[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Pan-devel] Re: Buffer overflow in pan when parsing .nzb files
From: |
darren |
Subject: |
Re: [Pan-devel] Re: Buffer overflow in pan when parsing .nzb files |
Date: |
Thu, 29 May 2008 05:42:56 -0700 |
User-agent: |
RoundCube Webmail/0.1-rc2 |
On Thu, 29 May 2008 07:30:12 +0000 (UTC), Duncan <address@hidden>
wrote:
> Pavel Polischouk
> <address@hidden> posted
> address@hidden, excerpted below, on Wed, 28 May 2008
23:12:22
> -0400:
>
>> I discovered a heap overflow in pan 0.132, part of the code reading .nzb
>> files (either from tasks.nzb or elsewhere). Usually it results in
>> assertion failure, but in certain cases might lead to segmentation
>> fault, arbitrary code execution shouldn't be ruled out either.
>
>> The bug is tracked in RedHat bugzilla for Fedora 9:
>> https://bugzilla.redhat.com/show_bug.cgi?id=446902 There are some stack
>> traces from failed assertion and segmentation faults caused by this bug,
>> as well as some trigger .nzb files attached to that bugzilla entry.
>>
>> The proposed patch: https://bugzilla.redhat.com/attachment.cgi?id=306880
>>
>> Signed-off by: Pavel Polischouk
>> <address@hidden>
>
> Thanks. It's now filed in gnome/pan's buzilla, and since I'm a Gentoo
> user, I've filed a bug there as well.
>
> http://bugzilla.gnome.org/show_bug.cgi?id=535413
> http://bugs.gentoo.org/show_bug.cgi?id=224051
>
> To keep the info together, here's the URL for the CVE entry you filed as
> well, altho currently all it says is "reserved".
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2363
>
> --
> Duncan - List replies preferred. No HTML msgs.
> "Every nonfree program has a lord, a master --
> and if you use the program, he is your master." Richard Stallman
>
Bug report filed in Launchpad for Ubuntu and I am heading to Debian's
bugtracker now to file it there as well.