Bug 752802 (CVE-2010-2971) - VUL-0: CVE-2010-2971: libmikmod: incomplete fix for CVE-2009-3995 causes buffer over-read
Summary: VUL-0: CVE-2010-2971: libmikmod: incomplete fix for CVE-2009-3995 causes buff...
Status: RESOLVED DUPLICATE of bug 625547
Alias: CVE-2010-2971
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Deadline: 2012-05-08
Assignee: Hendrik Vogelsang
QA Contact: Security Team bot
URL:
Whiteboard: . maint:planned:update
Keywords:
Depends on:
Blocks:
 
Reported: 2012-03-19 08:55 UTC by Matthias Weckbecker
Modified: 2019-12-09 17:55 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Weckbecker 2012-03-19 08:55:56 UTC 
====================================================================
CVE-2010-2971

Description
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a
related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.

References
Note: [44]References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
* [45]MISC:http://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227
* [46]CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=614643
* DEBIAN:DSA-2081
* [47]URL:http://www.debian.org/security/2010/dsa-2081
* MANDRIVA:MDVSA-2010:151
* [48]URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:151
====================================================================
Comment 2 Swamp Workflow Management 2012-04-24 07:50:56 UTC 
The SWAMPID for this issue is 46982.
This issue was rated as moderate.
Please submit fixed packages until 2012-05-08.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 3 Hendrik Vogelsang 2012-05-08 11:22:44 UTC 
I'll take this one over
Comment 4 Matthias Weckbecker 2012-05-08 12:52:53 UTC 
cool, thank you!
Comment 5 Hendrik Vogelsang 2012-05-08 12:58:39 UTC 
AFAICS in #625547 it's stated that the correct fix is already submitted so what else is there to do?
Comment 6 Dirk Mueller 2012-06-04 16:04:29 UTC 
The fix for bug 752802 (aka this one) is missing.
Comment 7 Susanne Oberhauser-Hirschoff 2012-06-06 09:51:33 UTC 
Thx for the info.  Henne, can you check again?
Comment 8 Ludwig Nussel 2012-06-29 07:44:12 UTC 
the patch in 625547 fixes this issue here as well.

*** This bug has been marked as a duplicate of bug 625547 ***
Comment 9 Ludwig Nussel 2012-06-29 07:46:04 UTC 
cancelled swamp. 625547 stays on planned updates.