Bug 62857 – VUL-0: CVE-2004-0980: ez-ipupdate: format string bug

Bug 62857 - (CVE-2004-0980) VUL-0: CVE-2004-0980: ez-ipupdate: format string bug

(CVE-2004-0980)
Summary:	VUL-0: CVE-2004-0980: ez-ipupdate: format string bug

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	All Linux

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Thomas Biege
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2004-0980: CVSS v2 Base Score: 10...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2004-11-03 00:21 UTC by Thomas Biege
Modified:	2021-10-12 13:34 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Biege 2004-11-03 00:21:34 UTC

Hi Henne, 
the Debian folks posted this to vendor-sec (private). 

Date: Tue, 2 Nov 2004 09:06:07 +0100 
From: Thomas Biege <thomas@suse.de> 
To: Thomas Biege <thomas@suse.de> 
Subject: [joey@infodrom.org: [vendor-sec] CAN-2004-0980: Format string 
security vulnerability in ez-ipupdate] 
User-Agent: Mutt/1.5.6i 

----- Forwarded message from Martin Schulze <joey@infodrom.org> ----- 

From: Martin Schulze <joey@infodrom.org> 
To: vendor-sec@lst.de 
Cc: Ulf HÃ€rnhammar <Ulf.Harnhammar.9485@student.uu.se> 
User-Agent: Mutt/1.5.6+20040907i 
Subject: [vendor-sec] CAN-2004-0980: Format string security vulnerability in 
ez-ipupdate 
Errors-To: vendor-sec-admin@lst.de 
Date: Sun, 31 Oct 2004 10:34:12 +0100 

Hi, 

not sure if one of you is shipping ez-ipupdate but if you do, here's a 
heads up. 

Ulf HÃ€rnhammar discovered a format string vulnerability in 
ez-ipupdate, a client for many dynamic DNS services.  This problem can 
only be exploited if ez-ipupdate is running in daemon mode (most 
likely) but not in quiet mode (unlikely). 

I'm attaching the patch from Ulf. 

He will probably disclose this problem on Nov 3rd. 

-- 
This is GNU/Linux Country.  On a quiet night, you can hear Windows reboot. 

--- ez-ipupdate.c.old   2004-10-21 23:44:57.000000000 +0200 
+++ ez-ipupdate.c       2004-10-22 23:56:05.000000000 +0200 
@@ -805,7 +805,7 @@ 
     sprintf(buf, "message incomplete because your OS sucks: %s\n", fmt); 
 #endif 

-    syslog(LOG_NOTICE, buf); 
+    syslog(LOG_NOTICE, "%s", buf); 
   } 
   else 
   { 

----- End forwarded message -----

Comment 1 Thomas Biege 2004-11-03 00:21:34 UTC

<!-- SBZ_reproduce  -->
-

Comment 2 Hendrik Vogelsang 2004-11-03 01:17:47 UTC

its on 9.0, 9.1 and 9.2. Its the same sourcecode version. From 9.0 to 9.1 are
some additions like 

Tue Feb  3 17:34:05 CET 2004 - mmj@suse.de
 
- #include <time.h> for localtime() prototype

Mon Nov 17 14:24:52 CET 2003 - hvogel@suse.de
 
- patch /tmp out of the example config files. (#33161) 

i will release whats in STABLE for 9.0 - 9.2 ok?

Comment 3 Thomas Biege 2004-11-03 01:53:27 UTC

okidoki. reassign to me when you are done.

Comment 4 Hendrik Vogelsang 2004-11-03 19:11:06 UTC

submitted.

Comment 5 Thomas Biege 2004-11-03 21:30:01 UTC

thx. 
 
CRD: 09. Nov

Comment 6 Ludwig Nussel 2004-11-10 23:52:07 UTC

package approved

Comment 7 Thomas Biege 2009-10-13 19:57:44 UTC

CVE-2004-0980: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)