Hello,
here is my report for March 2006:
DSA's
=====
DSA-995-1 metamail
DSA-1010-1 ilohamail
Bugs
====
#359064: php4-cli: crashes when a script includes itself
#359071: rrdtool: crashes when restoring malformed XML file
#359081: rrdtool: crashes with malformed graph cdef command
The metamail buffer overflow is a bit unusual, in that it is caused by
malloc()-ing a fixed amount of memory, and then copying a potentially longer
string to it. In my experience, heap overflows are more often caused by
calculating the amount needed to malloc() and getting it wrong.
The rrdtool bugs are both caused by bad usage of sscanf(), either sscanf(long,
"%s", short) or sscanf(long, "%255s", short) where short is shorter than 255
characters. (A couple of days after filing them, I saw a presentation about the
.SE Internet top level domain with some friends. The .SE guy used rrdtool
extensively in the presentation..)
The ilohamail bug (which we'll soon have to celebrate birthdays for, in its
unstable/testing incarnation) was found with a black-box approach, which is
unusual for me. I almost always find vulnerabilities by reading code.
I've also done other hopefully useful things for Debian and its security, like
filing bugs for other people's vulnerabilities.
Did anyone else have the time for any auditing or other related things recently?
// Ulf
--
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com
Powered by Outblaze
|
