Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Tue, 9 Sep 2008 10:46:16 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE id requests: gmanedit


On Sat, 6 Sep 2008, Steffen Joeris wrote:

> There are two possible buffer overflows in gmanedit. One is via crafted
> configuration file and the other one via crafted manual page.
> See the Debian bug report for more information.
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497835

Use CVE-2008-3971, which covers the manual page and (if it's
security-relevant) the configuration page.  Even though the source of
attack is different, the vuln type is the same.

Nico - I don't know the typical usage scenarios for gmanedit, but if the
design of the configuration file allows the user to define dangerous
actions (such as their own executable commands), then it's clearly not
intended for external influence and wouldn't count as a vuln in my book.
Still would be merged under CVE-2008-3971 if there's a scenario.

- Steve

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux