Dia Multiple Unspecified Remote Format String Vulnerabilities

Bugtraq ID:	18166
Class:	Input Validation Error
CVE:	CVE-2006-2453
Remote:	Yes
Local:	No
Published:	May 30 2006 12:00AM
Updated:	Mar 19 2015 08:43AM
Credit:	Discovery is credited to Hans de Goede.
Vulnerable:	Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 8 + Linux kernel 2.4.21 + Linux kernel 2.4.19 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Desktop 1.0 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES 4 RedHat Desktop 4.0 Red Hat Fedora Core4 Red Hat Enterprise Linux AS 4 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 Gentoo Linux DIA DIA 0.92.2 DIA DIA 0.88.1 DIA DIA 0.95-pre6 DIA DIA 0.95 DIA DIA 0.94 + Ubuntu Ubuntu Linux 5.0 4 powerpc + Ubuntu Ubuntu Linux 5.0 4 i386 + Ubuntu Ubuntu Linux 5.0 4 i386 + Ubuntu Ubuntu Linux 5.0 4 amd64 + Ubuntu Ubuntu Linux 5.0 4 amd64 DIA DIA 0.93 DIA DIA 0.91 DIA DIA 0.87
Not Vulnerable:

Dia Multiple Unspecified Remote Format String Vulnerabilities

Dia is prone to multiple unspecified format-string vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input before including it in the format-specifier argument of formatted-printing functions.

A successful attack may crash the application or lead to arbitrary code execution.

Specific information regarding affected versions of Dia is not currently available; this BID will be updated as further information is disclosed.

Dia Multiple Unspecified Remote Format String Vulnerabilities

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

Dia Multiple Unspecified Remote Format String Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

Please see the referenced third-party advisories for further information on obtaining and applying fixes.


DIA DIA 0.94

• Mandriva dia-0.94-6.4.20060mdk.i586.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva dia-0.94-6.4.20060mdk.src.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva dia-0.94-6.4.20060mdk.x86_64.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• RedHat dia-0.94-16.fc4.i386.rpm
  Fedora Core 4
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/


• RedHat dia-0.94-16.fc4.ppc.rpm
  Fedora Core 4
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/


• RedHat dia-0.94-16.fc4.src.rpm
  Fedora Core 4
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/


• RedHat dia-0.94-16.fc4.x86_64.rpm
  Fedora Core 4
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/


• RedHat dia-debuginfo-0.94-16.fc4.i386.rpm
  Fedora Core 4
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/


• RedHat dia-debuginfo-0.94-16.fc4.ppc.rpm
  Fedora Core 4
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/


• RedHat dia-debuginfo-0.94-16.fc4.x86_64.rpm
  Fedora Core 4
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/


• Ubuntu dia-common_0.94.0-11ubuntu1.2_all.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-11 ubuntu1.2_all.deb


• Ubuntu dia-common_0.94.0-5ubuntu1.3_all.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-5u buntu1.3_all.deb


• Ubuntu dia-gnome_0.94.0-11ubuntu1.2_amd64.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11u buntu1.2_amd64.deb


• Ubuntu dia-gnome_0.94.0-11ubuntu1.2_i386.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11u buntu1.2_i386.deb


• Ubuntu dia-gnome_0.94.0-11ubuntu1.2_powerpc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11u buntu1.2_powerpc.deb


• Ubuntu dia-gnome_0.94.0-5ubuntu1.3_amd64.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ub untu1.3_amd64.deb


• Ubuntu dia-gnome_0.94.0-5ubuntu1.3_i386.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ub untu1.3_i386.deb


• Ubuntu dia-gnome_0.94.0-5ubuntu1.3_powerpc.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ub untu1.3_powerpc.deb


• Ubuntu dia-libs_0.94.0-11ubuntu1.2_amd64.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ub untu1.2_amd64.deb


• Ubuntu dia-libs_0.94.0-11ubuntu1.2_i386.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ub untu1.2_i386.deb


• Ubuntu dia-libs_0.94.0-11ubuntu1.2_powerpc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ub untu1.2_powerpc.deb


• Ubuntu dia-libs_0.94.0-5ubuntu1.3_amd64.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubu ntu1.3_amd64.deb


• Ubuntu dia-libs_0.94.0-5ubuntu1.3_i386.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubu ntu1.3_i386.deb


• Ubuntu dia-libs_0.94.0-5ubuntu1.3_powerpc.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubu ntu1.3_powerpc.deb


• Ubuntu dia_0.94.0-11ubuntu1.2_amd64.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubu ntu1.2_amd64.deb


• Ubuntu dia_0.94.0-11ubuntu1.2_i386.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubu ntu1.2_i386.deb


• Ubuntu dia_0.94.0-11ubuntu1.2_powerpc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubu ntu1.2_powerpc.deb


• Ubuntu dia_0.94.0-5ubuntu1.3_amd64.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubun tu1.3_amd64.deb


• Ubuntu dia_0.94.0-5ubuntu1.3_i386.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubun tu1.3_i386.deb


• Ubuntu dia_0.94.0-5ubuntu1.3_powerpc.deb
  Ubuntu 5.04:
  http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubun tu1.3_powerpc.deb

DIA DIA 0.92.2

• Mandriva dia-0.92.2-2.3.C30mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva dia-0.92.2-2.3.C30mdk.src.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva dia-0.92.2-2.3.C30mdk.x86_64.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download

Dia Multiple Unspecified Remote Format String Vulnerabilities

References:

• Bugzilla Bug 192830 �?? CVE-2006-2453 Additional dia format string flaws (Red Hat)
  
• DIA Home Page (DIA)
  
• RHSA-2006:0541-3 - dia security update (RedHat)