Joined: 12 May 2004
|Posted: Tue May 10, 2005 8:51 pm Post subject: [ GLSA 200505-08 ] HT Editor: Multiple buffer overflows
|Gentoo Linux Security Advisory
Title: HT Editor: Multiple buffer overflows (GLSA 200505-08)
Date: May 10, 2005
Updated: May 22, 2006
Two vulnerabilities have been discovered in HT Editor, potentially leading to the execution of arbitrary code.
HT is a hex editor, designed to help analyse and modify executable files.
Vulnerable: < 0.8.0-r2
Unaffected: >= 0.8.0-r2
Architectures: All supported architectures
Tavis Ormandy of the Gentoo Linux Security Team discovered an integer overflow in the ELF parser, leading to a heap-based buffer overflow. The vendor has reported that an unrelated buffer overflow has been discovered in the PE parser.
Successful exploitation would require the victim to open a specially crafted file using HT, potentially permitting an attacker to execute arbitrary code.
There is no known workaround at this time.
All hteditor users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/hteditor-0.8.0-r2"
Last edited by GLSA on Mon May 22, 2006 4:19 am; edited 2 times in total