Bug 62857 - (CVE-2004-0980) VUL-0: CVE-2004-0980: ez-ipupdate: format string bug
(CVE-2004-0980)
VUL-0: CVE-2004-0980: ez-ipupdate: format string bug
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All Linux
: P3 - Medium : Normal
: ---
Assigned To: Thomas Biege
Security Team bot
CVE-2004-0980: CVSS v2 Base Score: 10...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-03 00:21 UTC by Thomas Biege
Modified: 2021-10-12 13:34 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2004-11-03 00:21:34 UTC
Hi Henne, 
the Debian folks posted this to vendor-sec (private). 
 
Date: Tue, 2 Nov 2004 09:06:07 +0100 
From: Thomas Biege <thomas@suse.de> 
To: Thomas Biege <thomas@suse.de> 
Subject: [joey@infodrom.org: [vendor-sec] CAN-2004-0980: Format string 
security vulnerability in ez-ipupdate] 
User-Agent: Mutt/1.5.6i 
 
----- Forwarded message from Martin Schulze <joey@infodrom.org> ----- 
 
From: Martin Schulze <joey@infodrom.org> 
To: vendor-sec@lst.de 
Cc: Ulf HÀrnhammar <Ulf.Harnhammar.9485@student.uu.se> 
User-Agent: Mutt/1.5.6+20040907i 
Subject: [vendor-sec] CAN-2004-0980: Format string security vulnerability in 
ez-ipupdate 
Errors-To: vendor-sec-admin@lst.de 
Date: Sun, 31 Oct 2004 10:34:12 +0100 
 
Hi, 
 
not sure if one of you is shipping ez-ipupdate but if you do, here's a 
heads up. 
 
Ulf HÀrnhammar discovered a format string vulnerability in 
ez-ipupdate, a client for many dynamic DNS services.  This problem can 
only be exploited if ez-ipupdate is running in daemon mode (most 
likely) but not in quiet mode (unlikely). 
 
I'm attaching the patch from Ulf. 
 
He will probably disclose this problem on Nov 3rd. 
 
-- 
This is GNU/Linux Country.  On a quiet night, you can hear Windows reboot. 
 
--- ez-ipupdate.c.old   2004-10-21 23:44:57.000000000 +0200 
+++ ez-ipupdate.c       2004-10-22 23:56:05.000000000 +0200 
@@ -805,7 +805,7 @@ 
     sprintf(buf, "message incomplete because your OS sucks: %s\n", fmt); 
 #endif 
 
-    syslog(LOG_NOTICE, buf); 
+    syslog(LOG_NOTICE, "%s", buf); 
   } 
   else 
   { 
 
 
----- End forwarded message -----
Comment 1 Thomas Biege 2004-11-03 00:21:34 UTC
<!-- SBZ_reproduce  -->
-
Comment 2 Hendrik Vogelsang 2004-11-03 01:17:47 UTC
its on 9.0, 9.1 and 9.2. Its the same sourcecode version. From 9.0 to 9.1 are
some additions like 

Tue Feb  3 17:34:05 CET 2004 - mmj@suse.de
 
- #include <time.h> for localtime() prototype

Mon Nov 17 14:24:52 CET 2003 - hvogel@suse.de
 
- patch /tmp out of the example config files. (#33161) 

i will release whats in STABLE for 9.0 - 9.2 ok?
Comment 3 Thomas Biege 2004-11-03 01:53:27 UTC
okidoki. reassign to me when you are done. 
Comment 4 Hendrik Vogelsang 2004-11-03 19:11:06 UTC
submitted.
Comment 5 Thomas Biege 2004-11-03 21:30:01 UTC
thx. 
 
CRD: 09. Nov 
Comment 6 Ludwig Nussel 2004-11-10 23:52:07 UTC
package approved 
Comment 7 Thomas Biege 2009-10-13 19:57:44 UTC
CVE-2004-0980: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)