Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 10 Feb 2015 15:28:16 +0100
From: Hector Marco <hecmargi@....es>
To: cve-assign@...re.org
CC: oss-security@...ts.openwall.com
Subject: Re: Re: CVE-Request -- Google Email App 4.2.2 remote
 denial of service



El 09/02/15 a las 22:40, cve-assign@...re.org escribió:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>> A bug in the stock Google email application
>
> Is the source code and fix in 4.2.2.0400 the same as in:
>
>    https://src.chromium.org/viewvc/blink?revision=152293&view=revision
>
> ? If so, then it is an open-source vulnerability, and can have one
> CVE-2013-#### ID assigned here, even if the relevant HTTPParsers.cpp code
> is also bundled in one or more closed-source products.
>
> If it is independent source code that happens to have the same
> attack vector (the attack vector in
> http://hmarco.org/bugs/google_email_app_4.2.2_denial_of_service.html
> appears to be identical to the attack vector in the
> https://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/misc/resources/nearly-empty-content-disposition.php
> test), then revision 152293 could probably have a separate new
> CVE-2013-#### ID.

It is a different source code and fix. The source code is available in:

https://android.googlesource.com/platform/packages/apps/Email

Note that the HTTPParsers.cpp is the file which parses the headers but 
in the Email App this is done by the MimeUtility.java.

It seems that the Chromium bug is very similar to the Email one, but I 
think the attack vector is different since in the first case, it can be 
exploited by sending an email and in the second case by visiting a website.


Regards,
Hector Marco.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ