GNATS Format String Flaw in 'misc.c' May Let Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1010579
|
|
SecurityTracker URL: http://securitytracker.com/id?1010579
|
|
CVE Reference: CAN-2004-0623
(Links to External Site)
|
Updated: Nov 12 2004
|
Original Entry Date: Jun 25 2004
|
Impact: Execution of arbitrary code via local system, Root access via local system, User access via local system
|
Advisory: Zone-H
|
Version(s): 4.00
|
Description: A format string vulnerability was reported in GNU GNATS. A local user may be able to gain elevated privileges on the target system.
Zone-h issued a security advisory warning that there is a format string bug that may possibly allow a local user to execute arbitrary
commands on the target system.
The flaw reportedly resides in 'misc.c'.
Khan Shirani is credited with discovering this flaw.
The
vendor has reportedly been notified.
The original advisory is available at:
http://www.zone-h.org/advisories/read/id=4889
In
November 2004, Phantasmal Phantasmagoria reported that this is not a vulnerability because user-supplied data is never passed to
the affected log_msg() function.
|
Impact: A local user may "possibly" be able to execute arbitrary code on the target system.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.gnu.org/software/gnats/ (Links to External Site)
|
Cause: Input validation error, State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 24 Jun 2004 23:43:56 -0400
Subject: ZH2004-11SA (security advisory): format string vulnerability in Gnats
|
ZH2004-11SA (security advisory): format string vulnerability in Gnats
06/24/2004
Zone-h Security Advisory Date of discovery : 21 june 2004
http://www.zone-h.org Date of release : 24 june 2004
Bug found by Khan Shirani
<shirani@zone-h.org>
---------------------------------------
Software : GNU Gnats 4.00
Bugs : formats string bug(s)
Risk : low/medium
Platform : *nix
---------------------------------------
Description:
============
GNU GNATS is a set of tools for tracking bugs reported by users to a central site.
It allows problem report management and communication with users via various means.
GNATS stores all the information about problem reports
in its databases and provides tools for querying, editing, and maintenance of the databases.
http://www.gnu.org/software/gnats/
Vulnerability:
==============
A format string bug has been discovered in the Gnats package which
could *possibly* be exploited to execute arbitrary commands.
vulnerable code:
================
----------------------
gnats-4.0\gnats\misc.c
#ifdef HAVE_SYSLOG_H
case SYSLOG:
syslog (severity, buf);
break;
#endif
----------------------
Vendor Notice:
==============
The Gnats team has been notified of the discoveries via <bug-gnats@gnu.org>
No patch is available at this time
Copyright
=========
Contents may not be altered without notification to original author
permission is granted to reproduce this advisory on public databases.
shirani@zone-h.org
and all the zone-h team.
http://www.zone-h.org
http://www.zone-h.org/advisories/read/id=4889
|
|
