Bug#1068818: sngrep: CVE-2024-3119 CVE-2024-3120
Hi, On 21/4/24 21:58, Moritz Muehlenhoff wrote: > Hi Victor, > diff looks fine, but I don't believe this really needs a DSA; it's rather > obscure attack vector. > I think addressing this via the next Bookworm point release is perfectly > fine, what do you think? Fine for me. No objections from my side. > Procedure is outlined at > https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-case-uploads-to-the-stable-and-oldstable-distributions Ack.Thanks -- - | ,''`. Victor Seva | | : :' : linuxman...@torreviejawireless.org | | `. `' PGP: 8F19 CADC D42A 42D4 5563 730C 51A0 9B18 CF5A 5068 | |`- Debian Developer | - OpenPGP_signature.asc Description: PGP signature OpenPGP_0x7D7B65C42A0EC8B2.asc Description: application/pgp-keys
Bug#1068818: sngrep: CVE-2024-3119 CVE-2024-3120
On Sun, Apr 21, 2024 at 07:35:43PM +, Victor Seva wrote: > Hi, > > > I've just uploaded sngrep 1.8.1-1 to sid and prepared 1.6.0-1+deb12u1 for > bookworms-security [0]. > > Attached debdiff file. > > Waiting for you reply, > Victor > > [0] > https://salsa.debian.org/pkg-voip-team/sngrep/-/tags/debian%2F1.6.0-1+deb12u1 Hi Victor, diff looks fine, but I don't believe this really needs a DSA; it's rather obscure attack vector. I think addressing this via the next Bookworm point release is perfectly fine, what do you think? Procedure is outlined at https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-case-uploads-to-the-stable-and-oldstable-distributions Cheers, Moritz
Bug#1068818: sngrep: CVE-2024-3119 CVE-2024-3120
Source: sngrep X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for sngrep. CVE-2024-3119[0]: | A buffer overflow vulnerability exists in all versions of sngrep | since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' | SIP headers. The functions sip_get_callid and sip_get_xcallid in | sip.c use the strncpy function to copy header contents into fixed- | size buffers without checking the data length. This flaw allows | remote attackers to execute arbitrary code or cause a denial of | service (DoS) through specially crafted SIP messages. https://github.com/irontec/sngrep/commit/dd5fec92730562af6f96891291cd4e102b80bfcc (v1.8.1) CVE-2024-3120[1]: | A stack-buffer overflow vulnerability exists in all versions of | sngrep since v1.4.1. The flaw is due to inadequate bounds checking | when copying 'Content-Length' and 'Warning' headers into fixed-size | buffers in the sip_validate_packet and sip_parse_extra_headers | functions within src/sip.c. This vulnerability allows remote | attackers to execute arbitrary code or cause a denial of service | (DoS) via crafted SIP messages. https://github.com/irontec/sngrep/commit/f3f8ed8ef38748e6d61044b39b0dabd7e37c6809 (v1.8.1) If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-3119 https://www.cve.org/CVERecord?id=CVE-2024-3119 [1] https://security-tracker.debian.org/tracker/CVE-2024-3120 https://www.cve.org/CVERecord?id=CVE-2024-3120 Please adjust the affected versions in the BTS as needed.