Bug 44511 (CVE-2003-0709) - VUL-0: CVE-2003-0709: whois: buffer overflow
Summary: VUL-0: CVE-2003-0709: whois: buffer overflow
Status: RESOLVED FIXED
Alias: CVE-2003-0709
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Major
Target Milestone: ---
Assignee: Thomas Biege
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2003-0709: CVSS v2 Base Score: 7....
Keywords:
Depends on:
Blocks:
 
Reported: 2003-08-28 20:40 UTC by Thomas Biege
Modified: 2021-09-27 13:09 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
patchinfo (627 bytes, text/plain)
2003-08-29 00:13 UTC, Thomas Biege 		Details
putonftp (210 bytes, text/plain)
2003-08-29 00:14 UTC, Thomas Biege 		Details
patchinfog (628 bytes, text/plain)
2003-08-29 00:50 UTC, Thomas Biege 		Details
putonftp (212 bytes, text/plain)
2003-08-29 00:51 UTC, Thomas Biege 		Details
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2003-08-28 20:40:31 UTC 
Hi, 
this should be fixed in SL9.0/STABLE 
 
http://www.zone-h.org/en/advisories/read/id=2925/
Comment 1 Thomas Biege 2003-08-28 20:40:31 UTC 
<!-- SBZ_reproduce  -->
whois -g $(perl -e 'printf "A" x 1022')
Comment 2 Petr Ostadal 2003-08-28 21:13:03 UTC 
OK I making patch, please send me p&p files.
Comment 3 Thomas Biege 2003-08-28 21:19:12 UTC 
Are they needed for SL9.0/STABLE?
Comment 4 Petr Ostadal 2003-08-28 21:48:00 UTC 
The bug was in older distribution too
Comment 5 Thomas Biege 2003-08-29 00:13:24 UTC 
Created attachment 13666 [details]
patchinfo
Comment 6 Thomas Biege 2003-08-29 00:14:03 UTC 
Created attachment 13667 [details]
putonftp
Comment 7 Petr Ostadal 2003-08-29 00:24:44 UTC 
Thomas,

the problem is not only with -g option, but with all options which take argument.

Could you change it in p&p please?
Comment 8 Thomas Biege 2003-08-29 00:50:43 UTC 
Created attachment 13669 [details]
patchinfog
Comment 9 Thomas Biege 2003-08-29 00:51:08 UTC 
Created attachment 13670 [details]
putonftp
Comment 10 Petr Ostadal 2003-09-01 18:54:03 UTC 
All were submited with p&p.
Comment 11 Thomas Biege 2003-09-10 19:09:02 UTC 
ok, we just need to wait for overloaded QA.
Comment 12 Roman Drahtmueller 2003-09-22 21:21:18 UTC 
Petr, is the fix in STABLE for 9.0?
QA, when can we have an estimate for this?
Comment 13 Petr Ostadal 2003-09-22 21:41:17 UTC 
Yes, the fix is in STABLE/9.0 too.
Comment 14 Thomas Biege 2003-09-27 01:21:50 UTC 
approved
Comment 15 Marcus Meissner 2007-11-09 19:44:52 UTC 
CVE-2003-0709
Comment 16 Thomas Biege 2009-10-13 19:38:40 UTC 
CVE-2003-0709: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)