thr3ads.net - Secure testing team - [Secure-testing-team] Bug#492742: CVE-2008-3252: buffer overflow [Jul 2008]

If this information is useful, please help other people find it:
Share via:

Steffen Joeris

2008-Jul-28 15:08 UTC

[Secure-testing-team] Bug#492742: CVE-2008-3252: buffer overflow

Package: newsx
Severity: grave
Tags: security, patch
Justification: user security hole

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for newsx.

CVE-2008-3252[0]:
| Stack-based buffer overflow in the read_article function in
| getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary
| code via a news article containing a large number of lines starting
| with a period.

There is a redhat bugreport[1] with more information and I''ve attached
their patch.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3252
    http://security-tracker.debian.net/tracker/CVE-2008-3252

[1] https://bugzilla.redhat.com/show_bug.cgi?id=454483
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2008-3252.patch
Type: text/x-diff
Size: 679 bytes
Desc: not available
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080729/024d9d24/attachment.patch

Secure testing team - Jul 2008 - Bug#492742: CVE-2008-3252: buffer overflow

[Secure-testing-team] Bug#492742: CVE-2008-3252: buffer overflow