Bug 129959

Summary: [patch] [vuxml] net/vinagre: fix security issue and update to 0.5.2
Product: Ports & Packages Reporter: Eygene Ryabinkin <rea-fbsd>
Component: Individual Port(s)Assignee: freebsd-gnome (Nobody) <gnome>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Eygene Ryabinkin 2008-12-26 17:10:01 UTC 
CORE Security Technologies informed about vulnerability in vinagre:
-----
A format string error has been found on the 'vinagre_utils_show_error()'
function that can be exploited via commands issued from a malicious
server containing format string specifiers on the VNC name.

In a web based attack scenario, the user would be required to connect to
a malicious server. Successful exploitation would then allow the
attacker to execute arbitrary code with the privileges of the Vinagre user.
-----

Advisory says about 2.24.2 as the first non-vulnerable version.  The
update to the branch 2.24 were made at 05 Dec 2008.  The corresponding
update to the 0.5 branch were made at 05 Dec 2008 and the new version is
0.5.2.

Fix for 2.24 is here:
  http://svn.gnome.org/viewvc/vinagre/branches/gnome-2-24/src/vinagre-utils.c?r1=490&r2=525&view=patch

Fix for 0.5.2 was merged from branch gnome-2-22:
  http://svn.gnome.org/viewvc/vinagre/tags/VINAGRE_0_5_2/src/vinagre-utils.c?view=log

And the fix for branch gnome-2-22,
  http://svn.gnome.org/viewvc/vinagre/branches/gnome-2-22/src/vinagre-utils.c?r1=252&r2=528&pathrev=528
is the same as for 2.24.

Fix: The following patch updates the port to 0.5.2 thus fixing the security
issue:


The following VuXML entry should be evaluated and added:
  <vuln vid="214e8e07-d369-11dd-b800-001b77d09812">
    <topic>vinagre -- format string vulnerability</topic>
    <affects>
      <package>
        <name>vinagre</name>
        <range><lt>0.5.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
        <p>CORE Security Technologies reports:</p>
        <blockquote
          cite="http://www.coresecurity.com/content/vinagre-format-string">
          <p>A format string error has been found on the
          vinagre_utils_show_error() function that can be exploited via
          commands issued from a malicious server containing format
          string specifiers on the VNC name.</p>
          <p>In a web based attack scenario, the user would be required
          to connect to a malicious server. Successful exploitation
          would then allow the attacker to execute arbitrary code with
          the privileges of the Vinagre user.</p>
        </blockquote>
      </body>
    </description>
    <references>
      <bid>32682</bid>
      <url>http://www.coresecurity.com/content/vinagre-format-string</url>
      <url>http://ftp.gnome.org/pub/GNOME/sources/vinagre/0.5/vinagre-0.5.2.news</url>
    </references>
    <dates>
      <discovery>09-12-2008</discovery>
      <entry>TODAY</entry>
    </dates>
  </vuln>
--- vuln.xml ends here -----1VyHySbOt1sD4ln3atxuyOkPrH0InPEVogZrzAGwGvjXW4WM
Content-Type: text/plain; name="update-to-0.5.2.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="update-to-0.5.2.diff"

From 92848964e91e45011537456d4424c5968313cac2 Mon Sep 17 00:00:00 2001
From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Date: Fri, 26 Dec 2008 19:41:40 +0300

0.5.2 fixes security issue discovered by CORE Security Technologies:
  http://www.coresecurity.com/content/vinagre-format-string
  http://ftp.gnome.org/pub/GNOME/sources/vinagre/0.5/vinagre-0.5.2.news

Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
---
 net/vinagre/Makefile |    3 +--
 net/vinagre/distinfo |    6 +++---
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/net/vinagre/Makefile b/net/vinagre/Makefile
index f4dad51..661184c 100644
--- a/net/vinagre/Makefile
+++ b/net/vinagre/Makefile
@@ -7,8 +7,7 @@
 #
 
 PORTNAME=	vinagre
-PORTVERSION=	0.5.1
-PORTREVISION=	3
+PORTVERSION=	0.5.2
 CATEGORIES=	net gnome
 MASTER_SITES=	${MASTER_SITE_GNOME}
 MASTER_SITE_SUBDIR=	sources/${PORTNAME}/${PORTVERSION:C/^([0-9]+\.[0-9]+).*/\1/}
diff --git a/net/vinagre/distinfo b/net/vinagre/distinfo
index ffe1f67..e8cb385 100644
--- a/net/vinagre/distinfo
+++ b/net/vinagre/distinfo
@@ -1,3 +1,3 @@
-MD5 (gnome2/vinagre-0.5.1.tar.bz2) = 48e0079631952216743720fa1c59f621
-SHA256 (gnome2/vinagre-0.5.1.tar.bz2) = 971d32e74b553a68babfed14bedb1118c9882e1f1e5614889ec6f0795885e2a3
-SIZE (gnome2/vinagre-0.5.1.tar.bz2) = 1048927
+MD5 (gnome2/vinagre-0.5.2.tar.bz2) = abf277899e28ec9beea9a2f7c331267d
+SHA256 (gnome2/vinagre-0.5.2.tar.bz2) = b45f084343ad892bc303e2d0dada186d588ae6f0ccc419340024a2533e5a775b
+SIZE (gnome2/vinagre-0.5.2.tar.bz2) = 1031512
-- 
1.6.0.6
How-To-Repeat: 
  http://www.coresecurity.com/content/vinagre-format-string
  http://ftp.gnome.org/pub/GNOME/sources/vinagre/0.5/vinagre-0.5.2.news
  http://ftp.gnome.org/pub/GNOME/sources/vinagre/2.24/vinagre-2.24.2.news
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2008-12-26 17:10:10 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->gnome

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 dfilter service freebsd_committer freebsd_triage 2008-12-31 21:15:43 UTC 
mezz        2008-12-31 21:15:29 UTC

  FreeBSD ports repository

  Modified files:
    net/vinagre          Makefile distinfo 
  Log:
  Update to 0.5.2.
  
  PR:             ports/129959
  Reported by:    Eygene Ryabinkin <rea-fbsd@codelabs.ru>
  Security:       http://www.coresecurity.com/content/vinagre-format-string
  
  Revision  Changes    Path
  1.11      +2 -4      ports/net/vinagre/Makefile
  1.4       +3 -3      ports/net/vinagre/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 dfilter service freebsd_committer freebsd_triage 2008-12-31 21:23:11 UTC 
mezz        2008-12-31 21:23:01 UTC

  FreeBSD ports repository

  Modified files:
    security/vuxml       vuln.xml 
  Log:
  Add vinagre -- format string vulnerability entry.
  
  PR:             ports/129959
  Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>
  
  Revision  Changes    Path
  1.1798    +36 -1     ports/security/vuxml/vuln.xml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 Jeremy Messenger freebsd_committer freebsd_triage 2008-12-31 21:23:21 UTC 
State Changed
From-To: open->closed

Committed, thanks!