tags 408530 +security severity 408530 grave On Fri, Jan 26, 2007 at 04:34:32PM +0100, John Hughes wrote: > Package: libcapi20-3 > Version: 1:3.9.20060704-2.2 > Severity: important
> the bufprint routine used by capi_cmsg2str does an unbounded > vsprintf into a 8192 byte buffer, perhaps hoping it's big enough. If the content of that vsprintf can be controlled by remote peers, this may lead to a remote security hole for daemons using CAPI (pppd-capi-plugin, asterisk-chan-capi, capi4hylafax, ...). Or a DoS. If the content of that vsprintf can be controlled by local users making use of a system service (such as sending a fax, making a phone call, ...) that uses CAPI, this is a privilege escalation or remote authenticated user security hole, or a DoS. If someone determines this is not exploitable, feel free to remove security tag and take severity down to important again. -- Lionel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
