Package: newsx
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for newsx.
CVE-2008-3252[0]:
| Stack-based buffer overflow in the read_article function in
| getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary
| code via a news article containing a large number of lines starting
| with a period.
There is a redhat bugreport[1] with more information and I've attached their
patch.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3252
http://security-tracker.debian.net/tracker/CVE-2008-3252
[1] https://bugzilla.redhat.com/show_bug.cgi?id=454483
diff -up newsx-1.6/src/getarticle.c.stack newsx-1.6/src/getarticle.c
--- newsx-1.6/src/getarticle.c.stack 2003-01-21 10:47:25.000000000 +0100
+++ newsx-1.6/src/getarticle.c 2008-07-12 23:02:35.000000000 +0200
@@ -143,12 +143,12 @@ read_article(long where,char *group)
long len;
long bytecount = 0L; /* BUG: */
- line=linebuf;
- line[MAX_HEADER_SIZE] = '\0'; /* better safe than sorry */
+ linebuf[MAX_HEADER_SIZE] = '\0'; /* better safe than sorry */
path_line[0] = '\0';
/* fetch the article, header and body */
for (;;) {
+ line=linebuf;
if (!get_server_msg(line, MAX_HEADER_SIZE)) {
/* timeout: simply give up */
return 0;
