Link Grammar SEPARATE_WORD Function Remote Buffer Overflow Vulnerability
BID:26365
Info
Link Grammar SEPARATE_WORD Function Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 26365 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5395 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 07 2007 12:00AM |
| Updated: | Dec 18 2007 08:06PM |
| Credit: | Alin Rad Pop discovered this vulnerability. |
| Vulnerable: |
Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Redhat Fedora 7 Link Grammar Link Grammar 4.1b Gentoo Linux Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 AbiSource Community Link Grammar 4.2.4 |
| Not Vulnerable: | |
Discussion
Link Grammar SEPARATE_WORD Function Remote Buffer Overflow Vulnerability
Link Grammar is prone to a stack-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted document with overly long words.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.
This issue affects Link Grammar 4.1b and AbiWord Link Grammar 4.2.4.
Please note that other versions of Link Grammar and other application that use Link Grammar may also be vulnerable.
Link Grammar is prone to a stack-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted document with overly long words.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.
This issue affects Link Grammar 4.1b and AbiWord Link Grammar 4.2.4.
Please note that other versions of Link Grammar and other application that use Link Grammar may also be vulnerable.
Exploit / POC
Link Grammar SEPARATE_WORD Function Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Link Grammar SEPARATE_WORD Function Remote Buffer Overflow Vulnerability
Solution:
Please see the references for more information.
Solution:
Please see the references for more information.
References
Link Grammar SEPARATE_WORD Function Remote Buffer Overflow Vulnerability
References:
References:
- AbiSource Link Grammar (AbiSource Community)
- Link Grammar (Link Grammar)
- Secunia Research: AbiWord Link Grammar separate_sentence() Buffer Overflow (Secunia)
- Secunia Research: Link Grammar separate_sentence() Buffer Overflow (Secunia)
- Secunia Research: AbiWord Link Grammar 'separate_sentence()' Buffer Overflow (Secunia Research)
- Secunia Research: Link Grammar 'separate_sentence()' Buffer Overflow (Secunia Research)