Bug 828003 - (CVE-2013-2131) VUL-1: CVE-2013-2131: rrdtool: format string issue
(CVE-2013-2131)
VUL-1: CVE-2013-2131: rrdtool: format string issue
Status: RESOLVED FEATURE
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2013-2131:5.0:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-03 15:22 UTC by Marcus Meissner
Modified: 2020-06-29 06:23 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
imginfo format check patch (1.79 KB, patch)
2014-12-04 17:17 UTC, Kristyna Streitova
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2013-07-03 15:22:05 UTC
is public, via rh bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=969296

CVE-2013-2131

Thomas Pollet (thomas.pollet@gmail.com) reports:

Also, the rrdtool python module crashes on format string exploit
$ python -c "import rrdtool
rrdtool.graph('/tmp/out.png','-f','%n%n')"
Segmentation fault

upstream ticket:
https://github.com/oetiker/rrdtool-1.x/issues/396
Comment 1 Swamp Workflow Management 2013-07-03 22:00:20 UTC
bugbot adjusting priority
Comment 3 Kristyna Streitova 2014-12-04 17:17:18 UTC
Created attachment 615936 [details]
imginfo format check patch

Short summary: There is a following problem in rrdtool:

$ rrdtool graph /tmp/out.png -f '%n%n'
*** %n in writable segment detected ***
Aborted (core dumped)

There is a fix in upstream that adding check in order to prevent crash or exploit. This fix was merged to the trunk and released in RRDtool 1.4.9 - 2014-09-29.

I prepared patch for rrdtool 1.4.7 which suits for openSUSE 12.3, 13.1, 13.2, Factory, SLE11 and SLE12.

This patch was submitted to Factory (sr#264060) and to openSUSE 12.3, 13.1 and 13.2 as a maintenance update (mr#64061). Waiting for the call for SLE maintenance update.
Comment 4 Bernhard Wiedemann 2014-12-04 18:00:27 UTC
This is an autogenerated message for OBS integration:
This bug (828003) was mentioned in
https://build.opensuse.org/request/show/264061 13.2+13.1+12.3 / rrdtool
Comment 5 Kristyna Streitova 2014-12-05 13:23:37 UTC
As the patch is prepared, I'm closing this bug.
Comment 6 Swamp Workflow Management 2014-12-15 12:08:56 UTC
openSUSE-SU-2014:1646-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 828003
CVE References: CVE-2013-2131
Sources used:
openSUSE 13.2 (src):    rrdtool-1.4.7-20.4.1
openSUSE 13.1 (src):    rrdtool-1.4.7-13.4.1
openSUSE 12.3 (src):    rrdtool-1.4.7-8.4.1
Comment 12 Swamp Workflow Management 2017-01-10 20:08:35 UTC
SUSE-SU-2017:0103-1: An update that solves one vulnerability and has one errata is now available.

Category: security (low)
Bug References: 828003,967671
CVE References: CVE-2013-2131
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    rrdtool-1.4.7-20.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    rrdtool-1.4.7-20.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    rrdtool-1.4.7-20.1
SUSE Linux Enterprise Server 12-SP2 (src):    rrdtool-1.4.7-20.1
SUSE Linux Enterprise Server 12-SP1 (src):    rrdtool-1.4.7-20.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    rrdtool-1.4.7-20.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    rrdtool-1.4.7-20.1
Comment 13 Swamp Workflow Management 2018-02-13 17:20:11 UTC
This is an autogenerated message for OBS integration:
This bug (828003) was mentioned in
https://build.opensuse.org/request/show/576348 42.3 / rrdtool
Comment 14 Swamp Workflow Management 2018-02-19 14:14:59 UTC
openSUSE-SU-2018:0474-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1080251,828003
CVE References: CVE-2013-2131
Sources used:
openSUSE Leap 42.3 (src):    rrdtool-1.4.7-26.3.1