'Re: [oss-security] CVE request: echoping buffer overflow vulnerabilities'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: echoping buffer overflow vulnerabilities
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2013-10-21 20:14:07
Message-ID: 52658B0F.7070507 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/21/2013 12:04 AM, Moritz Muehlenhoff wrote:
> On Fri, Oct 18, 2013 at 10:35:18PM -0600, Kurt Seifried wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> On 10/17/2013 05:18 AM, Sergey Popov wrote:
>>> Echoping 6.0.2 and before contains several buffer overflow 
>>> vulnerabilities that can lead to execution of arbitrary code
>>> on the system or cause the application to crash.
>>> 
>>> Bug report in Gentoo: 
>>> https://bugs.gentoo.org/show_bug.cgi?id=349569
>>> 
>>> Some additional info: http://xforce.iss.net/xforce/xfdb/64141 
>>> http://secunia.com/advisories/42619/
>>> 
>>> Issue is fixed in upstream[1], but no release yet.
>>> 
>>> Please assign a CVE for this, thanks.
>>> 
>>> [1] - http://sourceforge.net/p/echoping/bugs/55/
>> 
>> Please use CVE-2013-4448 for this issue.
> 
> This should receive a CVE-2010-xxxx ID. It was originally reported
> to the Debian BTS in December 2010 (as linked in the sf
> bugtracker): 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606808
> 
> Cheers, Moritz
> 

COrrect, I wasn't paying attention to the created/etc dates. Please
REJECT CVE-2013-4448 and use CVE-2010-5111 instead.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSZYsOAAoJEBYNRVNeJnmT6joP/0V7xtZpJ0LRQBATuBANncYh
aqrLie9+VuUhkYHzX2Cng/3kycy150OaqfLRHwz/qGeeUvCpvp0Ks4r2m3onXFfK
hAZbJoFVK5jqwc91LNeUXm3i8X9UWS9lDcoxxQNlBROWKcphhzEl8oV12f5JjI82
sN42NRJGS5bDqXSIepzlymHZbslpn4pJYKgq61oVe2+/Ag6rpaVExFFCnBj3Qskb
zUaOQfzL6OhgN8iIHTdKGJQiJDHCFeD3E4n306j9gKmGr4eqKewd7Qqju4lsreeh
Lv89eOE7k5Pvsxusc8aDDX7pmntPPgRk5ei4WF7a+8Wv7BGLl50EF7b06b9J/pgU
RyWGPTy3Je47xFfsM4whrlVLtnyLjmlTSf30DBWapnJenvkpergfcBrRdQvOhkLA
tjyCpsmAPI8G4m7AlvV+fzUWHL9LMbrESDMwmTRXlpiHIjBlAR+kXenyUjiw5KHV
9l1o5fB9jdaWUrYbx9IHEwXObHhKDVtRWwN8Az1d8J8/AaNBi/yWRfFYm3zFlGvQ
g/siJ+XfiTnI+STKx7FbHVXWQOLvpqfHE52p2sqdUzU5VzhtTfp0VSc99tU4Omzf
7wGw6K954NXCm9oVVe51ZAR6q9baOnA46tkolqxfZZ9kqocpPxMDz6A30KrKJGc4
Mc2pq05aKrasEmn9bWMn
=5CSE
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic