[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: Multiple issues in GNU ZRTPCPP
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2013-06-30 22:27:55
Message-ID: 51D0B0EB.5030804 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/29/2013 08:05 AM, Dan Rosenberg wrote:
> I'd like to request CVEs for multiple security vulnerabilities
> discovered, reported, and published by Mark Dowd of Azimuth
> Security in GNU ZRTPCPP, an open-source ZRTP implementation used in
> a number of "secure phone" solutions:
>
> http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html
I
>
guess since this is on the front page of Slashdot I should get the
CVEs for it out =)
> 1. Remote heap overflow
>
> A remote attacker can cause a heap-based buffer overflow by sending
> an overly-large ZRTP packet of several possible types, including a
> "Hello" packet. Successful exploitation would allow an attacker to
> execute arbitrary code in the context of a vulnerable application.
Please use CVE-2013-2221 for this issue.
> 2. Multiple remote stack overflows
>
> A remote attacker can cause multiple stack-based buffer overflows
> by sending a malformed ZRTP Hello packet with an overly-large value
> in certain fields, including the count of public keys. Exploitation
> may be difficult due to the details of the layout of stack
> variables in memory, but successful exploitation would allow an
> attacker to execute arbitrary code in the context of a vulnerable
> application.
Please use CVE-2013-2222 for this issue.
> 3. Multiple remote heap memory disclosures
>
> By sending a truncated ZRTP Ping packet, the response packet will
> include several bytes of the affected application's heap memory due
> to a lack of validation on the incoming packet. This flaw could be
> exploited to gain knowledge about the heap state of an affected
> application to enable further attacks, or potentially reveal
> sensitive information stored on the heap.
Please use CVE-2013-2223 for this issue.
> The fixes for all of these flaws were included in the following
> commit:
> https://github.com/wernerd/ZRTPCPP/commit/c8617100f359b217a974938c5539a1dd8a120b0e
>
>
>
> Regards, Dan
>
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iQIcBAEBAgAGBQJR0LDrAAoJEBYNRVNeJnmTLXMP/1yzS8rnivHC8AbDHl9QVmSI
tX5qPZpnS9mnXgy7W11nChZFCsh2C6Q6DXge4kB5b45QHll4+hAyUueVWhS2WhAb
Qx0v1+NBHbSvp4sDlX5WzkoSY7a+ce94uPczdjvQK33Xoka5GTEFXt0rv59SSeSa
tskErR52E6nI+GQBhG1FJqzLxe3vsAr06Mc6EW1mbYyrXwNAJfA0QdVZPbNHMxeX
hqkRXBGsESLHI2JHNRJXcznd9nKVqWk2alkmsBDdVvbyvdtCNdMDCIg5lVjFszuR
GEdDLHH5enzXL3VQ3XhCzg+yJSNS2Z2T7Y2tNW354Qi80Rn1TRsSDCSaGvzK+gNU
42VRrSei6mHpRGiCWGwb9fE2E1YYfeodEAqD5Bf1Sbctuk6exHRRNmzTrgs2iJId
UVJY2AD79cNn318oL3Rj57XdswDvpNlpnGkzp8T/v4LT99VrhrRN/S4YZlp4j8l1
B71HYp7wNMKPiI+y4O2kltPXOts9Da2k8m/v0f7Rkm19+p0gbDX+ANgqmO92fGol
rQk+9rlNnvtyjfdvYo6XEWKdhhWYjobFZvQEzTARHJ7E288B/fHO4xOqy2s5dy8Q
RKAmPpoTCoB6JJRn96PH8ISasMu83msh0cm/6S9y63XVduFgeezK9ZjvWzJasQTe
n7gJWS9XcD/SjmSWQQkh
=qje4
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic