oss-sec mailing list archives
Re: CVE id request for links2
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 10 Apr 2012 13:54:24 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/09/2012 08:43 PM, Nico Golde wrote:
Hi, we received the below bug report about memory handling problems in links2. Can someone assign CVE ids to this? Imho at list the first issue is debatable to not get an id. The infinite loop is also a non-issue from my point of view. Cheers Nico ----- Forwarded message from Mikulas Patocka <mikulas () artax karlin mff cuni cz> ----- Subject: Bug#668227: links2: security bugs in links Resent-To: debian-bugs-dist () lists debian org Resent-Date: Mon, 09 Apr 2012 22:09:02 +0000 From: Mikulas Patocka <mikulas () artax karlin mff cuni cz> To: Debian Bug Tracking System <submit () bugs debian org> Message-ID: <20120409220450.13982.86610.reportbug@hydra> X-Mailer: reportbug 4.12.6 Date: Tue, 10 Apr 2012 00:04:50 +0200 Package: links2 Version: 2.3~pre1-1 Severity: grave Tags: security Justification: user security hole I discovered some out of memory accesses in links2 graphics mode that could be potentially used to run exploits. I fixed them in links-2.6. For Debian Squeeze, I am sending this patch that backports the fixes to links-2.3pre1. Apply the patch and distribute patched packages links and links2 through security.debian.org. [...] This patch fixes: Buffer overflow when pasting too long text from clipboard to dialog boxes (not remotely exploitable)
Can this result in code execution?
A write out of allocated memory in the graphics rendeder (potentionally exploitable) An infinite loop when parsing invalid usemap specification in text and graphics mode (can cause browser lockup, but not otherwise exploitable) Accesses out of memory in the xbm decoder (potentionally exploitable)
Normally we count DoS's in web browsers due to the fact people tend to have a lot of tabs open, a DoS can be really annoying (e.g. you're in the middle of filling out some long email form) but links2 is of an earlier era, so a DoS in it is pretty non-impactful. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPhI/vAAoJEBYNRVNeJnmTHVAP/jJk0YWBwlKIxWLpzmpI94Oe mIaR8oo26UOspPzIv3yezGDTWtbVRmL2KFNYUEVi/CJdXsHgoJoMCSspNnP4kmFh chA56MUN1wo7OpXxeAf4zNdv5FnQgogjbvZyX/VTSF8DKnZ9ryHE6LFV7xO94gsn Ukjp9U9gAeISENiriDbSLVuImMgFC2uvVDahI6L6OYma9QtFMOUE5lQxLJn1eK4K qG1OdjuVcqb4FMhAizS/W3YrD0OdcDeVjXTES2poJghUUsFAYEgu5rlbG4ZLvIUp rqvtcutShUMm1U4sODQceUoBYSAZH8WoRtkh4G/HZofCsOvADYnCbnZbmEORn4cR pEaoXEUjGPdWpwgnzn3wWHP4AtJGlJep4OvmxMJGlTDPIZ2+BePVgxBy9BZzopFg ZFTJ6uW53yeDWEb/Fuw8YVOTZUqLCSvHl1MT6dRhEZc4FuRSBJthDDgeQrmkPd/a zx0dgMyLjHfNeMVMvSHU3WRSTixp1ujiELsljhdFwPT3lTMdkVIR2z06DXKTWJq2 bHF+dnoQtrqnv/X2mavQxjUh+du0tu0AtnyKuIa0wt05xDz+/rA7d8WEqR7R+FLF GBjVKzSXLeZegv/IFb/FCgXO2d/u13py+StPXcPMv8rOImM1rO4pkBn0RukHtmiX l0gaheOntYEvbJbW7XQV =3Lqr -----END PGP SIGNATURE-----
Current thread:
- CVE id request for links2 Nico Golde (Apr 09)
- Re: CVE id request for links2 Huzaifa Sidhpurwala (Apr 09)
- Re: CVE id request for links2 Kurt Seifried (Apr 10)
- Re: CVE id request for links2 Nico Golde (Apr 11)
- Re: CVE id request for links2 Kurt Seifried (May 05)
- Re: CVE id request for links2 Nico Golde (Apr 11)