Re: [Full-disclosure] [gif2png] long filename Buffer Overrun
lol... sadly that was not my intention and I basically had no idea about a bugreport a patched upstream version in debian as i am not a debian user. peace On Tue, Dec 15, 2009 at 1:29 AM, Jubei Trippataka vpn.1.fana...@gmail.comwrote: On Mon, Dec 14, 2009 at 6:14 AM, Razuel Akaharnath raz...@gmail.comwrote: Oh I see, Funny... this needs to be brought in notice of the original creator to fix the upstream version. Posting other peoples bugs for fame! HAHAHAHAHAHAHA. Love your tekneeqz! -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [gif2png] long filename Buffer Overrun
Razuel Akaharnath wrote: I see, well according to the bug report, its fixed in 2.5.2-1. I tested that version itself and sadly the fix isn't there. The Debian maintainer added a patch to fix it, not upstream. It is fixed. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [gif2png] long filename Buffer Overrun
On Mon, Dec 14, 2009 at 6:14 AM, Razuel Akaharnath raz...@gmail.com wrote: Oh I see, Funny... this needs to be brought in notice of the original creator to fix the upstream version. Posting other peoples bugs for fame! HAHAHAHAHAHAHA. Love your tekneeqz! -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [gif2png] long filename Buffer Overrun
On Sat, Dec 12, 2009 at 10:59:28PM +0200, Razuel Akaharnath wrote: DESCRIPTION: The gif2png program converts files from the obsolescent Graphic Interchange Format to Portable Network Graphics http://www.libpng.org/pub/png/. The conversion preserves all graphic information, including transparency, perfectly. The gif2png program can even recover data from corrupted GIFs. homepage: http://catb.org/~esr/gif2png/ http://catb.org/%7Eesr/gif2png/ VULNERABILITY: gif2png does not perform proper bounds checking on the size of input filename. The buffer (1025 in size) is easily overrun with a strcpy function. AFFECTED VERSION: latest: 2.5.2 I have reported this to Debian about two months ago: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978 -- Patroklos Argyroudis http://www.census-labs.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [gif2png] long filename Buffer Overrun
I see, well according to the bug report, its fixed in 2.5.2-1. I tested that version itself and sadly the fix isn't there. On Sun, Dec 13, 2009 at 1:29 AM, Patroklos Argyroudis a...@census-labs.comwrote: On Sat, Dec 12, 2009 at 10:59:28PM +0200, Razuel Akaharnath wrote: DESCRIPTION: The gif2png program converts files from the obsolescent Graphic Interchange Format to Portable Network Graphics http://www.libpng.org/pub/png/. The conversion preserves all graphic information, including transparency, perfectly. The gif2png program can even recover data from corrupted GIFs. homepage: http://catb.org/~esr/gif2png/http://catb.org/%7Eesr/gif2png/ http://catb.org/%7Eesr/gif2png/ VULNERABILITY: gif2png does not perform proper bounds checking on the size of input filename. The buffer (1025 in size) is easily overrun with a strcpy function. AFFECTED VERSION: latest: 2.5.2 I have reported this to Debian about two months ago: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978 -- Patroklos Argyroudis http://www.census-labs.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [gif2png] long filename Buffer Overrun
Hi, * Razuel Akaharnath raz...@gmail.com [2009-12-13 15:07]: I see, well according to the bug report, its fixed in 2.5.2-1. I tested that version itself and sadly the fix isn't there. Debian version 2.5.2-1 is not, upstream 2.5.2 is. Cheers Nico -- Nico Golde - JAB: n...@jabber.ccc.de | GPG: 0x73647CFF Forget about that mouse with 3/4/5 buttons - gimme a keyboard with 103/104/105 keys! pgpVJj7QmcM3j.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [gif2png] long filename Buffer Overrun
Oh I see, Funny... this needs to be brought in notice of the original creator to fix the upstream version. #razuel ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [gif2png] long filename Buffer Overrun
DESCRIPTION: The gif2png program converts files from the obsolescent Graphic Interchange Format to Portable Network Graphics http://www.libpng.org/pub/png/. The conversion preserves all graphic information, including transparency, perfectly. The gif2png program can even recover data from corrupted GIFs. homepage: http://catb.org/~esr/gif2png/ http://catb.org/%7Eesr/gif2png/ VULNERABILITY: gif2png does not perform proper bounds checking on the size of input filename. The buffer (1025 in size) is easily overrun with a strcpy function. AFFECTED VERSION: latest: 2.5.2 POC: $ ./gif2png $(perl -e 'print A x 1053') #Razuel ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/