Texinfo File Handling Buffer Overflow Vulnerability
BID:20959
Info
Texinfo File Handling Buffer Overflow Vulnerability
| Bugtraq ID: | 20959 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-4810 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 08 2006 12:00AM |
| Updated: | Feb 25 2014 12:46AM |
| Credit: | Miloslav Trmac is credited with the discovery of this vulnerability. |
| Vulnerable: |
VMWare ESX Server 3.0.1 VMWare ESX Server 3.0 Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Operating System Enterprise Server 2.0 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise Desktop 10 SGI ProPack 3.0 SP6 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Desktop 1.0 rPath rPath Linux 1 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 Red Hat Enterprise Linux AS 4 Red Hat Enterprise Linux AS 3 Red Hat Enterprise Linux AS 2.1 IA64 Red Hat Enterprise Linux AS 2.1 OpenPKG OpenPKG Stable OpenPKG OpenPKG E1.0-Solid OpenPKG OpenPKG Current OpenPKG OpenPKG 2-Stable-20061018 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Gentoo Linux Free Software Foundation texinfo 4.8a Free Software Foundation texinfo 4.8 Free Software Foundation texinfo 4.7 Free Software Foundation texinfo 4.6 Free Software Foundation texinfo 4.5 Free Software Foundation texinfo 4.4 Free Software Foundation texinfo 4.3 Free Software Foundation texinfo 4.2 Free Software Foundation texinfo 4.1 Free Software Foundation texinfo 4.0 Free Software Foundation texinfo 3.6 Free Software Foundation texinfo 3.5 Free Software Foundation texinfo 3.4 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: | |
Discussion
Texinfo File Handling Buffer Overflow Vulnerability
Texinfo is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to cause the affected applications using Texinfo to crash, denying service to legitimate users. Arbitrary code execution may also be possible, but this has not been confirmed.
Texinfo is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to cause the affected applications using Texinfo to crash, denying service to legitimate users. Arbitrary code execution may also be possible, but this has not been confirmed.
Exploit / POC
Texinfo File Handling Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Texinfo File Handling Buffer Overflow Vulnerability
Solution:
Please see the referenced advisory for available updates.
Free Software Foundation texinfo 4.8
Free Software Foundation texinfo 4.7
Trustix Secure Linux 2.2
VMWare ESX Server 3.0.1
Solution:
Please see the referenced advisory for available updates.
Free Software Foundation texinfo 4.8
-
Ubuntu info_4.8-4ubuntu0.1_amd64.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8-4ubuntu 0.1_amd64.deb -
Ubuntu info_4.8-4ubuntu0.1_i386.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8-4ubuntu 0.1_i386.deb -
Ubuntu info_4.8-4ubuntu0.1_powerpc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8-4ubuntu 0.1_powerpc.deb -
Ubuntu info_4.8-4ubuntu0.1_sparc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8-4ubuntu 0.1_sparc.deb -
Ubuntu info_4.8.dfsg.1-1ubuntu0.1_amd64.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8.dfsg.1- 1ubuntu0.1_amd64.deb -
Ubuntu info_4.8.dfsg.1-1ubuntu0.1_i386.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8.dfsg.1- 1ubuntu0.1_i386.deb -
Ubuntu info_4.8.dfsg.1-1ubuntu0.1_powerpc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8.dfsg.1- 1ubuntu0.1_powerpc.deb -
Ubuntu info_4.8.dfsg.1-1ubuntu0.1_sparc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.8.dfsg.1- 1ubuntu0.1_sparc.deb -
Ubuntu texinfo_4.8-4ubuntu0.1_amd64.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8-4ubu ntu0.1_amd64.deb -
Ubuntu texinfo_4.8-4ubuntu0.1_i386.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8-4ubu ntu0.1_i386.deb -
Ubuntu texinfo_4.8-4ubuntu0.1_powerpc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8-4ubu ntu0.1_powerpc.deb -
Ubuntu texinfo_4.8-4ubuntu0.1_sparc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8-4ubu ntu0.1_sparc.deb -
Ubuntu texinfo_4.8.dfsg.1-1ubuntu0.1_amd64.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.dfsg .1-1ubuntu0.1_amd64.deb -
Ubuntu texinfo_4.8.dfsg.1-1ubuntu0.1_i386.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.dfsg .1-1ubuntu0.1_i386.deb -
Ubuntu texinfo_4.8.dfsg.1-1ubuntu0.1_powerpc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.dfsg .1-1ubuntu0.1_powerpc.deb -
Ubuntu texinfo_4.8.dfsg.1-1ubuntu0.1_sparc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.8.dfsg .1-1ubuntu0.1_sparc.deb
Free Software Foundation texinfo 4.7
-
Ubuntu info_4.7-2.2ubuntu2.2_amd64.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.7-2.2ubun tu2.2_amd64.deb -
Ubuntu info_4.7-2.2ubuntu2.2_i386.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.7-2.2ubun tu2.2_i386.deb -
Ubuntu info_4.7-2.2ubuntu2.2_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.7-2.2ubun tu2.2_powerpc.deb -
Ubuntu info_4.7-2.2ubuntu2.2_sparc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.7-2.2ubun tu2.2_sparc.deb -
Ubuntu texinfo_4.7-2.2ubuntu2.2_amd64.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.7-2.2u buntu2.2_amd64.deb -
Ubuntu texinfo_4.7-2.2ubuntu2.2_i386.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.7-2.2u buntu2.2_i386.deb -
Ubuntu texinfo_4.7-2.2ubuntu2.2_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.7-2.2u buntu2.2_powerpc.deb -
Ubuntu texinfo_4.7-2.2ubuntu2.2_sparc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.7-2.2u buntu2.2_sparc.deb
Trustix Secure Linux 2.2
-
Trustix bind-9.3.2-5tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix bind-devel-9.3.2-5tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix bind-libs-9.3.2-5tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix bind-light-9.3.2-5tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix bind-light-devel-9.3.2-5tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix bind-utils-9.3.2-5tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix openssh-4.5p1-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix openssh-clients-4.5p1-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix openssh-server-4.5p1-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix openssh-server-config-4.5p1-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates
VMWare ESX Server 3.0.1
-
VMWare esx-2559638-patch.html
http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html
References
Texinfo File Handling Buffer Overflow Vulnerability
References:
References:
- RHSA-2006:0727-6 - texinfo security update (RedHat)
- Texinfo Home Page (Free Software Foundation)