Bug 1016171 - (CVE-2015-8979) VUL-1: CVE-2015-8979: DCMTK: remote stack buffer overflow [ZSL-2016-5384]
(CVE-2015-8979)
VUL-1: CVE-2015-8979: DCMTK: remote stack buffer overflow [ZSL-2016-5384]
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 42.3
: P4 - Low : Normal
: ---
Assigned To: E-Mail List
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-12-17 16:38 UTC by Mikhail Kasimov
Modified: 2020-01-13 10:10 UTC (History)
10 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2016-12-17 16:38:40 UTC
Reference: http://seclists.org/oss-sec/2016/q4/700
======================================================
"At several places in the code a wrong length of ACSE data structures
received over the network can cause overflows or underflows when processing
those data structures. Related checks have been added at various places in
order to prevent such (possible) attacks. Thanks to Kevin Basista for the
report."The bug will indeed affect all DCMTK-based server applications that
accept incoming DICOM network connections that are using the dcmtk-3.6.0
and earlier versions. Developers are advised to apply the
patched-DCMTK-3.6.1_20160216 fix commit from Dec 14,
2015.

[1] http://zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php
[2] https://bugs.gentoo.org/show_bug.cgi?id=602918

======================================================

Due to https://software.opensuse.org/package/dcmtk 3.6.0 is being in use.

From [1]:

PoC: http://zeroscience.mk/codes/storescp_bof.txt

Fix: https://github.com/commontk/DCMTK/commit/1b6bb76
Comment 1 Swamp Workflow Management 2016-12-17 23:00:43 UTC
bugbot adjusting priority
Comment 2 Mikhail Kasimov 2016-12-18 09:53:29 UTC
http://seclists.org/oss-sec/2016/q4/702 :
============================================================================
We did not see an efficient way to represent
1b6bb76073a0601b85e90d5b1a5f0c80efe9e7f8 as a set of independent
exploitable vulnerabilities. Thus, we are assigning one CVE ID for all
of the vulnerability information in the above three references. The
information all seems to be related to mishandling of "wrong length of
ACSE data structures received over the network" (typically a long
string sent to TCP port 4242).

Use CVE-2015-8979.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
============================================================================
Comment 3 Andreas Stieger 2018-04-10 09:06:15 UTC
I believe this still affects Leap 42.3.
Comment 4 Christophe Giboudeaux 2020-01-13 10:10:04 UTC
The supported Leap versions have the fix.