oss-security - Re: CVE id request: Multiple buffer overflow in unixODBC

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <4FC502E8.6080102@redhat.com>
Date: Tue, 29 May 2012 11:10:00 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Felipe Pena <felipensp@...il.com>
Subject: Re: CVE id request: Multiple buffer overflow in unixODBC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/29/2012 06:42 AM, Felipe Pena wrote:
> Hi, please assign a CVE id for the issue:
> 
> Multiple buffer overflow in unixODBC ===========================
> 
> The library unixODBC doesn't check properly the input from
> FILEDSN=, DRIVER= options in the DSN, which causes buffer overflow
> when passed to the SQLDriverConnect() function.
> 
> The unixODBC maintainer has been notified about the issue.
> 
> Version affected ============
> 
> FILEDSN= as of 2.0.10 DRIVER= as of 2.3.1
> 
> PoC ===
> 
> $ ./poc "FILEDSN=$(python -c "print 'A'*10000")" Segmentation
> fault
> 
> (gdb) bt #0  0x00007ffff7bc8c81 in SQLReadFileDSN
> (pszFileName=<value optimized out>, pszAppName=<value optimized
> out>, pszKeyName=<value optimized out>, pszString=<value optimized
> out>, nString=<value optimized out>, pnString=<value optimized
> out>) at SQLReadFileDSN.c:207 #1  0x4141414141414141 in ?? ()
> 
> 
> CREDITS =======
> 
> This bug was discovered by Felipe Pena. BugSec Team -
> http://www.bugsec.com.br/

Splitting into two CVE's due to the different versions affected:

Please use CVE-2012-2657 for unixODBC 2.0.10 buffer overflow in FILEDSN=

Please use CVE-2012-2658 for unixODBC 2.3.1 buffer overflow in DRIVER=


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIbBAEBAgAGBQJPxQLnAAoJEBYNRVNeJnmTiloP+KTgTGtz1zQArKVZLkypLSIf
6ZTpQ4TZCv961JBQjn6aR682hGHFwWbAWehqDNVhJTJ+aolnQqVvNb4r7B+jBNAj
opCQLQ86FyjwLGjh5SP2n38rQIp5mfZHXZJfqugHayD1ovCHXNq6ScaFm2hTwhYp
1sWNZJ9UUYtWjbeILR4PQZuSED8w2+5m6oZRtyZ7FqJSW8e1fMzuYsGImxXXMGTG
CjKOuzizzbtnaPdGVOiL0rolwGDGfqcmaZPCQpg2eYLCuYAtUf2yLhUkiFIsMMOO
JFrlWG00gZtqIDiaIJeeGhWg5BoDNJzaDtuZ1Mg3OtS42tR3wFIzRnCmqjAMLsZa
BSrYa2IczAJIvJPFWOTcHXlHkWmjmhl3K3Dwy04r4gmMvg0wOyeUtf4VdjvbHHQu
IQ0R1vVaVDWlfrq3kGxnB6ZMBJjUdJ41olKjpZB6k5PJWcYI+lfgG8t2diBldZ8Z
gvMn5yiIxTX08ad7doXbmhRp14u06zfNoqHz671G/pcw70DO4Th9oVjrujqrCtyT
JOmb7aWAQu9cGsdP/c3rpL9mrMG7a/e8yc6BOtVi3OQFlGOc8oecqDB0KB2tSeLm
yrgM1lhF7ZScaEMmAiogikiqoLvZy1Ol4niRZTquG/9HkHYatNePFJMhC8GpJqEL
LReUsHTvMoaWsyjUoD8=
=QCpI
-----END PGP SIGNATURE-----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.