Bug 48323 (CVE-2003-0855) - VUL-0: CVE-2003-0855: pan: remote denial-of-service
Summary: VUL-0: CVE-2003-0855: pan: remote denial-of-service
Status: RESOLVED FIXED
Alias: CVE-2003-0855
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Thomas Biege
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2003-0855: CVSS v2 Base Score: 7....
Keywords:
Depends on:
Blocks:
 
Reported: 2003-11-25 17:24 UTC by Thomas Biege
Modified: 2021-09-27 14:56 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
hopefully obsolete putonftp template (238 bytes, text/plain)
2003-11-25 18:33 UTC, Thomas Biege 		Details
new patchinfo (343 bytes, text/plain)
2003-11-25 18:34 UTC, Thomas Biege 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2003-11-25 17:24:13 UTC 
Hi, 
this bug should be fixed in all affected version starting with 7.3. 
http://www.securityfocus.com/archive/1/345419 
 
A patchinfo file follows ASAP.
Comment 1 Thomas Biege 2003-11-25 17:24:13 UTC 
<!-- SBZ_reproduce  -->
-
Comment 2 Holger Hetterich 2003-11-25 18:10:06 UTC 
Here is the proposed patch:

--- pan/base/gnksa.c    20 Dec 2002 20:36:16 -0000      1.33
+++ pan/base/gnksa.c    25 Feb 2003 19:28:22 -0000      1.34
@@ -498,7 +498,7 @@
                  gint         * addrtype,
                  gboolean       strict)
 {
-       gchar * begin;
+       gchar * begin, * addr_buf_rangle;
        gchar * end;
        gchar * work;
        gchar * lparen;
@@ -528,8 +528,8 @@
  
                /* copy route address from inside the <> brackets */
                strncpy (addr_buf, begin+1, addr_max);
-               *strchr(addr_buf, '>') = '\0';
-
+               if (((addr_buf_rangle = strchr (addr_buf, '>'))) != NULL)
+                       *addr_buf_rangle = '\0';
                /* From: [plain-phrase space] "<" address ">" */
                *begin = '\0';
                if (strict) {


affected SuSE Versions:

SuSE Linux => 8.0
Comment 3 Holger Hetterich 2003-11-25 18:13:40 UTC 
pan (package gnpan) is not on any bussiness product.
Comment 4 Thomas Biege 2003-11-25 18:33:54 UTC 
Created attachment 15391 [details]
hopefully obsolete putonftp template
Comment 5 Thomas Biege 2003-11-25 18:34:28 UTC 
Created attachment 15392 [details]
new patchinfo
Comment 6 Holger Hetterich 2003-11-25 20:45:03 UTC 
9.0 contains version 1.14.0, which is not affected.

So I made packages ready for:
8.0
8.1
8.2

I will check this in tomorrow, when full hilbert functionality is back again.
Comment 7 Holger Hetterich 2003-11-27 18:51:45 UTC 
I won't write a terrible putonftp, because it's obsoleted, hopefully :)

Here is reworked patchinfo, that I'll submit:


DISTRIBUTION: 8.0-i386,8.1-i386,8.2-i386
PACKAGE: gnpan
PACKAGER: feedback@suse.de
INDICATIONS: These packages should be installed if the pan newsreader software
is used.
CATEGORY: security
DESCRIPTION:
Security Fix for a remote denial-of-dervice attack by sending a malformated header.
( CAN-2003-0855 )
DESCRIPTION_DE:
Security Fix fuer eine entfernt ausfuehrbare Denial-of-Service Attacke durch
Senden eines speziellen Headers.
( CAN-2003-0855 )
Comment 8 Holger Hetterich 2003-11-27 19:04:03 UTC 
patchinfo submitted as:
/work/src/done/PATCHINFO/gnpan.patchinfo-boxonly

packages for 8.0,8.1 and 8.2 submitted.
Comment 9 Thomas Biege 2003-11-27 21:27:44 UTC 
thanks!
Comment 10 Holger Hetterich 2003-11-28 16:24:02 UTC 
please close this as soon as the security team decides these packages to be approved
Comment 11 Thomas Biege 2003-11-28 19:19:53 UTC 
packages approved
Comment 12 Thomas Biege 2009-10-13 19:41:55 UTC 
CVE-2003-0855: CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)