[Pkg-dia-team] Bug#368202: sarge: dia: CVE-2006-2480 and
CVE-2006-2453: format string vulnerability
Roland Stigge
stigge at antcom.de
Sun Jun 4 17:46:39 UTC 2006
Martin Schulze wrote:
>> besides the upload to unstable, I've backported the upstream patch for
>> #368202. See attachment.
>>
>> Feel free to upload if appropriate.
>
> We don't consider it approriate unless you provide us with an attack
> vector, i.e. automatic processing of files from untrusted source.
Consider a mail containing an attachment called
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s.dia
Standard Mail software (e.g. Thunderbird) provides an "Open" function
for individual attachments, suggesting opening it with dia (MIME
registered etc.). The same applies to links in HTML pages on the Web as
well as in HTML mail. I don't have a complete working exploit that
directly leads to some shell code executed. Do you want to wait for that? ;)
bye,
Roland
More information about the Pkg-dia-team
mailing list