955194 – (CVE-2015-8107) VUL-1: CVE-2015-8107: a2ps(gnu) v4.14 format string vulnerability

Bug 955194 (CVE-2015-8107) - VUL-1: CVE-2015-8107: a2ps(gnu) v4.14 format string vulnerability

Summary: VUL-1: CVE-2015-8107: a2ps(gnu) v4.14 format string vulnerability

Status:	RESOLVED FIXED

Alias:	CVE-2015-8107

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assignee:	Dr. Werner Fink
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/158857/
Whiteboard:	CVSSv2:SUSE:CVE-2015-8107:4.1:(AV:L/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-11-16 13:45 UTC by Sebastian Krahmer
Modified:	2019-04-12 14:42 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
exploit.pro (2.97 KB, text/plain) 2015-11-16 14:06 UTC, Dr. Werner Fink	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2015-11-16 13:45:35 UTC

Very minor issue IMHO. Not sure a2ps is using unsafe mode anyway
and attackers who can provide prolog files may be executing
arbitrary code anyways?

Fixing in next release.

oss-sec:
"I am writing this to report a format string vulnerability in a2ps. (4.14, which is the latest version) Also I already have been assigned a CVE identifier from MITRE "CVE-2015-8107", so I want to make public this vulnerability.

- Target Platform
  Linux
- Target Version
  4.14 (Latest Version)
"

CVE-2015-8107



References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8107
http://seclists.org/oss-sec/2015/q4/284

Comment 1 Dr. Werner Fink 2015-11-16 14:05:06 UTC

To find the "exploit.pro" from http://seclists.org/oss-sec/2015/q4/284 this expolit has to installed in the appropiate system path!

After

  mkdir /suse/werner/.a2ps

and

  mv exploit.pro /suse/werner/.a2ps/

I see

  a2ps/a2ps-4.14> a2ps --prologue=exploit /etc/hosts -o /dev/null
  *** %n in writable segment detected ***
  Abort

that is our glibc is catching this.

Comment 2 Dr. Werner Fink 2015-11-16 14:06:30 UTC

Created attachment 656067 [details]
exploit.pro

Comment 3 Dr. Werner Fink 2015-11-16 14:22:30 UTC

You may report this upstream at the oss-sec

Comment 6 Dr. Werner Fink 2015-11-16 15:09:16 UTC

I have a fixed package for fatcory.  Is it possible to submit as AFAICS the bug is public.

Comment 7 Sebastian Krahmer 2015-11-16 15:17:37 UTC

Yes, its a public bug. No more submits than Factory needed
due to low severity.

Comment 8 Swamp Workflow Management 2015-11-16 23:00:50 UTC

bugbot adjusting priority

Comment 9 Dr. Werner Fink 2016-12-09 14:41:31 UTC

(In reply to Sebastian Krahmer from comment #7)

OK