Bug 828003 (CVE-2013-2131)

Summary: VUL-1: CVE-2013-2131: rrdtool: format string issue
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FEATURE QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: astieger, kstreitova, meissner, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv2:SUSE:CVE-2013-2131:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) maint:planned:update
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: imginfo format check patch

Description Marcus Meissner 2013-07-03 15:22:05 UTC
is public, via rh bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=969296

CVE-2013-2131

Thomas Pollet (thomas.pollet@gmail.com) reports:

Also, the rrdtool python module crashes on format string exploit
$ python -c "import rrdtool
rrdtool.graph('/tmp/out.png','-f','%n%n')"
Segmentation fault

upstream ticket:
https://github.com/oetiker/rrdtool-1.x/issues/396
Comment 1 Swamp Workflow Management 2013-07-03 22:00:20 UTC
bugbot adjusting priority
Comment 3 Kristyna Streitova 2014-12-04 17:17:18 UTC
Created attachment 615936 [details]
imginfo format check patch

Short summary: There is a following problem in rrdtool:

$ rrdtool graph /tmp/out.png -f '%n%n'
*** %n in writable segment detected ***
Aborted (core dumped)

There is a fix in upstream that adding check in order to prevent crash or exploit. This fix was merged to the trunk and released in RRDtool 1.4.9 - 2014-09-29.

I prepared patch for rrdtool 1.4.7 which suits for openSUSE 12.3, 13.1, 13.2, Factory, SLE11 and SLE12.

This patch was submitted to Factory (sr#264060) and to openSUSE 12.3, 13.1 and 13.2 as a maintenance update (mr#64061). Waiting for the call for SLE maintenance update.
Comment 4 Bernhard Wiedemann 2014-12-04 18:00:27 UTC
This is an autogenerated message for OBS integration:
This bug (828003) was mentioned in
https://build.opensuse.org/request/show/264061 13.2+13.1+12.3 / rrdtool
Comment 5 Kristyna Streitova 2014-12-05 13:23:37 UTC
As the patch is prepared, I'm closing this bug.
Comment 6 Swamp Workflow Management 2014-12-15 12:08:56 UTC
openSUSE-SU-2014:1646-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 828003
CVE References: CVE-2013-2131
Sources used:
openSUSE 13.2 (src):    rrdtool-1.4.7-20.4.1
openSUSE 13.1 (src):    rrdtool-1.4.7-13.4.1
openSUSE 12.3 (src):    rrdtool-1.4.7-8.4.1
Comment 12 Swamp Workflow Management 2017-01-10 20:08:35 UTC
SUSE-SU-2017:0103-1: An update that solves one vulnerability and has one errata is now available.

Category: security (low)
Bug References: 828003,967671
CVE References: CVE-2013-2131
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    rrdtool-1.4.7-20.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    rrdtool-1.4.7-20.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    rrdtool-1.4.7-20.1
SUSE Linux Enterprise Server 12-SP2 (src):    rrdtool-1.4.7-20.1
SUSE Linux Enterprise Server 12-SP1 (src):    rrdtool-1.4.7-20.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    rrdtool-1.4.7-20.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    rrdtool-1.4.7-20.1
Comment 13 Swamp Workflow Management 2018-02-13 17:20:11 UTC
This is an autogenerated message for OBS integration:
This bug (828003) was mentioned in
https://build.opensuse.org/request/show/576348 42.3 / rrdtool
Comment 14 Swamp Workflow Management 2018-02-19 14:14:59 UTC
openSUSE-SU-2018:0474-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1080251,828003
CVE References: CVE-2013-2131
Sources used:
openSUSE Leap 42.3 (src):    rrdtool-1.4.7-26.3.1