Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Buffer overflow in gsec [CORE2928] #3311

Closed
firebird-automations opened this issue Mar 17, 2010 · 4 comments
Closed

Buffer overflow in gsec [CORE2928] #3311

firebird-automations opened this issue Mar 17, 2010 · 4 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @AlexPeshkoff

For unknown reasons, gsec code copies value of password hash to internal user data structure during display operation. Since Fb2.0 (when hash became much longer than in 1.X) buffer for password, used for it, is not long enough. This is not security problem - because hash value never travels somewhere any more. This also can't cause any harm - because right after password field there are first, middle and last names, which are filled right after password. This is not exploitable. But anyway let's better fix it, specially taking into an account that this BOF is detected by fresh versions of glibc.

Commits: 9c9db87 d854a54 522fa7f bbc3b37

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.0.6 [ 10303 ]

Fix Version: 2.5 RC3 [ 10381 ]

Fix Version: 2.1.4 [ 10361 ]

Fix Version: 3.0 Alpha 1 [ 10331 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

QA Status: Cannot be tested

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment