Bug 54184 (CVE-2004-0409)

Summary: VUL-0: CVE-2004-0409: Buffer overflow in Xchat SOCKS5 code
Product: [Novell Products] SUSE Security Incidents Reporter: Sebastian Krahmer <krahmer>
Component: IncidentsAssignee: Sebastian Krahmer <krahmer>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: mls, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-0409: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Sebastian Krahmer 2004-04-20 18:26:59 UTC 
CAN-2004-0409
http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html

Is this something for us?
Comment 1 Sebastian Krahmer 2004-04-20 18:26:59 UTC 
<!-- SBZ_reproduce  -->
...
Comment 2 Mads Martin Joergensen 2004-04-21 18:01:53 UTC 
Do we want to issue updates for older dists?
Comment 3 Sebastian Krahmer 2004-04-21 18:04:27 UTC 
Yes.
Comment 4 Mads Martin Joergensen 2004-04-21 19:56:37 UTC 
-       unsigned char buf[10];
+       unsigned char buf[260];

Such tiny change ... so much work ... I'll have them all done by the end of today.
Comment 5 Michael Schröder 2004-04-22 01:39:15 UTC 
Don't forget SLES7-PPC aka 7.3 ;-)
Comment 6 Mads Martin Joergensen 2004-04-22 01:41:27 UTC 
Submitted for 8.0, 8.1, 8.2, 9.0 and 9.1. Patchinfos for the box and the products
have also been made.
Comment 7 Mads Martin Joergensen 2004-04-22 01:43:57 UTC 
Michael, it's not in is_maintained :)
Comment 8 Michael Schröder 2004-04-22 01:48:15 UTC 
right. sorry.
Comment 9 Thomas Biege 2004-04-28 02:12:03 UTC 
packages approve
Comment 10 Thomas Biege 2009-10-13 20:20:44 UTC 
CVE-2004-0409: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)