Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200406-14 ] aspell: Buffer overflow in word-list-compress
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Bodhisattva
Bodhisattva


Joined: 25 Feb 2003
Posts: 3827
Location: Essen, Germany

PostPosted: Fri Jun 18, 2004 8:08 am    Post subject: [ GLSA 200406-14 ] aspell: Buffer overflow in word-list-comp Reply with quote

Gentoo Linux Security Advisory

Title: aspell: Buffer overflow in word-list-compress (GLSA 200406-14)
Severity: normal
Exploitable: local
Date: June 17, 2004
Updated: May 22, 2006
Bug(s): #53389
ID: 200406-14

Synopsis

A bug in the aspell utility word-list-compress can allow an attacker to execute arbitrary code.

Background

aspell is a popular spell-checker. Dictionaries are available for many languages.

Affected Packages

Package: app-text/aspell
Vulnerable: <= 0.50.5-r3
Unaffected: >= 0.50.5-r4
Architectures: All supported architectures


Description

aspell includes a utility for handling wordlists called word-list-compress. This utility fails to do proper bounds checking when processing words longer than 256 bytes.

Impact

If an attacker could entice a user to handle a wordlist containing very long word lengths it could result in the execution of arbitrary code with the permissions of the user running the program.

Workaround

There is no known workaround at this time. All users are encouraged to upgrade to the latest available version.

Resolution

All users should upgrade to the latest available version of aspell.
Code:
# emerge sync
# emerge -pv ">=app-text/aspell-0.50.5-r4"
# emerge ">=app-text/aspell-0.50.5-r4"


References

Nettwerked Advisory
CVE-2004-0548


Last edited by GLSA on Sun Jul 30, 2006 4:16 am; edited 4 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum