oss-sec mailing list archives
Re: CVE request: echoping buffer overflow vulnerabilities
From: Moritz Muehlenhoff <jmm () debian org>
Date: Mon, 21 Oct 2013 08:04:28 +0200
On Fri, Oct 18, 2013 at 10:35:18PM -0600, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/17/2013 05:18 AM, Sergey Popov wrote:Echoping 6.0.2 and before contains several buffer overflow vulnerabilities that can lead to execution of arbitrary code on the system or cause the application to crash. Bug report in Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=349569 Some additional info: http://xforce.iss.net/xforce/xfdb/64141 http://secunia.com/advisories/42619/ Issue is fixed in upstream[1], but no release yet. Please assign a CVE for this, thanks. [1] - http://sourceforge.net/p/echoping/bugs/55/Please use CVE-2013-4448 for this issue.
This should receive a CVE-2010-xxxx ID. It was originally reported to the Debian BTS in December 2010 (as linked in the sf bugtracker): http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606808 Cheers, Moritz
Current thread:
- CVE request: echoping buffer overflow vulnerabilities Sergey Popov (Oct 17)
- Re: CVE request: echoping buffer overflow vulnerabilities Kurt Seifried (Oct 18)
- Re: CVE request: echoping buffer overflow vulnerabilities Moritz Muehlenhoff (Oct 20)
- Re: CVE request: echoping buffer overflow vulnerabilities Kurt Seifried (Oct 21)
- Re: CVE request: echoping buffer overflow vulnerabilities Moritz Muehlenhoff (Oct 20)
- Re: CVE request: echoping buffer overflow vulnerabilities Kurt Seifried (Oct 18)