teTeX Mkind.C Remote Buffer Overflow Vulnerability

Bugtraq ID:	23872
Class:	Boundary Condition Error
CVE:	CVE-2007-0650
Remote:	Yes
Local:	No
Published:	May 07 2007 12:00AM
Updated:	May 13 2008 01:35AM
Credit:	Mark Richters reported this issue.
Vulnerable:	teTeX teTeX 3.0 + Mandriva Linux Mandrake 2007.1 x86_64 + Mandriva Linux Mandrake 2007.1 + Mandriva Linux Mandrake 2007.0 x86_64 + Mandriva Linux Mandrake 2007.0 + Redhat Fedora Core6 teTeX teTeX 2.0.2 + Mandriva Linux Mandrake 10.1 x86_64 + Mandriva Linux Mandrake 10.1 + Mandriva Linux Mandrake 10.1 + Mandriva Linux Mandrake 10.1 + Mandriva Linux Mandrake 10.0 AMD64 + Mandriva Linux Mandrake 10.0 AMD64 + Mandriva Linux Mandrake 10.0 AMD64 + Mandriva Linux Mandrake 10.0 + Mandriva Linux Mandrake 10.0 + Mandriva Linux Mandrake 10.0 + rPath rPath Linux 1 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 + Ubuntu Ubuntu Linux 4.1 ia32 + Ubuntu Ubuntu Linux 4.1 ia32 teTeX teTeX 2.0.1 teTeX teTeX 2.0 teTeX teTeX 1.0.7 + Debian Linux 3.0 sparc + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 alpha + Debian Linux 3.0 + Debian Linux 3.0 + HP Secure OS software for Linux 1.0 + HP Secure OS software for Linux 1.0 + Immunix Immunix OS 7.0 beta + Immunix Immunix OS 7.0 beta + Immunix Immunix OS 7.0 + Immunix Immunix OS 7.0 + Immunix Immunix OS 6.2 + Immunix Immunix OS 6.2 + MandrakeSoft Corporate Server 1.0.1 + MandrakeSoft Corporate Server 1.0.1 + Mandriva Linux Mandrake 9.0 + Mandriva Linux Mandrake 9.0 + Mandriva Linux Mandrake 8.2 ppc + Mandriva Linux Mandrake 8.2 ppc + Mandriva Linux Mandrake 8.2 + Mandriva Linux Mandrake 8.2 + Mandriva Linux Mandrake 8.1 ia64 + Mandriva Linux Mandrake 8.1 ia64 + Mandriva Linux Mandrake 8.1 + Mandriva Linux Mandrake 8.1 + Mandriva Linux Mandrake 8.0 ppc + Mandriva Linux Mandrake 8.0 ppc + Mandriva Linux Mandrake 8.0 + Mandriva Linux Mandrake 8.0 + Mandriva Linux Mandrake 7.2 + Mandriva Linux Mandrake 7.2 + Mandriva Linux Mandrake 7.1 + Mandriva Linux Mandrake 7.1 + Redhat Desktop 3.0 + Redhat Desktop 3.0 + Redhat Enterprise Linux AS 3 + Redhat Enterprise Linux AS 3 + Redhat Enterprise Linux AS 2.1 IA64 + Redhat Enterprise Linux AS 2.1 IA64 + Redhat Enterprise Linux AS 2.1 + Redhat Enterprise Linux AS 2.1 + Redhat Enterprise Linux ES 3 + Redhat Enterprise Linux ES 3 + Redhat Enterprise Linux ES 2.1 IA64 + Redhat Enterprise Linux ES 2.1 IA64 + Redhat Enterprise Linux ES 2.1 + Redhat Enterprise Linux ES 2.1 + Redhat Enterprise Linux WS 3 + Redhat Enterprise Linux WS 2.1 IA64 + Redhat Enterprise Linux WS 2.1 IA64 + Redhat Enterprise Linux WS 2.1 + Redhat Enterprise Linux WS 2.1 + Redhat Linux 8.0 i386 + Redhat Linux 8.0 i386 + Redhat Linux 8.0 + Redhat Linux 8.0 + Redhat Linux 7.3 i386 + Redhat Linux 7.3 i386 + Redhat Linux 7.3 + Redhat Linux 7.3 + Redhat Linux 7.2 ia64 + Redhat Linux 7.2 ia64 + Redhat Linux 7.2 i386 + Redhat Linux 7.2 i386 + Redhat Linux 7.2 + Redhat Linux 7.2 + Redhat Linux 7.1 ia64 + Redhat Linux 7.1 ia64 + Redhat Linux 7.1 i386 + Redhat Linux 7.1 i386 + Redhat Linux 7.1 alpha + Redhat Linux 7.1 alpha + Redhat Linux 7.1 + Redhat Linux 7.1 + Redhat Linux 7.0 i386 + Redhat Linux 7.0 i386 + Redhat Linux 7.0 alpha + Redhat Linux 7.0 alpha + Redhat Linux 7.0 + Redhat Linux 7.0 + Redhat Linux Advanced Work Station 2.1 + Redhat Linux Advanced Work Station 2.1 teTeX teTeX 1.0.6 + Debian Linux 2.2 sparc + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 powerpc + Debian Linux 2.2 IA-32 + Debian Linux 2.2 arm + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + Debian Linux 2.2 68k + Debian Linux 2.2 + Debian Linux 2.2 + Redhat Linux 6.2 sparc + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha + Redhat Linux 6.2 alpha + Redhat Linux 6.2 + Redhat Linux 6.2 pTeX pTeX 3.1.10 Pardus Linux 2007.1 Gentoo Linux
Not Vulnerable:

teTeX Mkind.C Remote Buffer Overflow Vulnerability

teTeX is prone to a buffer-overflow vulnerability because it fails to sufficiently perform boundary checks on user-supplied input before copying it to an insufficiently sized memory buffer.

Remote attackers may exploit this issue by enticing victims into opening a malicious file using the affected application.

Attackers can exploit this issue to execute arbitrary code with the privileges of an unsuspecting user. A successful attack can facilitate the compromise of vulnerable computers. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects teTeX 2.0.2 and 3.0.0; other versions may also be vulnerable.

teTeX Mkind.C Remote Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

teTeX Mkind.C Remote Buffer Overflow Vulnerability

Solution:
Please see the references for more information.

teTeX Mkind.C Remote Buffer Overflow Vulnerability

References:

• Bugzilla Bug 225491: CVE-2007-0650 Multiple buffer overflows in teTeX's makeinde (RedHat)
  
• teTeX Homepage (teTeX)