Bug 48323 (CVE-2003-0855)

Summary: VUL-0: CVE-2003-0855: pan: remote denial-of-service
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Thomas Biege <thomas>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: drahn, hhetter, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2003-0855: CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: hopefully obsolete putonftp template
new patchinfo

Description Thomas Biege 2003-11-25 17:24:13 UTC 
Hi, 
this bug should be fixed in all affected version starting with 7.3. 
http://www.securityfocus.com/archive/1/345419 
 
A patchinfo file follows ASAP.
Comment 1 Thomas Biege 2003-11-25 17:24:13 UTC 
<!-- SBZ_reproduce  -->
-
Comment 2 Holger Hetterich 2003-11-25 18:10:06 UTC 
Here is the proposed patch:

--- pan/base/gnksa.c    20 Dec 2002 20:36:16 -0000      1.33
+++ pan/base/gnksa.c    25 Feb 2003 19:28:22 -0000      1.34
@@ -498,7 +498,7 @@
                  gint         * addrtype,
                  gboolean       strict)
 {
-       gchar * begin;
+       gchar * begin, * addr_buf_rangle;
        gchar * end;
        gchar * work;
        gchar * lparen;
@@ -528,8 +528,8 @@
  
                /* copy route address from inside the <> brackets */
                strncpy (addr_buf, begin+1, addr_max);
-               *strchr(addr_buf, '>') = '\0';
-
+               if (((addr_buf_rangle = strchr (addr_buf, '>'))) != NULL)
+                       *addr_buf_rangle = '\0';
                /* From: [plain-phrase space] "<" address ">" */
                *begin = '\0';
                if (strict) {


affected SuSE Versions:

SuSE Linux => 8.0
Comment 3 Holger Hetterich 2003-11-25 18:13:40 UTC 
pan (package gnpan) is not on any bussiness product.
Comment 4 Thomas Biege 2003-11-25 18:33:54 UTC 
Created attachment 15391 [details]
hopefully obsolete putonftp template
Comment 5 Thomas Biege 2003-11-25 18:34:28 UTC 
Created attachment 15392 [details]
new patchinfo
Comment 6 Holger Hetterich 2003-11-25 20:45:03 UTC 
9.0 contains version 1.14.0, which is not affected.

So I made packages ready for:
8.0
8.1
8.2

I will check this in tomorrow, when full hilbert functionality is back again.
Comment 7 Holger Hetterich 2003-11-27 18:51:45 UTC 
I won't write a terrible putonftp, because it's obsoleted, hopefully :)

Here is reworked patchinfo, that I'll submit:


DISTRIBUTION: 8.0-i386,8.1-i386,8.2-i386
PACKAGE: gnpan
PACKAGER: feedback@suse.de
INDICATIONS: These packages should be installed if the pan newsreader software
is used.
CATEGORY: security
DESCRIPTION:
Security Fix for a remote denial-of-dervice attack by sending a malformated header.
( CAN-2003-0855 )
DESCRIPTION_DE:
Security Fix fuer eine entfernt ausfuehrbare Denial-of-Service Attacke durch
Senden eines speziellen Headers.
( CAN-2003-0855 )
Comment 8 Holger Hetterich 2003-11-27 19:04:03 UTC 
patchinfo submitted as:
/work/src/done/PATCHINFO/gnpan.patchinfo-boxonly

packages for 8.0,8.1 and 8.2 submitted.
Comment 9 Thomas Biege 2003-11-27 21:27:44 UTC 
thanks!
Comment 10 Holger Hetterich 2003-11-28 16:24:02 UTC 
please close this as soon as the security team decides these packages to be approved
Comment 11 Thomas Biege 2003-11-28 19:19:53 UTC 
packages approved
Comment 12 Thomas Biege 2009-10-13 19:41:55 UTC 
CVE-2003-0855: CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)