NASM IEEE_PUTASCII Remote Buffer Overflow Vulnerability
BID:13506
Info
NASM IEEE_PUTASCII Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 13506 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-1194 |
| Remote: | Yes |
| Local: | No |
| Published: | May 05 2005 12:00AM |
| Updated: | Mar 01 2007 08:16PM |
| Credit: | This issue was reported by Josh Bressers. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 SGI ProPack 3.0 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 NASM NASM 0.98.38 NASM NASM 0.98.35 NASM NASM 0.98.34 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 Mandriva Linux Mandrake 10.1 x86_64 Mandriva Linux Mandrake 10.1 Mandriva Linux Mandrake 10.0 AMD64 Mandriva Linux Mandrake 10.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 2.1 x86_64 MandrakeSoft Corporate Server 2.1 |
| Not Vulnerable: | |
Discussion
NASM IEEE_PUTASCII Remote Buffer Overflow Vulnerability
NASM is prone to a remote buffer-overflow vulnerability. This issue affects the 'ieee_putascii()' function.
An attacker likely exploits this issue by crafting a malicious source file to be assembled by the application. This file is sent to an affected user; if the user loads the file in NASM, the attack may result in arbitrary code execution.
The attacker may then gain unauthorized access in the context of the user running NASM.
NASM is prone to a remote buffer-overflow vulnerability. This issue affects the 'ieee_putascii()' function.
An attacker likely exploits this issue by crafting a malicious source file to be assembled by the application. This file is sent to an affected user; if the user loads the file in NASM, the attack may result in arbitrary code execution.
The attacker may then gain unauthorized access in the context of the user running NASM.
Exploit / POC
NASM IEEE_PUTASCII Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
NASM IEEE_PUTASCII Remote Buffer Overflow Vulnerability
Solution:
Please see the referenced advisories for more information.
NASM NASM 0.98.38
Mandriva Linux Mandrake 10.0
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
MandrakeSoft Corporate Server 2.1
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Solution:
Please see the referenced advisories for more information.
NASM NASM 0.98.38
-
Ubuntu nasm_0.98.38-1.1ubuntu0.1_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/n/nasm/nasm_0.98.38-1.1ubu ntu0.1_amd64.deb -
Ubuntu nasm_0.98.38-1.1ubuntu0.1_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/n/nasm/nasm_0.98.38-1.1ubu ntu0.1_i386.deb -
Ubuntu nasm_0.98.38-1.1ubuntu0.1_ia64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/n/nasm/nasm_0.98.38-1.1ubu ntu0.1_ia64.deb -
Ubuntu nasm_0.98.38-1.1ubuntu0.1_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/n/nasm/nasm_0.98.38-1.1ubu ntu0.1_powerpc.deb -
Ubuntu nasm_0.98.38-1ubuntu0.2_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/n/nasm/nasm_0.98.38-1ubunt u0.2_amd64.deb -
Ubuntu nasm_0.98.38-1ubuntu0.2_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/n/nasm/nasm_0.98.38-1ubunt u0.2_i386.deb -
Ubuntu nasm_0.98.38-1ubuntu0.2_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/n/nasm/nasm_0.98.38-1ubunt u0.2_powerpc.deb
Mandriva Linux Mandrake 10.0
-
Mandriva nasm-0.98.38-1.2.100mdk.i586.rpm
Mandrakelinux 10.0:
http://www.mandriva.com/en/download -
Mandriva nasm-0.98.38-1.2.100mdk.src.rpm
Mandrakelinux 10.0:
http://www.mandriva.com/en/download -
Mandriva nasm-doc-0.98.38-1.2.100mdk.i586.rpm
Mandrakelinux 10.0:
http://www.mandriva.com/en/download -
Mandriva nasm-rdoff-0.98.38-1.2.100mdk.i586.rpm
Mandrakelinux 10.0:
http://www.mandriva.com/en/download
Mandriva Linux Mandrake 10.0 AMD64
-
Mandriva nasm-0.98.38-1.2.100mdk.amd64.rpm
Mandrakelinux 10.0/AMD64:
http://www.mandriva.com/en/download -
Mandriva nasm-0.98.38-1.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
http://www.mandriva.com/en/download -
Mandriva nasm-doc-0.98.38-1.2.100mdk.amd64.rpm
Mandrakelinux 10.0/AMD64:
http://www.mandriva.com/en/download -
Mandriva nasm-rdoff-0.98.38-1.2.100mdk.amd64.rpm
Mandrakelinux 10.0/AMD64:
http://www.mandriva.com/en/download
Mandriva Linux Mandrake 10.1
-
Mandriva nasm-0.98.38-1.2.101mdk.i586.rpm
Mandrakelinux 10.1:
http://www.mandriva.com/en/download -
Mandriva nasm-0.98.38-1.2.101mdk.src.rpm
Mandrakelinux 10.1:
http://www.mandriva.com/en/download -
Mandriva nasm-doc-0.98.38-1.2.101mdk.i586.rpm
Mandrakelinux 10.1:
http://www.mandriva.com/en/download -
Mandriva nasm-rdoff-0.98.38-1.2.101mdk.i586.rpm
Mandrakelinux 10.1:
http://www.mandriva.com/en/download
Mandriva Linux Mandrake 10.1 x86_64
-
Mandriva nasm-0.98.38-1.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
http://www.mandriva.com/en/download -
Mandriva nasm-0.98.38-1.2.101mdk.x86_64.rpm
Mandrakelinux 10.1/X86_64:
http://www.mandriva.com/en/download -
Mandriva nasm-doc-0.98.38-1.2.101mdk.x86_64.rpm
Mandrakelinux 10.1/X86_64:
http://www.mandriva.com/en/download -
Mandriva nasm-rdoff-0.98.38-1.2.101mdk.x86_64.rpm
Mandrakelinux 10.1/X86_64:
http://www.mandriva.com/en/download
Mandriva Linux Mandrake 10.2 x86_64
-
Mandriva nasm-0.98.39-1.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
http://www.mandriva.com/en/download -
Mandriva nasm-0.98.39-1.1.102mdk.x86_64.rpm
Mandrakelinux 10.2/X86_64:
http://www.mandriva.com/en/download -
Mandriva nasm-doc-0.98.39-1.1.102mdk.x86_64.rpm
Mandrakelinux 10.2/X86_64:
http://www.mandriva.com/en/download -
Mandriva nasm-rdoff-0.98.39-1.1.102mdk.x86_64.rpm
Mandrakelinux 10.2/X86_64:
http://www.mandriva.com/en/download
Mandriva Linux Mandrake 10.2
-
Mandriva nasm-0.98.39-1.1.102mdk.i586.rpm
Mandrakelinux 10.2:
http://www.mandriva.com/en/download -
Mandriva nasm-0.98.39-1.1.102mdk.src.rpm
Mandrakelinux 10.2:
http://www.mandriva.com/en/download -
Mandriva nasm-doc-0.98.39-1.1.102mdk.i586.rpm
Mandrakelinux 10.2:
http://www.mandriva.com/en/download -
Mandriva nasm-rdoff-0.98.39-1.1.102mdk.i586.rpm
Mandrakelinux 10.2:
http://www.mandriva.com/en/download
MandrakeSoft Corporate Server 2.1
-
Mandriva nasm-0.98.34-1.1.C21mdk.i586.rpm
Corporate Server 2.1:
http://www.mandriva.com/en/download -
Mandriva nasm-0.98.34-1.1.C21mdk.src.rpm
Corporate Server 2.1:
http://www.mandriva.com/en/download -
Mandriva nasm-doc-0.98.34-1.1.C21mdk.i586.rpm
Corporate Server 2.1:
http://www.mandriva.com/en/download -
Mandriva nasm-rdoff-0.98.34-1.1.C21mdk.i586.rpm
Corporate Server 2.1:
http://www.mandriva.com/en/download
MandrakeSoft Corporate Server 2.1 x86_64
-
Mandriva nasm-0.98.34-1.1.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
http://www.mandriva.com/en/download -
Mandriva nasm-0.98.34-1.1.C21mdk.x86_64.rpm
Corporate Server 2.1/X86_64:
http://www.mandriva.com/en/download -
Mandriva nasm-doc-0.98.34-1.1.C21mdk.x86_64.rpm
Corporate Server 2.1/X86_64:
http://www.mandriva.com/en/download -
Mandriva nasm-rdoff-0.98.34-1.1.C21mdk.x86_64.rpm
Corporate Server 2.1/X86_64:
http://www.mandriva.com/en/download
MandrakeSoft Corporate Server 3.0 x86_64
-
Mandriva nasm-0.98.38-1.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva nasm-0.98.38-1.2.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva nasm-doc-0.98.38-1.2.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva nasm-rdoff-0.98.38-1.2.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
MandrakeSoft Corporate Server 3.0
-
Mandriva nasm-0.98.38-1.2.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva nasm-0.98.38-1.2.C30mdk.src.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva nasm-doc-0.98.38-1.2.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva nasm-rdoff-0.98.38-1.2.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
References
NASM IEEE_PUTASCII Remote Buffer Overflow Vulnerability
References:
References: