oss-sec mailing list archives
Re: CVE request: echoping buffer overflow vulnerabilities
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 21 Oct 2013 14:14:07 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/21/2013 12:04 AM, Moritz Muehlenhoff wrote:
On Fri, Oct 18, 2013 at 10:35:18PM -0600, Kurt Seifried wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/17/2013 05:18 AM, Sergey Popov wrote:Echoping 6.0.2 and before contains several buffer overflow vulnerabilities that can lead to execution of arbitrary code on the system or cause the application to crash. Bug report in Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=349569 Some additional info: http://xforce.iss.net/xforce/xfdb/64141 http://secunia.com/advisories/42619/ Issue is fixed in upstream[1], but no release yet. Please assign a CVE for this, thanks. [1] - http://sourceforge.net/p/echoping/bugs/55/Please use CVE-2013-4448 for this issue.This should receive a CVE-2010-xxxx ID. It was originally reported to the Debian BTS in December 2010 (as linked in the sf bugtracker): http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606808 Cheers, Moritz
COrrect, I wasn't paying attention to the created/etc dates. Please REJECT CVE-2013-4448 and use CVE-2010-5111 instead. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSZYsOAAoJEBYNRVNeJnmT6joP/0V7xtZpJ0LRQBATuBANncYh aqrLie9+VuUhkYHzX2Cng/3kycy150OaqfLRHwz/qGeeUvCpvp0Ks4r2m3onXFfK hAZbJoFVK5jqwc91LNeUXm3i8X9UWS9lDcoxxQNlBROWKcphhzEl8oV12f5JjI82 sN42NRJGS5bDqXSIepzlymHZbslpn4pJYKgq61oVe2+/Ag6rpaVExFFCnBj3Qskb zUaOQfzL6OhgN8iIHTdKGJQiJDHCFeD3E4n306j9gKmGr4eqKewd7Qqju4lsreeh Lv89eOE7k5Pvsxusc8aDDX7pmntPPgRk5ei4WF7a+8Wv7BGLl50EF7b06b9J/pgU RyWGPTy3Je47xFfsM4whrlVLtnyLjmlTSf30DBWapnJenvkpergfcBrRdQvOhkLA tjyCpsmAPI8G4m7AlvV+fzUWHL9LMbrESDMwmTRXlpiHIjBlAR+kXenyUjiw5KHV 9l1o5fB9jdaWUrYbx9IHEwXObHhKDVtRWwN8Az1d8J8/AaNBi/yWRfFYm3zFlGvQ g/siJ+XfiTnI+STKx7FbHVXWQOLvpqfHE52p2sqdUzU5VzhtTfp0VSc99tU4Omzf 7wGw6K954NXCm9oVVe51ZAR6q9baOnA46tkolqxfZZ9kqocpPxMDz6A30KrKJGc4 Mc2pq05aKrasEmn9bWMn =5CSE -----END PGP SIGNATURE-----
Current thread:
- CVE request: echoping buffer overflow vulnerabilities Sergey Popov (Oct 17)
- Re: CVE request: echoping buffer overflow vulnerabilities Kurt Seifried (Oct 18)
- Re: CVE request: echoping buffer overflow vulnerabilities Moritz Muehlenhoff (Oct 20)
- Re: CVE request: echoping buffer overflow vulnerabilities Kurt Seifried (Oct 21)
- Re: CVE request: echoping buffer overflow vulnerabilities Moritz Muehlenhoff (Oct 20)
- Re: CVE request: echoping buffer overflow vulnerabilities Kurt Seifried (Oct 18)