Debian Bug report logs - #687597
openslp-dfsg: CVE-2012-4428

Package: openslp-dfsg; Maintainer for openslp-dfsg is Debian QA Group <packages@qa.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Fri, 14 Sep 2012 06:21:02 UTC

Severity: important

Tags: security

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#687597; Package openslp-dfsg. (Fri, 14 Sep 2012 06:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QA Group <packages@qa.debian.org>. (Fri, 14 Sep 2012 06:21:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: openslp-dfsg: CVE-2012-4428
Date: Fri, 14 Sep 2012 08:15:57 +0200
Package: openslp-dfsg
Severity: grave
Tags: security
Justification: user security hole

Please see https://bugzilla.redhat.com/show_bug.cgi?id=857242.

Cheers,
        Moritz



Information forwarded to debian-bugs-dist@lists.debian.org, elbrus@debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#687597; Package openslp-dfsg. (Wed, 17 Oct 2012 13:36:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Paul Gevers <elbrus@debian.org>:
Extra info received and forwarded to list. Copy sent to elbrus@debian.org, Debian QA Group <packages@qa.debian.org>. (Wed, 17 Oct 2012 13:36:06 GMT) Full text and rfc822 format available.

Message #10 received at 687597@bugs.debian.org (full text, mbox):

From: Paul Gevers <elbrus@debian.org>
To: Debian Bug Tracking System <687597@bugs.debian.org>
Subject: openslp-dfsg: touch bug CVE-2012-4428
Date: Wed, 17 Oct 2012 15:33:01 +0200
Package: openslp-dfsg
Followup-For: Bug #687597

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As far as I can tell, no solution known yet, on 17 October 2012, 15:28 +0200.

While going through Debian QA group owned RC bugs, I touched on this bug.

http://security-tracker.debian.org/tracker/CVE-2012-4428

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlB+s40ACgkQHNUte6r+CGp99gCfb8V0OkWyTOTq68wZjuK50O/b
9tMAn2wLN1mGAPXS2YM36VgtU2hd0wVV
=selz
-----END PGP SIGNATURE-----



Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#687597; Package openslp-dfsg. (Sat, 05 Jan 2013 20:03:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Sat, 05 Jan 2013 20:03:03 GMT) Full text and rfc822 format available.

Message #15 received at 687597@bugs.debian.org (full text, mbox):

From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
To: Paul Gevers <elbrus@debian.org>
Cc: 687597@bugs.debian.org, Moritz Muehlenhoff <jmm@inutil.org>
Subject: Re: openslp-dfsg: touch bug CVE-2012-4428
Date: Sat, 5 Jan 2013 21:01:45 +0100
Hi,

there has also been an upstream bug report filed [1].

Might be reasonable to check back there from time to time. No patch
yet, unfortunately.

Cheers,

Adrian

> [1] http://sourceforge.net/p/openslp/bugs/122/

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaubitz@debian.org
`. `'   Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913



Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#687597; Package openslp-dfsg. (Sun, 27 Jan 2013 11:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steve McIntyre <steve@einval.com>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Sun, 27 Jan 2013 11:27:03 GMT) Full text and rfc822 format available.

Message #20 received at 687597@bugs.debian.org (full text, mbox):

From: Steve McIntyre <steve@einval.com>
To: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>, 687597@bugs.debian.org
Cc: Paul Gevers <elbrus@debian.org>, Moritz Muehlenhoff <jmm@inutil.org>
Subject: Re: Bug#687597: openslp-dfsg: touch bug CVE-2012-4428
Date: Sun, 27 Jan 2013 11:21:32 +0000
severity 687597 important
thanks

On Sat, Jan 05, 2013 at 09:01:45PM +0100, John Paul Adrian Glaubitz wrote:
>Hi,
>
>there has also been an upstream bug report filed [1].
>
>Might be reasonable to check back there from time to time. No patch
>yet, unfortunately.

I had a look at this yesterday. The buffer-handling in libslp *looks*
suspect to me (in terms of tracking lengths of text fields etc.), but
I can't see an easy way to reproduce the bug here to verify my
suspicions. I've followed up on the upstream bug to ask about this.

In the meantime, even if the code looks dodgy I *don't* see it as
being particularly likely to be exploitable, more a DoS at worst, and
only on a local-network basis rather than truly remote. I'm dropping
severity from grave accordingly - feel free to re-raise if you think
I'm wrong.

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
"C++ ate my sanity" -- Jon Rabone




Severity set to 'important' from 'grave' Request was from Steve McIntyre <steve@einval.com> to control@bugs.debian.org. (Sun, 27 Jan 2013 11:27:05 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 22:47:55 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.