oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: plone, rrdtool, zenoss bugs

From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 24 May 2013 01:37:59 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/19/2013 04:06 AM, Henri Salo wrote:

On Thu, Apr 18, 2013 at 02:05:42PM +0200, Thomas Pollet wrote:

Also, the rrdtool python module crashes on format string exploit 
$ python -c "import rrdtool 
rrdtool.graph('/tmp/out.png','-f','%n%n')" Segmentation fault

this module is used by zenoss to create graphs (zenoss users are
able to pass arguments to rrdtool).


Tested Debian wheezy packages:

python-rrdtool 1.4.7-2 python2.7 2.7.3-6

Backtrace attached. Might affect other software too. Debian bug:
http://bugs.debian.org/708866

--- Henri Salo



Ho likely is an attacker to be able to pass a format string to it though?

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRnxjXAAoJEBYNRVNeJnmTJa8P/jwtm8WAre0mftB424RhAsb/
+CcogzHLLJ1fkUK2ri4qHlzctq4ttsw2Pfb9kvm6k9U/reMK00HThCNk1V45ulq0
ukW5lGm/yqIREiEt4pJ/eCVD+bsMy5W1ebhbYfE3lLaEr3wWr/3BkcOMfvJq+DPP
zlbmGrT5okyBpmU5B72KRq1fsk3Od+AQkTcXBYpDHESFUhwJhYUlni+NGpW1m6iC
TV1E1iXpLzSYyVUrwDExrJDQVBCpGPZ80lXzPOcsSL/GkVxFX0hqIrXadUkwesSN
bafmkH/uB82oU1+Hnkc457kZJFKqFXLVPP5NqJVnEdg2DsS1ZFkN5qrr22TMOuCf
Wsa7baH+UNlgFRAfsuHvg4Bo10pOnBtIzCmSu9bsZlADERybbmzqXKENu5TtXpN/
2espKnmWR6R7S1FOUcKqdk0KpuLni7VgHL+3x4kLPM7WAzTJIMLI++DE+aT2LZJr
ltz4u+P4GCR44dBdoTvRg1Q9YAiCjxPC8lWM7cc0Fe5BA+IbgxLcBRyRtYKt9Nwu
GySiWegva670RYXk7wVFNj/cPaJCXK9ZBrliNAmQrFzF0QaYjaW+dFVTpmWG4yUM
Teg8c8Txt1SZ85tu8yym955ddAdYQ0leIKGuBgCmTMBkWoD9XVPlLvwwOxs2MHtl
xAfoxPZ6xj3JhAxs19wA
=Y8Ch
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: