[Pkg-dia-team] Bug#368202: sarge: dia: CVE-2006-2480 and CVE-2006-2453: format string vulnerability

Roland Stigge stigge at antcom.de
Sun Jun 4 17:46:39 UTC 2006


Martin Schulze wrote:
>> besides the upload to unstable, I've backported the upstream patch for
>> #368202. See attachment.
>>
>> Feel free to upload if appropriate.
> 
> We don't consider it approriate unless you provide us with an attack
> vector, i.e. automatic processing of files from untrusted source.

Consider a mail containing an attachment called

%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s.dia

Standard Mail software (e.g. Thunderbird) provides an "Open" function
for individual attachments, suggesting opening it with dia (MIME
registered etc.). The same applies to links in HTML pages on the Web as
well as in HTML mail. I don't have a complete working exploit that
directly leads to some shell code executed. Do you want to wait for that? ;)

bye,
  Roland




More information about the Pkg-dia-team mailing list