Buffer overflow in gsec [CORE2928] #3311
Labels
affect-version: 2.0.0
affect-version: 2.0.1
affect-version: 2.0.2
affect-version: 2.0.3
affect-version: 2.0.4
affect-version: 2.0.5
affect-version: 2.1.0
affect-version: 2.1.1
affect-version: 2.1.2
affect-version: 2.1.3
affect-version: 2.5 Alpha 1
affect-version: 2.5 Beta 1
affect-version: 2.5 Beta 2
affect-version: 2.5 RC1
affect-version: 2.5 RC2
component: gsec
fix-version: 2.0.6
fix-version: 2.1.4
fix-version: 2.5 RC3
fix-version: 3.0 Alpha 1
priority: minor
qa: cannot be tested
type: bug
Submitted by: @AlexPeshkoff
For unknown reasons, gsec code copies value of password hash to internal user data structure during display operation. Since Fb2.0 (when hash became much longer than in 1.X) buffer for password, used for it, is not long enough. This is not security problem - because hash value never travels somewhere any more. This also can't cause any harm - because right after password field there are first, middle and last names, which are filled right after password. This is not exploitable. But anyway let's better fix it, specially taking into an account that this BOF is detected by fresh versions of glibc.
Commits: 9c9db87 d854a54 522fa7f bbc3b37
The text was updated successfully, but these errors were encountered: