ports/91202: security/vuxml: Add the entry of perl sprintf vulnerability (CVE-2005-3962)
KOMATSU Shinichiro
koma2 at lovepeers.org
Mon Jan 2 06:00:19 UTC 2006
>Number: 91202
>Category: ports
>Synopsis: security/vuxml: Add the entry of perl sprintf vulnerability (CVE-2005-3962)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 02 06:00:16 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: KOMATSU Shinichiro
>Release: FreeBSD 5.4-RELEASE-p8 i386
>Organization:
>Environment:
FreeBSD 5.4-RELEASE-p8 i386
>Description:
Patch for CVE-2005-3962 (fixes for sprintf formatting issues)
has already been fixed in ports tree, but not documented in VuXML.
Note that perl 5.6.2 is not marked as vulnerable by Bugtraq,
I am not certain whether it is true or not.
>How-To-Repeat:
>Fix:
Index: vuln.xml
===================================================================
RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.920
diff -u -r1.920 vuln.xml
--- vuln.xml 1 Jan 2006 21:40:15 -0000 1.920
+++ vuln.xml 2 Jan 2006 05:25:29 -0000
@@ -34,6 +34,52 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="bb33981a-7ac6-11da-bf72-00123f589060">
+ <topic>perl, webmin, usermin -- perl format string integer wrap vulnerability</topic>
+ <affects>
+ <package>
+ <name>perl</name>
+ <range><ge>5.6.0</ge><lt>5.6.2</lt></range>
+ <range><ge>5.8.0</ge><lt>5.8.7_1</lt></range>
+ </package>
+ <package>
+ <name>webmin</name>
+ <range><lt>1.250</lt></range>
+ </package>
+ <package>
+ <name>usermin</name>
+ <range><lt>1.180</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>According to Perl Development page:</p>
+ <blockquote cite="http://dev.perl.org/perl5/news/2005/perl_patches_fix_sprintf_buffer.html">
+ <p>Dyad Security recently released a security advisory
+ explaining how in certain cases, a carefully crafted format string
+ passed to sprintf can cause a buffer overflow. This buffer overflow
+ can then be used by an attacker to execute code on the machine.
+ This was discovered in the context of a design problem with the Webmin
+ administration package that allowed a malicious user to pass
+ unchecked data into sprintf.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2005-3912</cvename>
+ <cvename>CVE-2005-3962</cvename>
+ <bid>15629</bid>
+ <url>http://www.dyadsecurity.com/perl-0002.html</url>
+ <url>http://www.dyadsecurity.com/webmin-0001.html</url>
+ <url>http://dev.perl.org/perl5/news/2005/perl_patches_fix_sprintf_buffer.html</url>
+ <url>http://www.webmin.com/security.html</url>
+ </references>
+ <dates>
+ <discovery>2005-09-23</discovery>
+ <entry>2006-01-02</entry>
+ </dates>
+ </vuln>
+
<vuln vid="9fff8dc8-7aa7-11da-bf72-00123f589060">
<topic>apache -- mod_imap cross-site scripting flaw</topic>
<affects>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list