Bug 90339 (CVE-2005-1686)

Summary: VUL-0: CVE-2005-1686: gedit format string bug
Product: [Novell Products] SUSE Security Incidents Reporter: Ludwig Nussel <lnussel>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: gnome-bugs, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard: CVE-2005-1686: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Ludwig Nussel 2005-06-10 07:19:25 UTC 
We received the following report via full-disclosure.
The issue is public.

Se also

http://bugzilla.gnome.org/show_bug.cgi?id=306800
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159657

Is gedit associated with any filetype by default?


Date: Thu, 9 Jun 2005 15:06:19 +0200
From: Martin Pitt <martin.pitt@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Subject: [Full-disclosure] [USN-138-1] gedit vulnerability

===========================================================
Ubuntu Security Notice USN-138-1	      June 09, 2005
gedit vulnerability
CAN-2005-1686
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

gedit

The problem can be corrected by upgrading the affected package to
version 2.8.1-0ubuntu1.1 (for Ubuntu 4.10) and 2.10.2-0ubuntu2 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user.

This becomes security relevant if e. g. your web browser is configued
to open URLs in gedit. If you never open untrusted file names or URLs
in gedit, this flaw does not affect you.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1-0ubuntu1.1.diff.gz
      Size/MD5:     9414 605064f69529dfef55e811a14c482c44
    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1-0ubuntu1.1.dsc
      Size/MD5:     1751 ef7f5d4ec7adf77d7fe0eca3df751456
    http://security.ubuntu.com/ubuntu/pool/main/g/gedit/gedit_2.8.1.orig.tar.gz
      Size/MD5:  4082500 38447bcce215ddc90205e60deee1f49a

[...]
Comment 1 Stanislav Brabec 2005-06-13 16:17:30 UTC 
Gedit is associated as default for text/plain.

Package gedit fixed for: sles9-sld-all 9.1-all 9.2-all 9.3-all

Package gedit2 fixed for: sles8-slec-all ul1-all 8.2-all 9.0-all 

For versions 2.10 and 2.8 patches from
http://bugzilla.gnome.org/show_bug.cgi?id=306800 were used. For older released,
parts of patch was backported.

Package gedit updated for: stable-all plus

Reassigning to security team. Please create patchinfos.
Comment 2 Ludwig Nussel 2005-06-14 14:53:32 UTC 
SM-Tracker-1557
Comment 3 Marcus Meissner 2005-06-21 11:33:51 UTC 
updates approved
Comment 4 Thomas Biege 2009-10-13 21:27:24 UTC 
CVE-2005-1686: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)