106134 – (CVE-2005-2627) VUL-0: CVE-2005-2627: kismet: heap overflow leads to possible code execution

Bug 106134 (CVE-2005-2627) - VUL-0: CVE-2005-2627: kismet: heap overflow leads to possible code execution

Summary: VUL-0: CVE-2005-2627: kismet: heap overflow leads to possible code execution

Status:	RESOLVED FIXED

Alias:	CVE-2005-2627

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other All

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	http://www.gentoo.org/security/en/gls...
Whiteboard:	CVE-2005-2627: CVSS v2 Base Score: 7....
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-08-22 12:20 UTC by Thomas Biege
Modified:	2021-12-07 16:03 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Biege 2005-08-22 12:20:36 UTC

Hi,
looks like we need a full update.
http://www.gentoo.org/security/en/glsa/glsa-200508-10.xml

Comment 1 Thomas Biege 2005-08-22 12:24:08 UTC

CAN-2005-2626: attack via unprintable chars in SSID
CAN-2005-2627: integer overflows lead to heap overflow

Comment 2 Thomas Biege 2005-08-22 12:27:33 UTC

SM-Tracker-2103

Comment 3 Marian Jancar 2005-08-22 15:48:28 UTC

The author says he still doesn't know all the details, should we wait or go with
the update? In this situation it would meant update for all dists I'm afraid.

Comment 4 Andreas Jaeger 2005-08-22 15:53:46 UTC

Thomas, what do you suggest?

Comment 5 Thomas Biege 2005-08-23 06:38:49 UTC

The package is not worth the work of extracting a patch I think, so let's just
do a version upgrade.

Comment 6 Marcus Meissner 2005-08-24 17:01:59 UTC

aj?

Comment 7 Andreas Jaeger 2005-08-25 06:48:17 UTC

Go ahead.

Comment 8 Marian Jancar 2005-08-29 12:22:27 UTC

fixes submited

Comment 9 Thomas Biege 2005-08-29 12:30:42 UTC

SM-Tracker-2160

Comment 10 Thomas Biege 2005-08-29 12:32:54 UTC

/work/src/done/PATCHINFO/kismet.patch.box

Comment 11 Thomas Biege 2005-09-05 08:03:20 UTC

packages released

Comment 12 Thomas Biege 2005-09-05 08:03:35 UTC

closing...

Comment 13 Thomas Biege 2009-10-13 20:47:54 UTC

CVE-2005-2627: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)