300 Felipe Pena wrote:

Multiple buffer overflow in unixODBC
===========================

The library unixODBC doesn't check properly the input from FILEDSN=,
DRIVER= options in the DSN, which causes buffer overflow when passed
to the SQLDriverConnect() function.


Reports like this - covering bugs in parsing of the configuration
parameters (i.e. generally trusted input) - should include some
reasoning why these should be considered security.  Nothing obvious not
intended to break PHP safe_mode comes to mind.

-- 
Tomas Hoger / Red Hat Security Response Team


Debian-report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675058

Maintainer is also asking why this is security related issue. Can I get short description thanks.

- Henri Salo

Current thread:

CVE id request: Multiple buffer overflow in unixODBC Felipe Pena (May 29)
- Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (May 29)
- Re: CVE id request: Multiple buffer overflow in unixODBC Tomas Hoger (May 30)
  - Re: CVE id request: Multiple buffer overflow in unixODBC Henri Salo (May 30)
  - Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (May 30)
    - Re: CVE id request: Multiple buffer overflow in unixODBC Felipe Pena (May 30)
    - Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (May 30)
    - Re: CVE id request: Multiple buffer overflow in unixODBC Felipe Pena (May 30)
    - Re: CVE id request: Multiple buffer overflow in unixODBC Tomas Hoger (May 31)
    - Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (Jun 05)