[8518] in bugtraq
catdoc-0.90 buffer overruns
daemon@ATHENA.MIT.EDU (Duncan Simpson)
Thu Nov 12 15:11:24 1998
Date: Wed, 11 Nov 1998 01:37:26 +0100
Reply-To: Duncan Simpson <dps@IO.STARGATE.CO.UK>
From: Duncan Simpson <dps@IO.STARGATE.CO.UK>
To: BUGTRAQ@NETSPACE.ORG
--==_Exmh_1048945481P
Content-Type: multipart/mixed ;
boundary="==_Exmh_10391748110"
This is a multipart MIME message.
--==_Exmh_10391748110
Content-Type: text/plain; charset=us-ascii
catdoc-0.90 is full of buffer overruns. The cloest things to a remote exploit
is a reported exploit document, of which I have not got a copy of to try. It
would is quite believable, given the level of buffer overruns, This could be a
security problem if catdoc is used with privilege users do not have for
automated indexing purposes or otherwise used with raised privilege.
There are lots of overruns for bad guys to exploit. I think the attached patch
fixes all of the bugs. The author has been sent this patch over a week ago and
received to response. (Even if nobody can think of an exploit situation having
buffer overruns is not cool).
--==_Exmh_10391748110
Content-Type: application/x-gzip ; name="catdoc-fix.gz"
Content-Description: catdoc-fix.gz
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="catdoc-fix.gz"
H4sICBbNSDYCA2NhdGRvYy1maXgAvVp5b9vGEv9b+hQbF2koibRFSb6kKEjqumgBOwksB+1D
bAgMubSIUCTFw0cDv8/+ZvamDlttgsegFrU7Ozs7x29mVnUchxS5v+d7ZZD6u7P/Nn7LIzKh
GXFd4vaG/d6w1yfu8fFRs9Pp1Egbl7OKvE9vCdkn3f6wdzTsH3DKt2+J47p9+5B0+Mfbt01C
70uaJ8SfeXmbzL1smnnlzCZtHChoyb6OFFmUlKSIbhKvrHI69WfU/1qfrJKvSXqXTL1iOqP3
o6Zzm0YBCaMkmIZRTC1kS9phFcd8Iz9NipLw0cSbU5uYI0jSGjU7383EFpL/TYEdYexy6gVT
oAujG8HVWIMDyAmpJ59+mVyev/vIVxTVl6IEPRnkbWKSN5267fzdICrKmlV6w8HBEA25xn5+
jXIwdPvDQV/br7dvH5AO/O11mfm4uO2pl9/cwuZ4Snz34f0nmgRR2Ozgv702mXghJbc0L6I0
IWlIijKHLS38yB6s12F0TwOmIfKlCt/Y5PXu7u6blvwk7b1mpyi9MvJryi2A6xQYTJEXH4Ll
XN3wAvzqxvCz+ncvaDU735odgg8uikcoL/saj0E4UKwFRCMxBiMJyss2QWZ8Eyd2XEUDQ5/l
8PX41VX31agBCjhNCnBaAq46j8CB4bR4JskV5WdMcbNGQyrsC/W9qqBqGxIVECX30byawyov
LzWTnEJQJEgJgjzCKche+7uePeRA+HPuRQnJ8vQm9+Zk20dy+JinPi0KWpA0K8H8hc18uSAi
yAvCPLggXgIugA4elRUSIgf0ukEPQWP/QGCG8KzVEJr8Z3J5en5xgnHwUxQGNCSfJqcXFydN
R0dvSecZi1I+Zd/Qkia31s7vH85Pd1poxW1pbeavaajIcDWJQmK11Qj51mS2WZJUzcOCR3bG
40P7GIHRhQ88JBgXdpsKFY3B6l/pNKcYQXSKAFDOMzmLXMKc0uWxplNk1Ocj4zp81MNPnTNM
87lXTplo9uTj6cn09K9LppTNnMwQVIxWVGMTg7dNTN5MZS/0Bi1A9Ki0MKKcnGax59M5Tcp/
c4SL049n6ghP8fpXhzC580OYWxjHIGI6KryyfLAYXqcgeZBWZauFTqJQW4TE9ritFiwj92DY
HWjkPujasLSDH/vMwQB2ZikACKJeO6F3Y9+L49S3xJnVZMvu7R/gGThA+uwtTpMbnnDhu8MR
LHsgFuoFYczISI7CNzl58vu7i8npJdMcm9cBh3+QRJKaZQCnZXoU05+71yzAEAEBaJ4Qooaz
a+UQQCoBXtKo3KqcQcy0nAFiPu4LBDflDJOawRGReiCYSnFXOIj0QHR6SKCqWM0RS4KTmuQr
yQJ8q7qZkSIDTwThQkiFD/JgjCGy3E7n6tSCqMV1uc4I7AmzHLwiRNemeW7vnHhJkkJWTb1A
oj15WRCHqZXgVJhWSXCV7MjtuafpfPb+09kZG3pUMYJrIT/EW8eIXrBUnfa7w+6RUZ0e2n2I
EfjYP2AxgpqlXg6FZoGRL6QGQcH3CQJWFEZgpBikQPMHUU79Ms0jWuzCQkxstUyoSkZSpgQw
pWRmiTCUQlTGDF+9DPIsqBHM/0RW/UHP3o+okH9YgRxH86hsNcm3+jwzP39fMAxg76DsaUGz
z73r8bdf/7iYTk4/2t1H7p61Qo5xdRyoqjBS3lMwWJpAtDyAgtGoV12mU+a+8NXKxqzpyEbZ
eNFxtW+TBRaE/iy3Mvvsj8kl7sixnT8YFAuG5Q0FI1oHmb1wMoyeBid0sjf8uLAAxtZFD9l5
xxQLURHSnKSQ+/MKyjB0ID+dZ3CKpITQ4VzZA3oro6SibOQR/2yUhCzDBoy+ZiIxdTS0t36G
metxl/GMx/BFqPKM416RkhDsAXgHU0qVELCExsAW1NdYgPpBLSJVG6Iw0deJKHwBp7Uc3JLu
dqjZUPW7YsCxckVsjd86QI1jyBfcjsUsC3casyxP5tRLoJKt8hy/SQR4MBgwsNTRwBzKOFQX
jrP7alQbc4W647ErdP0BPBbd3vPhmATMxQ4pq9zp9Hzy64fJdLqi+zVK94JgSu8p+2LoZoMp
NlA/YaD/j3kaug+QdnKImeX1EQRS8PphLUWtSmAGM84EDvdiLBCmJWlE0CJpLAKZj+BEY30g
I7pvFcuNWhgTHsjECEjoK4VAgiLudJT4j+Y54iWU+U7J6hCztN+K83Rim3C855Ebq+TOZPN8
bAsNM3Rb43GXx4dI/yNtXUzQ+0fYJB31bZdfPzB4ZNdAsu0RuUfdoNRyj2yNBKSzQVnFuL2j
65EeRnlweN/tXXO/EXG0VCW19ORTFa6RHAXnTSVuh6wWoYLkiRL07LkS9Ptr0CfPuFKDynIz
pt4tFE+1klTw204l6tCCqCV8iLXZckzlaGV3BJegyiyjG1ZedMjuII+P7SPjDgsxDoDCQpcS
/OR9k+kPbu/weqUeEa4hj8Fuw7AsHpkdxfLsysHkFZLcylqZ38pUslDhlYrYVMIXb+NkocJV
tsBcg3o5GvC7WVfcszw21S2ZkQOWiznGaFlVIpxQNwJwFM7aUtOilygSk8JUSkugh7lANwbi
ZvhR5QHZHsimfuv2QC9YbaHNy+se85uevLpWWFGUaYYvAqyw+qSF72U0QOAD+ExRw2yuSvD6
Ggxl9M61XgzsyfSg8Kume3lB3pLJ6p+v1B2dWCADyqhTVJkinw1tHe7Oe6KXBbZw5j20fPRV
jjDPXR6Bw25tHEm+bJru0D00Oreu3e+D73btgezcfliHVHNuniVZWhjv7MjL/LTiN3VWPdtU
yVeWeGVpbrY0S1fO2gJ3OZhqDiARJaYNwqwqC4vxtMXFkdZyLVmKQkhfKoPANhdG+BvuI1oZ
zvDVVfKKX0PpUhdMC+kkg5LzBiRiFbGYFdBHxuwHGxY9lr6948xUrcXlFlIowcVkm49jeDi1
JoqvWiwtEFWtEB9rR76+9WZJaY5UjBB1LPZvZ+KtYywYafK7GTqzlb3hVD///CIqWM6CVAP6
yVgbQ4wSJhsLhrVd99p3aY7G9kBaBzr7uxnFq/+U4La75M8IUJtd6+cVb0J5VnTMPj9kni81
Z8hruyt61Kr2LVT/BoJnTq+bhtp9QwbmybC+dBpPGLTxrATglw04qiWtMYIwAL72otNpoY0w
KpwGT0eOrCx5nGRj5qciapiVwCIvWDoUpS20ExzXhD2cuoc4Lkubv0U3mDZBMoiZuRclWPnq
qqQhamaxFmyuOmvVrmSiTWGdMphUtyeZ4MEyvg49gt0sX/QuCCBX7ZJz7x5KogALtCWpXcFD
4Mzy7LO/JzVI1hnHomk8975SkCpLEWZAVH7kAKv8kDCNiuvAhgkJQmyFCVIDG0BBXT1shQr6
qmOdF8lZAxfk0CZgwHuObWFhSdRnUEFSbwMKppQ1TIBm7jsAga/eCgkE6ZoA5DNPn1GFPifW
Ma/ZrrPW5i1Vayjt/UzgK8svhNFFV/nIKrwfls3Vr5onaQKNbllARRb5acAvV9AgcAA4kLqs
LuiioolPd2GF/PV6Bi2NuotlbekxFoaHPaMwfNQZHWsvqAVrgWH+TmRXPv4GJMpaTmyUZPX/
pcHMM7K0hmGs8Xeuru5fdgd/7diWLDNbwFr16brSFgsk9vCvUBlu4oAa+4WysE+w3NF3W1Jq
zkIWIPBf05wlX/DnT1Yh/w+rqeNSWiIAAA==
--==_Exmh_10391748110
Content-Type: text/plain; charset=us-ascii
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
--==_Exmh_10391748110--
--==_Exmh_1048945481P
Content-Type: application/pgp-signature
-----BEGIN PGP MESSAGE-----
Version: 2.6.3ia
iQCVAwUBNkjqU84kG9UPwSZpAQH5iAP/a3eMyZQW1MZLLzPhcOTAyLOUc6rR04fF
bkTBB/FcQQmd7jbKK6m+O28YKq5lvA2yhQ3Kosm404/VUBaQOQQd8RBnL8zwy7gF
JsRgkyxVG7ZXG8VCYhXPdFhKcgQ+DJuHgIoJwPzfgceI9bT+Mxnj+flBORE8ZfIG
HUZljEhtZyw=
=vl8r
-----END PGP MESSAGE-----
--==_Exmh_1048945481P--