Re: CVE-request: plow buffer overflow vulnerability

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/11/2012 06:32 AM, Henri Salo wrote:
> Can you assign 2012 CVE-identifier for plow buffer overflow issue
> reported in here: http://seclists.org/bugtraq/2012/Jul/22
>
> After discussion with Pereira I checked several versions of the
> code and affected code is at least in versions 0.0.1, 0.0.2. Sorry
> but I was unable to find proper version control commits. Version
> 0.0.1 is still suggested at least in sourceforge page
> http://sourceforge.net/projects/plow.berlios/
>
> I am unable to compile this software in my Debian stable or
> unstable system so I can't verify these using the PoC.
>
> - Henri Salo

Please use CVE-2012-3407 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP/ba3AAoJEBYNRVNeJnmTzYsQAJDgqJIaHLjZZ24Zm4YgDDD4
ks/4AAGD78fA8VnFeKsYnHwYBc9+Zj4G4d1/V+WkI2Aet7F87yEwf5CPKFVWqoYc
91tobDOeorLPZ9GJ1RfTDW5fNEQQm9bpEudCc6pkJyuKIVkVWLbeE1Zmb5E6lcbK
/jEDWIB3uC7RTh+LAAlNkMVckPfFBhIPsrG8W1KclynbkvKEAo3Ph+aboa89dWKf
pV90mQdaS9huZLK0WcwDg6EuBXKif+PzttgwM6Rghd+Kreh6GgJiedYwggJqS21S
lI6dPsBR/ITl0B+eGyYliDTwSR8+VoK6eOjDqMWHXUyz+MCGku4z5pkLY5VkDmG9
NGVKRk6fXXPTcAWWWqP4hCQxFV94Fu+v7+fpb9kZjDrt6tPPt7qvuewGoPOcwCuF
z6rImm0H88V19yIWtKSfeK9JNrauTNLlCWvz+c+d1hRCxvULHXG6bq1mV9s6XY2m
LfMvCxGgh/syz0FQAxo2BFOr92g4/nncq80FSNBuqh5p4of1efuXI7wqz4haIhIN
H9IYxWMPnGI+dPLPDa7PApsGWGDxk+d+Bi+4MkQceWA0z0bRpcQmE30RKMvnhtkp
Pe9H9QhX63S3YYfeBKE9ao4mPpNjpAQ3PqXdocz7NllRm/4dUQlsg3NUkRn8xG1G
9Po3fy+nvhByJx3NPPvz
=VvFI
-----END PGP SIGNATURE-----