Bugzilla – Bug 881055
VUL-1: CVE-2011-5280: boinc-client: DoS via stack-based buffer overflow
Last modified: 2020-05-12 17:42:11 UTC
Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to client/cs_trickle.cpp Detailed analysis of this issues can be found at http://www.openwall.com/lists/oss-security/2013/04/28/3 It's not clear if SLE11 (6.2.18) is affected by any of those issues. CVE-2013-2298 should be present in SLE12 and openSUSE:Factory. The second issue (no CVE, stack overflow in the client code by providing multiple file_signature elements) affects openSUSE:12.3 and openSUSE:13.1 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5280 http://www.openwall.com/lists/oss-security/2013/04/28/3 http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=5b04b249db166ec38c1ee99a9eadcaa300c0f454 http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=ae04b50a71f3e96ee1bc59b76fca97cf0fe976f7
Affected packages: SLE-11-SP3: boinc-client
bugbot adjusting priority
Fixing CVE-2013-2298 in SLE-11-SP3 is hard because of the issues described in bug 817777: the upstream patch is based on a version of boinc that has undergone non-trivial re-factoring relative to the version that we have. Adapting that patch to our code would be a major effort both for the packager and for QA. Is that the way we want to go forward? I'd be very happy to get some guidance from the security team with regard to that question. With regard to openSUSE:13.1, the situation is similar. Our code base is more recent and some parts of the upstream patch do apply, but still the relevant files lib/parser.cpp, lib/parse.h cause 9 out of 11 hunks and 9 out of 9 hunks to fail, respectively. Backporting the fix to this version is not going to be a trivial task either.
SLE11-SP3 is not supported anymore and boinc-client is not shipped in any supported codestream.