54184 – (CVE-2004-0409) VUL-0: CVE-2004-0409: Buffer overflow in Xchat SOCKS5 code

Bug 54184 (CVE-2004-0409) - VUL-0: CVE-2004-0409: Buffer overflow in Xchat SOCKS5 code

Summary: VUL-0: CVE-2004-0409: Buffer overflow in Xchat SOCKS5 code

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2004-04-20 18:26:59 UTC

CAN-2004-0409
http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html

Is this something for us?

Comment 1 Sebastian Krahmer 2004-04-20 18:26:59 UTC

<!-- SBZ_reproduce  -->
...

Comment 2 Mads Martin Joergensen 2004-04-21 18:01:53 UTC

Do we want to issue updates for older dists?

Comment 3 Sebastian Krahmer 2004-04-21 18:04:27 UTC

Yes.

Comment 4 Mads Martin Joergensen 2004-04-21 19:56:37 UTC

-       unsigned char buf[10];
+       unsigned char buf[260];

Such tiny change ... so much work ... I'll have them all done by the end of today.

Comment 5 Michael Schröder 2004-04-22 01:39:15 UTC

Don't forget SLES7-PPC aka 7.3 ;-)

Comment 6 Mads Martin Joergensen 2004-04-22 01:41:27 UTC

Submitted for 8.0, 8.1, 8.2, 9.0 and 9.1. Patchinfos for the box and the products
have also been made.

Comment 7 Mads Martin Joergensen 2004-04-22 01:43:57 UTC

Michael, it's not in is_maintained :)

Comment 8 Michael Schröder 2004-04-22 01:48:15 UTC

right. sorry.

Comment 9 Thomas Biege 2004-04-28 02:12:03 UTC

packages approve

Comment 10 Thomas Biege 2009-10-13 20:20:44 UTC

CVE-2004-0409: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)