Re: [Full-disclosure] [gif2png] long filename Buffer Overrun

2009-12-15 Thread Razuel Akaharnath 
lol... sadly that was not my intention and I basically had no idea about a
bugreport & a patched upstream version in debian as i am not a debian user.

peace


On Tue, Dec 15, 2009 at 1:29 AM, Jubei Trippataka
wrote:
>
>> On Mon, Dec 14, 2009 at 6:14 AM, Razuel Akaharnath wrote:
>>
>>> Oh I see, Funny... this needs to be brought in notice of the original
>>> creator to fix the upstream version.
>>>
>>>
>> Posting other peoples bugs for fame! HAHAHAHAHAHAHA.
>>
>> Love your tekneeqz!
>>
>> --
>> ciao
>>
>> JT
>>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [gif2png] long filename Buffer Overrun

2009-12-13 Thread Razuel Akaharnath 
Oh I see, Funny... this needs to be brought in notice of the original
creator to fix the upstream version.

#razuel
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [gif2png] long filename Buffer Overrun

2009-12-13 Thread Razuel Akaharnath 
I see, well according to the bug report, its fixed in 2.5.2-1. I tested that
version itself and sadly the fix isn't there.

On Sun, Dec 13, 2009 at 1:29 AM, Patroklos Argyroudis
wrote:

> On Sat, Dec 12, 2009 at 10:59:28PM +0200, Razuel Akaharnath wrote:
> > DESCRIPTION:
> > "The gif2png program converts files from the obsolescent Graphic
> Interchange
> > Format to Portable Network Graphics <http://www.libpng.org/pub/png/>.
> The
> > conversion preserves all graphic information, including transparency,
> > perfectly. The gif2png program can even recover data from corrupted
> GIFs."
> >
> > homepage: http://catb.org/~esr/gif2png/<http://catb.org/%7Eesr/gif2png/><
> http://catb.org/%7Eesr/gif2png/>
> >
> > VULNERABILITY:
> > gif2png does not perform proper bounds checking on the size of input
> > filename. The buffer (1025 in size) is easily overrun with a strcpy
> > function.
> >
> > AFFECTED VERSION:
> > latest: 2.5.2
>
> I have reported this to Debian about two months ago:
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978
>
> --
> Patroklos Argyroudis
> http://www.census-labs.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [gif2png] long filename Buffer Overrun

2009-12-12 Thread Razuel Akaharnath 
DESCRIPTION:
"The gif2png program converts files from the obsolescent Graphic Interchange
Format to Portable Network Graphics . The
conversion preserves all graphic information, including transparency,
perfectly. The gif2png program can even recover data from corrupted GIFs."

homepage: http://catb.org/~esr/gif2png/ 

VULNERABILITY:
gif2png does not perform proper bounds checking on the size of input
filename. The buffer (1025 in size) is easily overrun with a strcpy
function.

AFFECTED VERSION:
latest: 2.5.2

POC:
$> ./gif2png $(perl -e 'print "A" x 1053')


#Razuel
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/