GLib Base64 Encoding/Decoding Integer Overflows May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1021884 |
|
SecurityTracker URL: http://securitytracker.com/id/1021884
|
|
CVE Reference:
CVE-2008-4316
(Links to External Site)
|
Date: Mar 24 2009
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): GLib prior to 2.20
|
Description:
A vulnerability was reported in GLib. A remote user can cause arbitrary code to be executed on the target system.
A remote user can submit specially crafted data that, when processed by the target application using GLib, will trigger an integer overflow and crash the application or potentially execute arbitrary code on the target system. The code will run with the privileges of the target application.
The vulnerability resides in Base64 encoding and decoding functions in 'glib/gbase64.c'.
Diego Petten reported this vulnerability.
The original advisory is available at:
http://www.ocert.org/advisories/ocert-2008-015.html
|
Impact:
A remote user can create data that, when processed by the target application, will crash the target application or execute arbitrary code on the target system.
|
Solution:
The vendor has issued a fixed version of GLib (2.20).
The vendor's advisory is available at:
http://svn.gnome.org/viewvc/glib?view=revision&revision=7973
|
Vendor URL: gtk.org/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 24 Mar 2009 09:58:07 -0500
Subject: Glib
|
http://svn.gnome.org/viewvc/glib?view=revision&revision=7973
* glib/gbase64.c: Avoid integer overflows in the base64
functions. Fixes CVE-2008-4316
|
|
