CORE Security Technologies informed about vulnerability in vinagre: ----- A format string error has been found on the 'vinagre_utils_show_error()' function that can be exploited via commands issued from a malicious server containing format string specifiers on the VNC name. In a web based attack scenario, the user would be required to connect to a malicious server. Successful exploitation would then allow the attacker to execute arbitrary code with the privileges of the Vinagre user. ----- Advisory says about 2.24.2 as the first non-vulnerable version. The update to the branch 2.24 were made at 05 Dec 2008. The corresponding update to the 0.5 branch were made at 05 Dec 2008 and the new version is 0.5.2. Fix for 2.24 is here: http://svn.gnome.org/viewvc/vinagre/branches/gnome-2-24/src/vinagre-utils.c?r1=490&r2=525&view=patch Fix for 0.5.2 was merged from branch gnome-2-22: http://svn.gnome.org/viewvc/vinagre/tags/VINAGRE_0_5_2/src/vinagre-utils.c?view=log And the fix for branch gnome-2-22, http://svn.gnome.org/viewvc/vinagre/branches/gnome-2-22/src/vinagre-utils.c?r1=252&r2=528&pathrev=528 is the same as for 2.24. Fix: The following patch updates the port to 0.5.2 thus fixing the security issue: The following VuXML entry should be evaluated and added: <vuln vid="214e8e07-d369-11dd-b800-001b77d09812"> <topic>vinagre -- format string vulnerability</topic> <affects> <package> <name>vinagre</name> <range><lt>0.5.2</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>CORE Security Technologies reports:</p> <blockquote cite="http://www.coresecurity.com/content/vinagre-format-string"> <p>A format string error has been found on the vinagre_utils_show_error() function that can be exploited via commands issued from a malicious server containing format string specifiers on the VNC name.</p> <p>In a web based attack scenario, the user would be required to connect to a malicious server. Successful exploitation would then allow the attacker to execute arbitrary code with the privileges of the Vinagre user.</p> </blockquote> </body> </description> <references> <bid>32682</bid> <url>http://www.coresecurity.com/content/vinagre-format-string</url> <url>http://ftp.gnome.org/pub/GNOME/sources/vinagre/0.5/vinagre-0.5.2.news</url> </references> <dates> <discovery>09-12-2008</discovery> <entry>TODAY</entry> </dates> </vuln> --- vuln.xml ends here -----1VyHySbOt1sD4ln3atxuyOkPrH0InPEVogZrzAGwGvjXW4WM Content-Type: text/plain; name="update-to-0.5.2.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="update-to-0.5.2.diff" From 92848964e91e45011537456d4424c5968313cac2 Mon Sep 17 00:00:00 2001 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Date: Fri, 26 Dec 2008 19:41:40 +0300 0.5.2 fixes security issue discovered by CORE Security Technologies: http://www.coresecurity.com/content/vinagre-format-string http://ftp.gnome.org/pub/GNOME/sources/vinagre/0.5/vinagre-0.5.2.news Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> --- net/vinagre/Makefile | 3 +-- net/vinagre/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/net/vinagre/Makefile b/net/vinagre/Makefile index f4dad51..661184c 100644 --- a/net/vinagre/Makefile +++ b/net/vinagre/Makefile @@ -7,8 +7,7 @@ # PORTNAME= vinagre -PORTVERSION= 0.5.1 -PORTREVISION= 3 +PORTVERSION= 0.5.2 CATEGORIES= net gnome MASTER_SITES= ${MASTER_SITE_GNOME} MASTER_SITE_SUBDIR= sources/${PORTNAME}/${PORTVERSION:C/^([0-9]+\.[0-9]+).*/\1/} diff --git a/net/vinagre/distinfo b/net/vinagre/distinfo index ffe1f67..e8cb385 100644 --- a/net/vinagre/distinfo +++ b/net/vinagre/distinfo @@ -1,3 +1,3 @@ -MD5 (gnome2/vinagre-0.5.1.tar.bz2) = 48e0079631952216743720fa1c59f621 -SHA256 (gnome2/vinagre-0.5.1.tar.bz2) = 971d32e74b553a68babfed14bedb1118c9882e1f1e5614889ec6f0795885e2a3 -SIZE (gnome2/vinagre-0.5.1.tar.bz2) = 1048927 +MD5 (gnome2/vinagre-0.5.2.tar.bz2) = abf277899e28ec9beea9a2f7c331267d +SHA256 (gnome2/vinagre-0.5.2.tar.bz2) = b45f084343ad892bc303e2d0dada186d588ae6f0ccc419340024a2533e5a775b +SIZE (gnome2/vinagre-0.5.2.tar.bz2) = 1031512 -- 1.6.0.6 How-To-Repeat: http://www.coresecurity.com/content/vinagre-format-string http://ftp.gnome.org/pub/GNOME/sources/vinagre/0.5/vinagre-0.5.2.news http://ftp.gnome.org/pub/GNOME/sources/vinagre/2.24/vinagre-2.24.2.news
Responsible Changed From-To: freebsd-ports-bugs->gnome Over to maintainer (via the GNATS Auto Assign Tool)
mezz 2008-12-31 21:15:29 UTC FreeBSD ports repository Modified files: net/vinagre Makefile distinfo Log: Update to 0.5.2. PR: ports/129959 Reported by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Security: http://www.coresecurity.com/content/vinagre-format-string Revision Changes Path 1.11 +2 -4 ports/net/vinagre/Makefile 1.4 +3 -3 ports/net/vinagre/distinfo _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
mezz 2008-12-31 21:23:01 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: Add vinagre -- format string vulnerability entry. PR: ports/129959 Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Revision Changes Path 1.1798 +36 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed, thanks!