Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[ GLSA 200810-01 ] WordNet: Execution of arbitrary code
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2663
PostPosted: Tue Oct 07, 2008 6:26 pm    Post subject: [ GLSA 200810-01 ] WordNet: Execution of arbitrary code Reply with quote
Gentoo Linux Security Advisory

Title: WordNet: Execution of arbitrary code (GLSA 200810-01)
Severity: normal
Exploitable: local, remote
Date: October 07, 2008
Bug(s): #211491
ID: 200810-01

Synopsis


Multiple vulnerabilities were found in WordNet, possibly allowing for the
execution of arbitrary code.


Background


WordNet is a large lexical database of English.


Affected Packages

Package: app-dicts/wordnet
Vulnerable: < 3.0-r2
Unaffected: >= 3.0-r2
Architectures: All supported architectures


Description


Jukka Ruohonen initially reported a boundary error within the
searchwn() function in src/wn.c. A thorough investigation by the oCERT
team revealed several other vulnerabilities in WordNet:
  • Jukka Ruohonen and Rob Holland (oCERT) reported multiple boundary
    errors within the searchwn() function in src/wn.c, the wngrep()
    function in lib/search.c, the morphstr() and morphword() functions in
    lib/morph.c, and the getindex() in lib/search.c, which lead to
    stack-based buffer overflows.
  • Rob Holland (oCERT) reported two
    boundary errors within the do_init() function in lib/morph.c, which
    lead to stack-based buffer overflows via specially crafted
    "WNSEARCHDIR" or "WNHOME" environment variables.
  • Rob Holland
    (oCERT) reported multiple boundary errors in the bin_search() and
    bin_search_key() functions in binsrch.c, which lead to stack-based
    buffer overflows via specially crafted data files.
  • Rob Holland
    (oCERT) reported a boundary error within the parse_index() function in
    lib/search.c, which leads to a heap-based buffer overflow via specially
    crafted data files.


Impact

  • In case the application is accessible e.g. via a web server,
    a remote attacker could pass overly long strings as arguments to the
    "wm" binary, possibly leading to the execution of arbitrary code.
  • A local attacker could exploit the second vulnerability via
    specially crafted "WNSEARCHDIR" or "WNHOME" environment variables,
    possibly leading to the execution of arbitrary code with escalated
    privileges.
  • A local attacker could exploit the third and
    fourth vulnerability by making the application use specially crafted
    data files, possibly leading to the execution of arbitrary code.


Workaround


There is no known workaround at this time.


Resolution


All WordNet users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=app-dicts/wordnet-3.0-r2"


References

CVE-2008-2149
CVE-2008-3908

Last edited by GLSA on Sat Sep 19, 2009 4:18 am; edited 2 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy