oss-sec mailing list archives
Re: CVE-request: plow buffer overflow vulnerability
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 11 Jul 2012 11:24:07 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/11/2012 06:32 AM, Henri Salo wrote:
Can you assign 2012 CVE-identifier for plow buffer overflow issue reported in here: http://seclists.org/bugtraq/2012/Jul/22 After discussion with Pereira I checked several versions of the code and affected code is at least in versions 0.0.1, 0.0.2. Sorry but I was unable to find proper version control commits. Version 0.0.1 is still suggested at least in sourceforge page http://sourceforge.net/projects/plow.berlios/ I am unable to compile this software in my Debian stable or unstable system so I can't verify these using the PoC. - Henri Salo
Please use CVE-2012-3407 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP/ba3AAoJEBYNRVNeJnmTzYsQAJDgqJIaHLjZZ24Zm4YgDDD4 ks/4AAGD78fA8VnFeKsYnHwYBc9+Zj4G4d1/V+WkI2Aet7F87yEwf5CPKFVWqoYc 91tobDOeorLPZ9GJ1RfTDW5fNEQQm9bpEudCc6pkJyuKIVkVWLbeE1Zmb5E6lcbK /jEDWIB3uC7RTh+LAAlNkMVckPfFBhIPsrG8W1KclynbkvKEAo3Ph+aboa89dWKf pV90mQdaS9huZLK0WcwDg6EuBXKif+PzttgwM6Rghd+Kreh6GgJiedYwggJqS21S lI6dPsBR/ITl0B+eGyYliDTwSR8+VoK6eOjDqMWHXUyz+MCGku4z5pkLY5VkDmG9 NGVKRk6fXXPTcAWWWqP4hCQxFV94Fu+v7+fpb9kZjDrt6tPPt7qvuewGoPOcwCuF z6rImm0H88V19yIWtKSfeK9JNrauTNLlCWvz+c+d1hRCxvULHXG6bq1mV9s6XY2m LfMvCxGgh/syz0FQAxo2BFOr92g4/nncq80FSNBuqh5p4of1efuXI7wqz4haIhIN H9IYxWMPnGI+dPLPDa7PApsGWGDxk+d+Bi+4MkQceWA0z0bRpcQmE30RKMvnhtkp Pe9H9QhX63S3YYfeBKE9ao4mPpNjpAQ3PqXdocz7NllRm/4dUQlsg3NUkRn8xG1G 9Po3fy+nvhByJx3NPPvz =VvFI -----END PGP SIGNATURE-----
Current thread:
- CVE-request: plow buffer overflow vulnerability Henri Salo (Jul 11)
- Re: CVE-request: plow buffer overflow vulnerability Kurt Seifried (Jul 11)