[Bug 684212] New: Zsh buffer overflow when large string supplied
https://bugzilla.novell.com/show_bug.cgi?id=684212 https://bugzilla.novell.com/show_bug.cgi?id=684212#c0 Summary: Zsh buffer overflow when large string supplied Classification: openSUSE Product: openSUSE 11.5 Version: Factory Platform: Other OS/Version: openSUSE 11.4 Status: NEW Severity: Major Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: vcizek@novell.com QAContact: qa@suse.de Found By: --- Blocker: --- Created an attachment (id=422541) --> (http://bugzilla.novell.com/attachment.cgi?id=422541) backtrace A large string supplied as a command argument in zsh causes a buffer overflow. How to reproduce: 1) run zsh 2) type in command followed by a large string (screen-sized string is enough) Example: zsh> ls <A very looong string> -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=684212 https://bugzilla.novell.com/show_bug.cgi?id=684212#c1 --- Comment #1 from Vitezslav Cizek <vcizek@novell.com> 2011-03-31 16:47:43 UTC --- Created an attachment (id=422542) --> (http://bugzilla.novell.com/attachment.cgi?id=422542) a suggested fix A patch like this solves the issue, however running grep shows a lot of other uses of the insecure function sprintf. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=684212 https://bugzilla.novell.com/show_bug.cgi?id=684212#c zj jia <zjjia@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zjjia@novell.com AssignedTo|bnc-team-screening@forge.pr |hvogel@novell.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=684212 https://bugzilla.novell.com/show_bug.cgi?id=684212#c2 Vitezslav Cizek <vcizek@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vcizek@novell.com --- Comment #2 from Vitezslav Cizek <vcizek@novell.com> 2011-07-26 11:48:48 CEST --- This bug is fixed in recent zsh versions. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=684212 https://bugzilla.novell.com/show_bug.cgi?id=684212#c3 Ismail Donmez <idonmez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |idonmez@suse.com Component|Basesystem |Basesystem Version|Factory |Final AssignedTo|hvogel@suse.com |bnc-team-screening@forge.pr | |ovo.novell.com Product|openSUSE 12.1 |openSUSE 11.4 --- Comment #3 from Ismail Donmez <idonmez@suse.com> 2011-10-19 08:57:15 UTC --- We fixed this for openSUSE 12.1, so I am setting product to 11.4 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=684212 https://bugzilla.novell.com/show_bug.cgi?id=684212#c4 kk zhang <kkzhang@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED CC| |kkzhang@novell.com Resolution| |NORESPONSE --- Comment #4 from kk zhang <kkzhang@novell.com> 2012-03-08 03:28:07 UTC --- Long time no response.So closed.Feel free to reopen it.Thanks. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=684212 https://bugzilla.novell.com/show_bug.cgi?id=684212#c5 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED CC| |suse-beta@cboltz.de Resolution|NORESPONSE | AssignedTo|bnc-team-screening@forge.pr |security-team@suse.de |ovo.novell.com | --- Comment #5 from Christian Boltz <suse-beta@cboltz.de> 2012-03-17 01:16:12 CET --- Nobody reassigning the bug to the responsible developer is not what "noresponse" is made for. Reopening and reassigning to the security team. The bug description looks like an update for 11.4 could make sense... (note that I'm judging only on the description - I never used zsh ;-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=684212 https://bugzilla.novell.com/show_bug.cgi?id=684212#c6 Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|security-team@suse.de |idonmez@suse.com --- Comment #6 from Ludwig Nussel <lnussel@suse.com> 2012-03-19 08:59:21 CET --- Hardly has security consequences. You'd have to set zsh setuid or allow users to pass arbitrary arguments via e.g. sudo which by itself would be wrong already. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com