oss-sec mailing list archives
CVE-Request: dpkg handling of 'control' and warnings format string vulnerability
From: Joshua Rogers <oss () internot info>
Date: Thu, 06 Nov 2014 17:07:07 +1100
A format string vulnerability vuln has been found in the latest version of dpkg. https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135 An example is: https://internot.info/docs/dpkg_fstring.deb
dpkg -i --dry-run '/home/www/www.internot.info/htdocs/docs/dpkg_fstring.deb' dpkg: warning: parsing file '/tmp/dpkg.heOSnC/control' near line 2 package 'backup:01f15700.00431828.00000001.00000001.0000001a': '%08x.%08x.%08x.%08x.%08x Description: Stuff maintainer: Joshua Rogers version: 1 ' is not a valid architecture name: escription: Stuff maintainer: Joshua Rogers version: 1
The vulnerable function, warningv([..]), is called in many other places, and is not limited to '-i'. Could I get a CVE-ID for this? Thanks -- -- Joshua Rogers <https://internot.info/>
Current thread:
- CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Rogers (Nov 05)
- Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability cve-assign (Nov 06)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Seth Arnold (Nov 06)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Rogers (Nov 06)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Sven Kieske (Nov 07)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Rogers (Nov 07)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Seth Arnold (Nov 06)
- Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability cve-assign (Nov 06)
- Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Roers (Nov 15)