François Wendling
2008-Sep-04 19:56 UTC
[Secure-testing-team] Bug#497835: gmanedit: Found several buffer overflows
Package: gmanedit
Version: 0.4.1-1
Severity: important
Tags: security
Hi,
Gmanedit includes several buffer overflows. It needs to be audited
seriously, user input is never checked. Here are the ones i found :
* Launch the wizard, click all the boxes, complete the wizard. Check
for "cad[512]" in the source, it''s where the problem is, it
should
be increased ; it fixes the problem, but it''s ugly.
* Launch the wizard, type a very long line in title or name of the
manpage. At first the UI doesn''t limit the number of characters
you can enter, then the code handles it badly.
* Open preferences, flood the inputbox.
* Same like above, but this time it comes from the rc file. Just fill the
"COMMAND=" parameters with a lot of characters.
* Fill the editor with a 200kb file, then try to see the man ("view
created page").
Maybe there are some others, so it needs a good audit. I don''t send a
patch, because i can''t fix properly, but don''t hesitate to ask
me
more if you need.
Regards,