ports/129959: [patch] [vuxml] net/vinagre: fix security issue and
update to 0.5.2
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Fri Dec 26 09:10:03 PST 2008
>Number: 129959
>Category: ports
>Synopsis: [patch] [vuxml] net/vinagre: fix security issue and update to 0.5.2
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Dec 26 17:10:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Eygene Ryabinkin
>Release: FreeBSD 7.1-PRERELEASE amd64
>Organization:
Code Labs
>Environment:
System: FreeBSD 7.1-PRERELEASE amd64
>Description:
CORE Security Technologies informed about vulnerability in vinagre:
-----
A format string error has been found on the 'vinagre_utils_show_error()'
function that can be exploited via commands issued from a malicious
server containing format string specifiers on the VNC name.
In a web based attack scenario, the user would be required to connect to
a malicious server. Successful exploitation would then allow the
attacker to execute arbitrary code with the privileges of the Vinagre user.
-----
Advisory says about 2.24.2 as the first non-vulnerable version. The
update to the branch 2.24 were made at 05 Dec 2008. The corresponding
update to the 0.5 branch were made at 05 Dec 2008 and the new version is
0.5.2.
Fix for 2.24 is here:
http://svn.gnome.org/viewvc/vinagre/branches/gnome-2-24/src/vinagre-utils.c?r1=490&r2=525&view=patch
Fix for 0.5.2 was merged from branch gnome-2-22:
http://svn.gnome.org/viewvc/vinagre/tags/VINAGRE_0_5_2/src/vinagre-utils.c?view=log
And the fix for branch gnome-2-22,
http://svn.gnome.org/viewvc/vinagre/branches/gnome-2-22/src/vinagre-utils.c?r1=252&r2=528&pathrev=528
is the same as for 2.24.
>How-To-Repeat:
http://www.coresecurity.com/content/vinagre-format-string
http://ftp.gnome.org/pub/GNOME/sources/vinagre/0.5/vinagre-0.5.2.news
http://ftp.gnome.org/pub/GNOME/sources/vinagre/2.24/vinagre-2.24.2.news
>Fix:
The following patch updates the port to 0.5.2 thus fixing the security
issue:
--- update-to-0.5.2.diff begins here ---
>From 92848964e91e45011537456d4424c5968313cac2 Mon Sep 17 00:00:00 2001
From: Eygene Ryabinkin <rea-fbsd at codelabs.ru>
Date: Fri, 26 Dec 2008 19:41:40 +0300
0.5.2 fixes security issue discovered by CORE Security Technologies:
http://www.coresecurity.com/content/vinagre-format-string
http://ftp.gnome.org/pub/GNOME/sources/vinagre/0.5/vinagre-0.5.2.news
Signed-off-by: Eygene Ryabinkin <rea-fbsd at codelabs.ru>
---
net/vinagre/Makefile | 3 +--
net/vinagre/distinfo | 6 +++---
2 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/net/vinagre/Makefile b/net/vinagre/Makefile
index f4dad51..661184c 100644
--- a/net/vinagre/Makefile
+++ b/net/vinagre/Makefile
@@ -7,8 +7,7 @@
#
PORTNAME= vinagre
-PORTVERSION= 0.5.1
-PORTREVISION= 3
+PORTVERSION= 0.5.2
CATEGORIES= net gnome
MASTER_SITES= ${MASTER_SITE_GNOME}
MASTER_SITE_SUBDIR= sources/${PORTNAME}/${PORTVERSION:C/^([0-9]+\.[0-9]+).*/\1/}
diff --git a/net/vinagre/distinfo b/net/vinagre/distinfo
index ffe1f67..e8cb385 100644
--- a/net/vinagre/distinfo
+++ b/net/vinagre/distinfo
@@ -1,3 +1,3 @@
-MD5 (gnome2/vinagre-0.5.1.tar.bz2) = 48e0079631952216743720fa1c59f621
-SHA256 (gnome2/vinagre-0.5.1.tar.bz2) = 971d32e74b553a68babfed14bedb1118c9882e1f1e5614889ec6f0795885e2a3
-SIZE (gnome2/vinagre-0.5.1.tar.bz2) = 1048927
+MD5 (gnome2/vinagre-0.5.2.tar.bz2) = abf277899e28ec9beea9a2f7c331267d
+SHA256 (gnome2/vinagre-0.5.2.tar.bz2) = b45f084343ad892bc303e2d0dada186d588ae6f0ccc419340024a2533e5a775b
+SIZE (gnome2/vinagre-0.5.2.tar.bz2) = 1031512
--
1.6.0.6
--- update-to-0.5.2.diff ends here ---
The following VuXML entry should be evaluated and added:
--- vuln.xml begins here ---
<vuln vid="214e8e07-d369-11dd-b800-001b77d09812">
<topic>vinagre -- format string vulnerability</topic>
<affects>
<package>
<name>vinagre</name>
<range><lt>0.5.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>CORE Security Technologies reports:</p>
<blockquote
cite="http://www.coresecurity.com/content/vinagre-format-string">
<p>A format string error has been found on the
vinagre_utils_show_error() function that can be exploited via
commands issued from a malicious server containing format
string specifiers on the VNC name.</p>
<p>In a web based attack scenario, the user would be required
to connect to a malicious server. Successful exploitation
would then allow the attacker to execute arbitrary code with
the privileges of the Vinagre user.</p>
</blockquote>
</body>
</description>
<references>
<bid>32682</bid>
<url>http://www.coresecurity.com/content/vinagre-format-string</url>
<url>http://ftp.gnome.org/pub/GNOME/sources/vinagre/0.5/vinagre-0.5.2.news</url>
</references>
<dates>
<discovery>09-12-2008</discovery>
<entry>TODAY</entry>
</dates>
</vuln>
--- vuln.xml ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-gnome
mailing list