Bugzilla – Bug 942628
VUL-0: CVE-2015-5185: sblim-sfcb: lookupProviders() null pointer dereference
Last modified: 2017-12-04 15:12:46 UTC
rh#1255587 Qinghao Tang of QIHU 360 reports: The function lookupProviders() in sblim-sfcb of version 1.3.4 and 1.3.18 exists a null dereference vulnerability , a remote attacher can cause a denial of servise (sblim-sfcb crash) via a crafted packet without "className" info. Let`s see how this issue happened,the code below is from ./sblim-sfcb-1.3.18/providerMgr.c : static UtilList *lookupProviders(long type, char *className, char *nameSpace, CMPIStatus *st) { UtilList *lst; UtilHashTable **ht=provHt(type,1); char *id; int rc; _SFCB_ENTER(TRACE_PROVIDERMGR, "lookupProviders"); //here, className should be checked id=(char*)malloc(strlen(nameSpace)+strlen(className)+8); strcpy(id,nameSpace); strcat(id,"|"); ... } References: https://bugzilla.redhat.com/show_bug.cgi?id=1255587 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5185 http://seclists.org/oss-sec/2015/q3/414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5185
I've just checked all code streams and it looks like all of them are affected. SUSE:SLE-10-SP3:Update 1.3.2 SUSE:SLE-11-SP1:Update 1.3.7 SUSE:SLE-11-SP3:Update 1.3.11 SUSE:SLE-12:GA 1.4.8 openSUSE:13.2 1.4.8 openSUSE:13.1 1.3.17 openSUSE:Factory 1.4.9
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-09-04. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62270
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (942628) was mentioned in https://build.opensuse.org/request/show/328563 13.2 / sblim-sfcb
This is an autogenerated message for OBS integration: This bug (942628) was mentioned in https://build.opensuse.org/request/show/328564 13.1 / sblim-sfcb
Submitted packages.
openSUSE-SU-2015:1571-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 942628 CVE References: CVE-2015-5185 Sources used: openSUSE 13.2 (src): sblim-sfcb-1.4.8-4.4.1 openSUSE 13.1 (src): sblim-sfcb-1.3.17-2.3.1
SUSE-SU-2015:2116-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 942628 CVE References: CVE-2015-5185 Sources used: SUSE Linux Enterprise Server 12 (src): sblim-sfcb-1.4.8-5.3.3 SUSE Linux Enterprise Desktop 12 (src): sblim-sfcb-1.4.8-5.3.3
SUSE-SU-2015:2218-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 942628 CVE References: CVE-2015-5185 Sources used: SUSE Linux Enterprise Server for VMWare 11-SP3 (src): sblim-sfcb-1.3.11-0.25.4 SUSE Linux Enterprise Server 11-SP4 (src): sblim-sfcb-1.3.11-0.25.4 SUSE Linux Enterprise Server 11-SP3 (src): sblim-sfcb-1.3.11-0.25.4 SUSE Linux Enterprise Desktop 11-SP4 (src): sblim-sfcb-1.3.11-0.25.4 SUSE Linux Enterprise Desktop 11-SP3 (src): sblim-sfcb-1.3.11-0.25.4 SUSE Linux Enterprise Debuginfo 11-SP4 (src): sblim-sfcb-1.3.11-0.25.4 SUSE Linux Enterprise Debuginfo 11-SP3 (src): sblim-sfcb-1.3.11-0.25.4
released