www: d198e6e3: These URLs work, but the web pages they ...

markdoliner at pidgin.im markdoliner at pidgin.im
Sun Aug 7 02:56:02 EDT 2011


----------------------------------------------------------------------
Revision: d198e6e3f7ba07b4dedab10d412640d74c94ac23
Parent:   0410681335dad09815297c0c55ddbb16cacb73dd
Author:   markdoliner at pidgin.im
Date:     08/07/11 02:49:41
Branch:   im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/d198e6e3f7ba07b4dedab10d412640d74c94ac23

Changelog: 

These URLs work, but the web pages they link to all refert to "CVE-whatever"
And using CVE-whatever in the URL works, so I think we're better off using
CVE-whatever for all of them.

Changes against parent 0410681335dad09815297c0c55ddbb16cacb73dd

  patched  htdocs/news/security/index.php

-------------- next part --------------
============================================================
--- htdocs/news/security/index.php	74293b02f2df73aa3da7f191f7d1d35e114f70cc
+++ htdocs/news/security/index.php	cd0c9e8fecd7417d6e6dab45fd364d7710eb5675
@@ -24,7 +24,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "MSN strncpy buffer overflow",
 		"date"         => "22 August 2004",
-		"cve"          => "CAN-2004-0500",
+		"cve"          => "CVE-2004-0500",
 		"summary"      => "Possible for a remote MSN user to cause a buffer overflow.",
 		"description"  => "In two places in the MSN protocol plugins (object.c and slp.c), strncpy was used incorrectly; the size of the array was not checked before copying to it.  Both bugs affect MSN's MSNSLP protocol, which is peer-to-peer, so this could potentially be easy to exploit.",
 		"fix"          => "Bounds checking was added in both places.",
@@ -34,7 +34,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "Smiley theme installation lack of escaping",
 		"date"         => "22 August 2004",
-		"cve"          => "CAN-2004-0784",
+		"cve"          => "CVE-2004-0784",
 		"summary"      => "Dragging a carefully crafted smiley theme filename onto Gaim could cause arbitrary command execution.",
 		"description"  => "To install a new smiley theme, a user can drag a tarball from a graphical file manager, or a hypertext link to one from a web browser.  When a tarball is dragged, Gaim executes a shell command to untar it.  However, it does not escape the filename before sending it to the shell.  Thus, a specially crafted filename could execute arbitrary commands if the user could be convinced to drag a file into the smiley theme selector.",
 		"fix"          => "Filenames are now escaped using g_shell_quote().",
@@ -44,7 +44,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "Groupware message receive integer overflow",
 		"date"         => "26 August 2004",
-		"cve"          => "CAN-2004-0754",
+		"cve"          => "CVE-2004-0754",
 		"summary"      => "Carefully crafted messages could cause a buffer overflow.",
 		"description"  => "Integer overflow in memory allocation results in heap overflow.  By passing the size variable as ~0, integer overflows to 0 when 1 is added in g_alloc().   a malloc(0) call results in 16 bytes of memory being allocated on IA- 32.  Then we can overflow the heap when nm_read_all() is called next step.  usually cases like this suck for exploitation, because the len (~0) is so large that a following call to memcpy() or strcpy() will just run into kernel mem or unmapped address  and fault.  however in this case we read the data from the network via a read() call, so we can just stop sending data and close the connection to short out before ~0 bytes are read.  however, this is triggered by input from the server, not directly from a client.  someone running a malicious groupware server could leverage this to run arbitrary code on the client.",
 		"fix"          => "Bounds checking was added.",
@@ -54,7 +54,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "URL decode buffer overflow",
 		"date"         => "26 August 2004",
-		"cve"          => "CAN-2004-0785",
+		"cve"          => "CVE-2004-0785",
 		"summary"      => "Receiving exceedingly long URLs can cause a buffer overflow.",
 		"description"  => "Buffer overflow.  The URL is decoded into a static buffer of length 2048 bytes.  I'm not sure it's possible to receive a URL longer than 2048 bytes, as many protocols have message limits that are shorter than that.",
 		"fix"          => "A check to make sure the source string is shorter than 2048 bytes is performed.",
@@ -64,7 +64,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "Local hostname resolution buffer overflow",
 		"date"         => "26 August 2004",
-		"cve"          => "CAN-2004-0785",
+		"cve"          => "CVE-2004-0785",
 		"summary"      => "Possible buffer overflow when resolving the hostname of the local computer.",
 		"description"  => "Buffer overflow.  If the local computers host name is not in /etc/hosts, and the computer performs a DNS query to obtain it's hostname when signing on to zephyr, it could receive a reply with a hostname greater than MAXHOSTNAMELEN (generally 64 bytes).  If gethostbyname() does not ensure the size of hostent->h_name is less than MAXHOSTNAMELEN, this value would be copied to a buffer that is not large enough.",
 		"fix"          => "The calls to copy the hostname were replaced with calls that check the length of the destination buffer.",
@@ -74,7 +74,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "RTF message buffer overflow",
 		"date"         => "26 August 2004",
-		"cve"          => "CAN-2004-0785",
+		"cve"          => "CVE-2004-0785",
 		"summary"      => "Invalid rich text format messages could cause a buffer overflow.",
 		"description"  => "Buffer overflow.  There are some loops that read into fixed-sized buffers and do not check to make sure they are not writing too much.",
 		"fix"          => "Added bounds checking to the two loops.",
@@ -111,7 +111,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "MSN SLP buffer overflow",
 		"date"         => "19 October 2004",
-		"cve"          => "CAN-2004-0891",
+		"cve"          => "CVE-2004-0891",
 		"summary"      => "Buffer overflow when receiving unexpected sequence of MSN SLP messages",
 		"description"  => "Buffer overflow. memcpy was used without checking the size of the buffer before copying to it. Additionally, a logic flaw was causing the wrong buffer to be used as the destination for the copy under certain circumstances.",
 		"fix"          => "Correct the logic to select the correct buffer, and add bounds checking to prevent malformed messages causing a buffer overflow.",
@@ -121,7 +121,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "AIM/ICQ remote denial of service",
 		"date"         => "17 February 2005",
-		"cve"          => "CAN-2005-0472",
+		"cve"          => "CVE-2005-0472",
 		"summary"      => "Client freezes when receiving certain invalid messages",
 		"description"  => "Certain malformed SNAC packets sent by other AIM or ICQ users can trigger an infinite loop in Gaim when parsing the SNAC.  The remote user would need a custom client, able to generate malformed SNACs.",
 		"fix"          => "The OSCAR protocol plugin was modified to drop these malformed packets.",
@@ -131,7 +131,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "Remote DoS on receiving malformed HTML",
 		"date"         => "17 February 2005",
-		"cve"          => "CAN-2005-0473",
+		"cve"          => "CVE-2005-0473",
 		"summary"      => "Client crashes when receiving specific malformed HTML",
 		"description"  => "Remote crash. Receiving malformed HTML can result in an invalid memory access causing Gaim to crash.",
 		"fix"          => "The HTML parsing functions were modified to correctly parse the malformed HTML.",
@@ -141,7 +141,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "Remote DoS on receiving malformed HTML",
 		"date"         => "24 February 2005",
-		"cve"          => "CAN-2005-0208",
+		"cve"          => "CVE-2005-0208",
 		"summary"      => "Client crashes when receiving specific malformed HTML",
 		"description"  => "Remote crash. Receiving malformed HTML can result in an invalid memory access causing Gaim to crash.",
 		"fix"          => "The HTML parsing functions were modified to correctly parse the malformed HTML.",
@@ -151,7 +151,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "Remote DoS on receiving malformed HTML",
 		"date"         => "2 April 2005",
-		"cve"          => "CAN-2005-0965",
+		"cve"          => "CVE-2005-0965",
 		"summary"      => "Client crash when receiving specific malformed HTML",
 		"description"  => "The gaim_markup_strip_html function in Gaim 1.2.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a string that contains malformed HTML, which causes an out-of-bounds read.",
 		"fix"          => "The function was changed to not allow the out-of-bounds read.",
@@ -161,7 +161,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "Remote DoS on receiving certain messages over IRC",
 		"date"         => "2 April 2005",
-		"cve"          => "CAN-2005-0966",
+		"cve"          => "CVE-2005-0966",
 		"summary"      => "Client crash and other strange behavior when receiving specific messages over IRC",
 		"description"  => "The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.",
 		"fix"          => "The IRC protocol plugin was modified to escape appropriate messages passed to the Gaim core.",
@@ -171,7 +171,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "Jabber remote crash",
 		"date"         => "4 April 2005",
-		"cve"          => "CAN-2005-0967",
+		"cve"          => "CVE-2005-0967",
 		"summary"      => "A remote jabber user can cause Gaim to crash by sending a specific file transfer request.",
 		"description"  => "Sending a Gaim Jabber user a certain invalid file transfer request triggers an out-of-bounds read which causes Gaim to crash.",
 		"fix"          => "The invalid file transfer request is ignored.",
@@ -181,7 +181,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "Remote crash on some protocols",
 		"date"         => "10 May 2005",
-		"cve"          => "CAN-2005-1261",
+		"cve"          => "CVE-2005-1261",
 		"summary"      => "Specially crafted messages on certain protocols can cause a buffer overflow",
 		"description"  => "It is possible for a remote user to overflow a static buffer by sending an IM containing a very large URL (greater than 8192 bytes) to the Gaim user.  This is not possible on all protocols, due to message length restrictions.  Jabber are SILC are known to be vulnerable.",
 		"fix"          => "The URL parsing function was modified to not use a static buffer.",
@@ -191,7 +191,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "MSN Remote DoS",
 		"date"         => "10 May 2005",
-		"cve"          => "CAN-2005-1262",
+		"cve"          => "CVE-2005-1262",
 		"summary"      => "Remote denial of service when receiving a specially crafted MSN message",
 		"description"  => "Potential remote denial of service bug resulting from not checking a pointer for non-NULL before passing it to strncmp, which results in a crash.  This can be triggered by a remote client sending an SLP message with an empty body.",
 		"fix"          => "Check for NULL before attempting to use the pointer.",
@@ -201,7 +201,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "Remote Yahoo! crash",
 		"date"         => "10 June 2005",
-		"cve"          => "CAN-2005-1269",
+		"cve"          => "CVE-2005-1269",
 		"summary"      => "Remote denial of service on Yahoo!",
 		"description"  => "Remove denial of service when being offered files with names containing non-ASCII characters.",
 		"fix"          => "Attempt to convert the file name to a usable encoding, or fail gracefully in the case of an invalid file name.",
@@ -211,7 +211,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "MSN Remote DoS",
 		"date"         => "10 June 2005",
-		"cve"          => "CAN-2005-1934",
+		"cve"          => "CVE-2005-1934",
 		"summary"      => "Certain malformed MSN messages can cause gaim to crash",
 		"description"  => "Remote attackers can cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error.",
 		"fix"          => "Added a check for the invalid message.",
@@ -221,7 +221,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "Gadu-Gadu memory alignment bug",
 		"date"         => "11 August 2005",
-		"cve"          => "CAN-2005-2370",
+		"cve"          => "CVE-2005-2370",
 		"summary"      => "A memory alignment bug in the Gadu-Gadu protocol plugin can result in a buffer overflow",
 		"description"  => "There was a memory alignment bug in the library Gaim uses to access the Gadu-Gadu network.  This bug can not be exploited on x86 architectures.  This bug was recently fixed in the libgadu library, but also needed to be fixed in Gaim because Gaim includes a copy of the libgadu library.",
 		"fix"          => "The vulnerable section of code was modified to work correctly on all architectures.",
@@ -231,7 +231,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "AIM/ICQ non-UTF-8 filename crash",
 		"date"         => "11 August 2005",
-		"cve"          => "CAN-2005-2102",
+		"cve"          => "CVE-2005-2102",
 		"summary"      => "Invalid filenames can cause a crash on some systems",
 		"description"  => "A remote user could cause Gaim to crash on some systems by sending the Gaim user a file whose filename contains certain invalid characters.  It is unknown what combination of systems are affected, but it is suspected that Windows users and systems with older versions of GTK+ are especially susceptible.",
 		"fix"          => "The filename is validated as UTF-8 before Gaim attemps to display it.",
@@ -241,7 +241,7 @@ $vulnerabilities = array(
 	array(
 		"title"        => "AIM/ICQ away message buffer overflow",
 		"date"         => "11 August 2005",
-		"cve"          => "CAN-2005-2103",
+		"cve"          => "CVE-2005-2103",
 		"summary"      => "Remote users can cause a buffer overflow",
 		"description"  => "A remote AIM or ICQ user can cause a buffer overflow in Gaim by setting an away message containing many AIM substitution strings (such as %t or %n).",
 		"fix"          => "The substitution function was modified to use a dynamic buffer instead of one with a fixed size.",


More information about the Commits mailing list