Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2009-0587 to a friend New vulnerability? New tool? Tell us	CVE-2009-0587 Glib and Glib-Predecessor Heap Overflows (Base64)     Credit: The information has been provided by Diego Petten. The original article can be found at: http://www.ocert.org/advisories/ocert-2008-015.html Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2009-0587 Details Check for CVE-2009-0587 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * GLib version 2.11 and newer  * GLib version 2.12 and newer  * gst-plugins-base version 0.10.23 and prior  * libsoup versions prior to 2.2.x  * libsoup versions prior to 2.24  * Evolution data server versions prior to 2.24.5 Immune Systems:  * GLib version 2.20 and newer (revision 7973 or newer)  * gst-plugins-base version 0.10.23 and newer (git change) In all cases when the Base64 functionality is used, heap memory is allocated using a length calculated with a user-supplied, platform-specifc value. It follows the pattern below:   g_malloc(user_supplied_length * 3 / 4 + some_small_num) Due to the evaluation order of arithmetic operations, the length is multiplied by 3 prior to division by 4. This will allow the calculated argument used for allocation length to overflow resulting in a region which is smaller than expected. Base64 encoding and decoding functions in glib suffer from vulnerabilities during memory allocation which may result in arbitrary code execution when processing large strings. A number of other GNOME-related applications are vulnerable due to the duplication of this flawed code. The following patches fix the issues:  * glib (CVE-2008-4316)  * gst-plugins-base (CVE-2009-0586)  * libcamel (evolution: CVE-2009-0587)  * evc (evolution: CVE-2009-0587)  * libsoup (CVE-2009-0585) Disclosure Timeline: 2008-10-22: vulnerability report received 2008-11-11: failed to contact gnome-upstream privately (ml, bugs) 2008-11-27: contacted vendor-sec as gnome-upstream 2008-11-28: thoger confirms and assigns initial CVE 2008-11-29: flameeyes notes other potentially affected libraries 2008-12-05: thoger supplies glib patch expands scope to include eds, gst 2009-01-14: patch review by mclasen; thoger analysis eds, soup 2009-01-26: gst-plugins-base detailed analysis by thoger 2009-02-22: gstreamer upstream contacted 2009-03-03: gst-plugins-base patch from upstream 2009-03-04: evolution data server lead contacted 2009-03-05: final embargo lift date settled 2009-03-12: glib. gst upstream patches public; advisory published  Comments on CVE-2009-0587:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®