Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#698014: sshm: Format String Vulnerability
3 views
Skip to first unread message
Vincent Haupert
Jan 12, 2013, 3:30:03 PM1/12/13
to
Package: sshm
Version: 0.4.2-1
Severity: normal
sshm is vulnerable due to uncontrolled format string usage with sscanf. Furthermore a vulnerability caused by unsafe usage of std::cin exists.
Reproduction:
sscanf: create a entry/line in $HOME/.sshm to cause a segfault:
"a b c dddd /* d repeats about 200 times */"
std:cin: Create a new server entry with `sshm --add`. Enter a Hostname/IP longer than aprox. 250 characters. The application will claim, that only 85 characters are allowed. Type random data to finish the add dialog. The program will segfault.
Both vulnerabilities may be used to inject shellcode and therefore execute arbitrary code in a users context.
-- System Information:
Debian Release: 6.0.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages sshm depends on:
ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.4.5-8 GCC support library
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii openssh-client 1:5.5p1-6+squeeze2 secure shell (SSH) client, for sec
sshm recommends no packages.
sshm suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Version: 0.4.2-1
Severity: normal
sshm is vulnerable due to uncontrolled format string usage with sscanf. Furthermore a vulnerability caused by unsafe usage of std::cin exists.
Reproduction:
sscanf: create a entry/line in $HOME/.sshm to cause a segfault:
"a b c dddd /* d repeats about 200 times */"
std:cin: Create a new server entry with `sshm --add`. Enter a Hostname/IP longer than aprox. 250 characters. The application will claim, that only 85 characters are allowed. Type random data to finish the add dialog. The program will segfault.
Both vulnerabilities may be used to inject shellcode and therefore execute arbitrary code in a users context.
-- System Information:
Debian Release: 6.0.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages sshm depends on:
ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.4.5-8 GCC support library
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii openssh-client 1:5.5p1-6+squeeze2 secure shell (SSH) client, for sec
sshm recommends no packages.
sshm suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
0 new messages