SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Dillo Vendors:   dillo.org
(Gentoo Issues Fix) Dillo Format String Flaw in a_Interface_msg() May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012814
SecurityTracker URL:  http://securitytracker.com/id/1012814
CVE Reference:   CVE-2005-0012   (Links to External Site)
Date:  Jan 10 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.8.3 and prior versions
Description:   A format string vulnerability was reported in Dillo. A remote user may be able to cause arbitrary code to be executed on the target user's system.

The vendor reported a format string vulnerability in Dillo in the a_Interface_msg() function. A remote user can create specially crafted HTML that, when loaded using dillo, will trigger the flaw and potentially execute arbitrary code.

The flaw resides in 'capi.c'.

Tavis Ormandy reported this vulnerability.

Impact:   A remote user can create HTML that, when loaded by the target user, may execute arbitrary code on the target user's system with the privileges of the target user.
Solution:   Gentoo has released a fix and indicates that all Dillo users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/dillo-0.8.3-r4"

Vendor URL:  www.dillo.org/ (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Linux (Gentoo)

Message History:   This archive entry is a follow-up to the message listed below.
Jan 6 2005 Dillo Format String Flaw in a_Interface_msg() May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [gentoo-announce] [ GLSA 200501-11 ] Dillo: Format string vulnerability


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigEB1E23DDBCA2EF725255418C
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200501-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Dillo: Format string vulnerability
      Date: January 09, 2005
      Bugs: #76665
        ID: 200501-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Dillo is vulnerable to a format string bug, which may result in the
execution of arbitrary code.

Background
==========

Dillo is a small and fast multi-platform web browser based on GTK+.

Affected packages
=================

    -------------------------------------------------------------------
     Package           /  Vulnerable  /                     Unaffected
    -------------------------------------------------------------------
  1  www-client/dillo     < 0.8.3-r4                       >= 0.8.3-r4

Description
===========

Gentoo Linux developer Tavis Ormandy found a format string bug in
Dillo's handling of messages in a_Interface_msg().

Impact
======

An attacker could craft a malicious web page which, when accessed using
Dillo, would trigger the format string vulnerability and potentially
execute arbitrary code with the rights of the user running Dillo.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Dillo users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/dillo-0.8.3-r4"

References
==========

  [ 1 ] CAN-2005-0012
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0012

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200501-11.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


--------------enigEB1E23DDBCA2EF725255418C
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB4atYvcL1obalX08RAj+pAJ9S3vNgtuCacH9bHqxptfAPgdZJjwCgmkV6
ip2sYRKacQVswUIsRAcaFHQ=
=kuLG
-----END PGP SIGNATURE-----

--------------enigEB1E23DDBCA2EF725255418C--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC