Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2007-5740 format string vulnerability

Related Vulnerabilities: CVE-2007-5740  

Source

Debian Bug report logs - #448853
CVE-2007-5740 format string vulnerability

version graph

Package: perdition; Maintainer for perdition is Simon Horman <horms@debian.org>; Source for perdition is src:perdition (PTS, buildd, popcon).

Reported by: Nico Golde <nion@debian.org>

Date: Thu, 1 Nov 2007 12:48:02 UTC

Severity: grave

Tags: patch, security

Fixed in version 1.17.1-1

Done: Simon Horman <horms@verge.net.au>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Simon Horman <horms@debian.org>:
Bug#448853; Package perdition. (full text, mbox, link).

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Simon Horman <horms@debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>
To: submit@bugs.debian.org
Subject: format string vulnerability
Date: Thu, 1 Nov 2007 13:45:40 +0100
[Message part 1 (text/plain, inline)]
Package: perdition
Severity: grave
Tags: security

Hi,
"Perdition IMAPD is affected by a format string bug in one of its IMAP 
output-string formatting functions. The bug allows the execution of 
arbitrary code on the affected server. A successful exploit does not 
require prior authentication."

For more information see:
http://seclists.org/bugtraq/2007/Oct/0443.html

Solution: update to 0.17.1

A CVE id for this is pending.
Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Simon Horman <horms@debian.org>:
Bug#448853; Package perdition. (full text, mbox, link).

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Simon Horman <horms@debian.org>. (full text, mbox, link).

Message #10 received at 448853@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>
To: 448853@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: format string vulnerability
Date: Thu, 1 Nov 2007 13:49:22 +0100
[Message part 1 (text/plain, inline)]
tags 448853 + patch
thanks

Hi,
not 0.17.1 but 1.17.1, sorry.
A patch for this can be found on:
http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Tags added: patch Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Thu, 01 Nov 2007 12:51:06 GMT) (full text, mbox, link).

Changed Bug title to `CVE-2007-5740 format string vulnerability' from `format string vulnerability'. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Thu, 01 Nov 2007 12:54:04 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Simon Horman <horms@debian.org>:
Bug#448853; Package perdition. (full text, mbox, link).

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Simon Horman <horms@debian.org>. (full text, mbox, link).

Message #19 received at 448853@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>
To: 448853@bugs.debian.org
Subject: perdition format string vulnerability
Date: Thu, 1 Nov 2007 14:12:38 +0100
[Message part 1 (text/plain, inline)]
Hi,
this is CVE-2007-5740, if you fix this bug, please include 
the CVE id in your changelog.
Thanks
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Reply sent to Simon Horman <horms@verge.net.au>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. (full text, mbox, link).

Message #24 received at 448853-done@bugs.debian.org (full text, mbox, reply):

From: Simon Horman <horms@verge.net.au>
To: 448853-done@bugs.debian.org
Cc: Nico Golde <nion@debian.org>
Subject: Re: Processed: retitle 448853 to CVE-2007-5740 format string vulnerability
Date: Thu, 1 Nov 2007 22:20:18 +0900
Version: 1.17.1-1

Fixed in 1.17.1-1 which was uploaded earlier today.
Will also be fixed in packages that have been prepared for
stable and oldstable, 1.17-7etch4 and 1.15-5sarge1 respectively.

-- 
Horms
  H: http://www.vergenet.net/~horms/
  W: http://www.valinux.co.jp/en/

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 27 Dec 2007 07:30:04 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 14:58:40 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started