GNU Queue Multiple Unspecified Buffer Overflow Vulnerabilities

Bugtraq ID:	12293
Class:	Boundary Condition Error
CVE:	CVE-2004-0555
Remote:	No
Local:	No
Published:	Jan 18 2005 12:00AM
Updated:	Jul 12 2009 10:06AM
Credit:	"jaguar" is credited with the discovery of these issues.
Vulnerable:	GNU Queue 1.30.1 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0
Not Vulnerable:

GNU Queue Multiple Unspecified Buffer Overflow Vulnerabilities

Multiple unspecified buffer overflow vulnerabilities affect GNU Queue. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.

An attacker may leverage these issues to execute instructions with the privileges of the affected application. Although unconfirmed this may facilitate unauthorized access or privilege escalation.

This BID will be updated as more information becomes available.

GNU Queue Multiple Unspecified Buffer Overflow Vulnerabilities

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

GNU Queue Multiple Unspecified Buffer Overflow Vulnerabilities

Solution:
Debian has released advisory DSA 643-1 along with fixes dealing with this issue. Please see the referenced advisory for more information.


GNU Queue 1.30.1

• Debian queue_1.30.1-4woody2_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woo dy2_alpha.deb


• Debian queue_1.30.1-4woody2_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woo dy2_arm.deb


• Debian queue_1.30.1-4woody2_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woo dy2_hppa.deb


• Debian queue_1.30.1-4woody2_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woo dy2_i386.deb


• Debian queue_1.30.1-4woody2_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woo dy2_ia64.deb


• Debian queue_1.30.1-4woody2_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woo dy2_m68k.deb


• Debian queue_1.30.1-4woody2_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woo dy2_mips.deb


• Debian queue_1.30.1-4woody2_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woo dy2_mipsel.deb


• Debian queue_1.30.1-4woody2_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woo dy2_powerpc.deb


• Debian queue_1.30.1-4woody2_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woo dy2_s390.deb


• Debian queue_1.30.1-4woody2_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woo dy2_sparc.deb

GNU Queue Multiple Unspecified Buffer Overflow Vulnerabilities

References:

• GNU Queue Home Page (GNU)