Gentoo Archives: gentoo-announce

From: Raphael Marichez <falco@g.o>
To: gentoo-announce@g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200706-03 ] ELinks: User-assisted execution of arbitrary code
Date: Wed, 06 Jun 2007 21:18:05
Message-Id: 20070606205723.GC21985@falco.falcal.net
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200706-03
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: ELinks: User-assisted execution of arbitrary code
9 Date: June 06, 2007
10 Bugs: #177512
11 ID: 200706-03
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 A vulnerability has been discovered in ELinks allowing for the
19 user-assisted execution of arbitrary code.
20
21 Background
22 ==========
23
24 ELinks is a text-mode web browser.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 www-client/elinks < 0.11.2-r1 >= 0.11.2-r1
33
34 Description
35 ===========
36
37 Arnaud Giersch discovered that the "add_filename_to_string()" function
38 in file intl/gettext/loadmsgcat.c uses an untrusted relative path,
39 allowing for a format string attack with a malicious .po file.
40
41 Impact
42 ======
43
44 A local attacker could entice a user to run ELinks in a specially
45 crafted directory environment containing a malicious ".po" file,
46 possibly resulting in the execution of arbitrary code with the
47 privileges of the user running ELinks.
48
49 Workaround
50 ==========
51
52 There is no known workaround at this time.
53
54 Resolution
55 ==========
56
57 All ELinks users should upgrade to the latest version:
58
59 # emerge --sync
60 # emerge --ask --oneshot --verbose ">=www-client/elinks-0.11.2-r1"
61
62 References
63 ==========
64
65 [ 1 ] CVE-2007-2027
66 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2027
67
68 Availability
69 ============
70
71 This GLSA and any updates to it are available for viewing at
72 the Gentoo Security Website:
73
74 http://security.gentoo.org/glsa/glsa-200706-03.xml
75
76 Concerns?
77 =========
78
79 Security is a primary focus of Gentoo Linux and ensuring the
80 confidentiality and security of our users machines is of utmost
81 importance to us. Any security concerns should be addressed to
82 security@g.o or alternatively, you may file a bug at
83 http://bugs.gentoo.org.
84
85 License
86 =======
87
88 Copyright 2007 Gentoo Foundation, Inc; referenced text
89 belongs to its owner(s).
90
91 The contents of this document are licensed under the
92 Creative Commons - Attribution / Share Alike license.
93
94 http://creativecommons.org/licenses/by-sa/2.5