[Secure-testing-team] inject-embedded-code-copies

Michael S Gilbert michael.s.gilbert at gmail.com
Mon Aug 24 01:11:51 UTC 2009 

On Mon, 24 Aug 2009 00:59:44 +0000 Michael Gilbert Michael wrote:
> introduction of inject-embedded-code-copies

hello, i've noticed that embedded code copies can be troublesome to
track, so i've developed a script that automatically adds TODOs for
known code copies to the CVE list.

i implemented both forward and reverse embeds, but i've commented out
the reverse embeds section that seems to generate a lot of false
positives.  maybe this could be of use to someone doing a manual triage.

anyway, running inject-embedded-code-copies generates about 400 changed
lines, and i didn't want to push such a big commit without warning.
following is a sampling of the changes that would be commited.  let me
know if i should go ahead with that.

also, i think it would be very useful to add this to set of scripts
that are automatically run.

mike

--- data/CVE/list	2009-08-23 14:07:04.000000000 -0400
+++ data/CVE/list.new	2009-08-23 20:55:32.000000000 -0400
@@ -925,6 +925,7 @@
 CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might
allow ...) {DSA-1857-1}
 	- camlimages 1:3.0.1-3 (medium; bug #540146)
+	TODO: check embedded camlimages code copy [- advi <unfixed>]
 CVE-2009-2657 (nilfs-utils before 2.0.14 installs multiple programs
with unnecessary ...)
 	- nilfs2-tools <not-affected> (dh_fixperms removes the setuid
and setgid bits from all files) CVE-2009-2656 (Unspecified
vulnerability in the com.android.phone process in Android ...) @@
-942,6 +943,7 @@ CVE-2009-XXXX [VLC: integer underflow in Real RTSP]
 	- vlc 1.0.1-1
 	- mplayer <unfixed>
+	TODO: check embedded mplayer code copy [- xine-lib <unfixed>]
 	NOTE: Posting on full-disclosure contains details
 CVE-2009-2655 (mshtml.dll in Microsoft Internet Explorer 7 and 8 on
Windows XP SP3 ...) NOT-FOR-US: Microsoft Internet Explorer
@@ -1415,11 +1417,13 @@
 	- neon27 0.28.6-1 (medium; bug #542926)
 	- neon26 <unfixed> (medium; bug #542926)
 	- neon <removed> (medium; bug #542926)
+	TODO: check embedded neon code copy [- gnome-vfs2 <unfixed>]
 CVE-2009-2473 [neon: billion laughs DoS attack]
 	RESERVED
 	- neon27 <not-affected> (neon27 is compiled to use libxml2
instead of expat)
 	- neon26 <not-affected> (neon26 is compiled to use libxml2
instead of expat)
 	- neon <removed>
+	TODO: check embedded neon code copy [- gnome-vfs2 <unfixed>]
 	[etch] - neon <not-affected> (neon is compiled to use libxml2
instead of expat)

More information about the Secure-testing-team mailing list