Processed: Re: Bug#729277: pvm-dev: buffer overflow in trcsort

2013-11-11 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > severity 729277 normal Bug #729277 [pvm-dev] pvm-dev: buffer overflow in trcsort Severity set to 'normal' from 'grave' > merge 729277 716396 Bug #729277 [pvm-dev] pvm-dev: buffer overflow in trcsort Bug #716396 [pvm-dev] [Mayhem] Bug report on pvm

Bug#729277: pvm-dev: buffer overflow in trcsort

2013-11-11 Thread Steinar H. Gunderson
severity 729277 normal merge 729277 716396 thanks On Mon, Nov 11, 2013 at 09:06:24AM -0500, Sang Kil Cha wrote: >> So this is essentially the same bug as #716396, which was already reported by >> other members of the same team? > I concur. We thought they are different bugs, but it was our mistake

Bug#729277: pvm-dev: buffer overflow in trcsort

2013-11-11 Thread Sang Kil Cha
Hi, I was running a tool called Mayhem on linux binaries to find vulnerabilities. Basically, I am sending reports to this mailing list if there can be a file-based exploitation. I did not check whether each bug that I found is applicable in a real scenario. Due to Moritz, I sent all the reports

Bug#729277: pvm-dev: buffer overflow in trcsort

2013-11-11 Thread Sang Kil Cha
I concur. We thought they are different bugs, but it was our mistake. On Mon, Nov 11, 2013 at 9:02 AM, Steinar H. Gunderson wrote: > On Mon, Nov 11, 2013 at 08:54:02AM -0500, Sang Kil Cha wrote: >> I was running a tool called Mayhem on linux binaries to find vulnerabilities. >> >> Basically, I am

Bug#729277: pvm-dev: buffer overflow in trcsort

2013-11-11 Thread Steinar H. Gunderson
On Mon, Nov 11, 2013 at 08:54:02AM -0500, Sang Kil Cha wrote: > I was running a tool called Mayhem on linux binaries to find vulnerabilities. > > Basically, I am sending reports to this mailing list if there can be a > file-based exploitation. I did not check whether each bug that I found > is app

Bug#729277: pvm-dev: buffer overflow in trcsort

2013-11-11 Thread Steinar H. Gunderson
On Sun, Nov 10, 2013 at 09:19:30PM -0500, Sang Kil Cha wrote: > Package: pvm-dev > Version: 3.4.5-12.5 > Severity: grave > Tags: security > Justification: user security hole > > trcsort has a buffer overflow vulnerability. A PoC file is attached. > > Command line to reproduce the bug: > $ /usr/bi

Bug#729277: pvm-dev: buffer overflow in trcsort

2013-11-10 Thread Sang Kil Cha
Package: pvm-dev Version: 3.4.5-12.5 Severity: grave Tags: security Justification: user security hole trcsort has a buffer overflow vulnerability. A PoC file is attached. Command line to reproduce the bug: $ /usr/bin/trcsort foo -- System Information: Debian Release: 7.1 APT prefers stable