aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorsimon <simon@FreeBSD.org>2005-10-02 15:45:28 +0800
committersimon <simon@FreeBSD.org>2005-10-02 15:45:28 +0800
commit05077acefeaaac150099323d641332583015d13c (patch)
treee3f4f85da83a8c628ae6a3fa7f44eacca34bd6f6 /security
parent8c15dd2c2920eeb59ad0a01ee7e7ba8d5ce24ef7 (diff)
downloadfreebsd-ports-gnome-05077acefeaaac150099323d641332583015d13c.tar.gz
freebsd-ports-gnome-05077acefeaaac150099323d641332583015d13c.tar.zst
freebsd-ports-gnome-05077acefeaaac150099323d641332583015d13c.zip
Document picasm -- buffer overflow vulnerability.
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml33
1 files changed, 33 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 1ad3add10e3d..95ff1c6019ca 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,39 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="8a3ece40-3315-11da-a263-0001020eed82">
+ <topic>picasm -- buffer overflow vulnerability</topic>
+ <affects>
+ <package>
+ <name>picasm</name>
+ <range><lt>1.12c</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Shaun Colley reports:</p>
+ <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111661253517089">
+ <p>When generating error and warning messages, picasm copies
+ strings into fixed length buffers without bounds
+ checking.</p>
+ <p>If an attacker could trick a user into assembling a
+ source file with a malformed 'error' directive, arbitrary
+ code could be executed with the privileges of the user.
+ This could result in full system compromise.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <bid>13698</bid>
+ <cvename>CAN-2005-1679</cvename>
+ <mlist msgid="c522a35a0505200807744163c4@mail.gmail.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=111661253517089</mlist>
+ </references>
+ <dates>
+ <discovery>2005-05-20</discovery>
+ <entry>2005-10-02</entry>
+ </dates>
+ </vuln>
+
<vuln vid="1e606080-3293-11da-ac91-020039488e34">
<topic>uim -- privilege escalation vulnerability</topic>
<affects>