oss-sec mailing list archives
CVE Request -- gpsd 3.9 fixing a denial of service flaw
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Thu, 2 May 2013 05:58:48 -0400 (EDT)
Hello Kurt, Steve, Eric, Miroslav, vendors, GPSD upstream has released 3.9 version: [1] http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html correcting one denial of service problem [2]: A denial of service flaw was found in the way AIS driver packet parser of gpsd, a service daemon for mediating access to a GPS, processed certain malformed packets. A remote attacker could provide a specially-crafted device input that, when processed would lead to gpsd's packet parser crash (gpsd daemon termination). References: [2] https://bugzilla.redhat.com/show_bug.cgi?id=958717 Candidate upstream patches [*]: [3] http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=08edc49d8f63c75bfdfb480b083b0d960310f94f [4] http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50 -- [*] Candidate because upstream #38511 is private currently: http://savannah.nongnu.org/bugs/?38511 => hard to say if [3] is fixing this issue, or the DoS would be caused by the malformed packet crash / sample, as listed in [4]. @Eric - Eric, could you please help us to solve this doubt? (which of the patches is the correct one to fix the above mentioned DoS / security issue) Thanks: Goes to Miroslav Lichvar for bringing this one to my attention. Kurt, could you allocate a CVE identifier for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- gpsd 3.9 fixing a denial of service flaw Jan Lieskovsky (May 02)
- Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Kurt Seifried (May 02)
- Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Eric S. Raymond (May 02)
- Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Jan Lieskovsky (May 03)
- Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Jan Lieskovsky (May 07)
- Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Eric S. Raymond (May 07)
- Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Eric S. Raymond (May 02)
- Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Kurt Seifried (May 02)