Executive Summary
Summary | |
---|---|
Title | WordNet: Execution of arbitrary code |
Informations | |||
---|---|---|---|
Name | GLSA-200810-01 | First vendor Publication | 2008-10-07 |
Vendor | Gentoo | Last vendor Modification | 2008-10-07 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities were found in WordNet, possibly allowing for the execution of arbitrary code. Background Description * Jukka Ruohonen and Rob Holland (oCERT) reported multiple boundary errors within the searchwn() function in src/wn.c, the wngrep() * Rob Holland (oCERT) reported two boundary errors within the do_init() function in lib/morph.c, which lead to stack-based buffer overflows via specially crafted "WNSEARCHDIR" or "WNHOME" environment variables. * Rob Holland (oCERT) reported multiple boundary errors in the bin_search() and bin_search_key() functions in binsrch.c, which lead to stack-based buffer overflows via specially crafted data files. * Rob Holland (oCERT) reported a boundary error within the parse_index() function in lib/search.c, which leads to a heap-based buffer overflow via specially crafted data files. Impact * A local attacker could exploit the second vulnerability via specially crafted "WNSEARCHDIR" or "WNHOME" environment variables, * A local attacker could exploit the third and fourth vulnerability by making the application use specially crafted data files, possibly leading to the execution of arbitrary code. Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-200810-01.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-200810-01.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18628 | |||
Oval ID: | oval:org.mitre.oval:def:18628 | ||
Title: | DSA-1634-1 wordnet - arbitrary code execution | ||
Description: | Rob Holland discovered several programming errors in WordNet, an electronic lexical database of the English language. These flaws could allow arbitrary code execution when used with untrusted input, for example when WordNet is in use as a back end for a web application. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1634-1 CVE-2008-2149 CVE-2008-3908 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | wordnet |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7971 | |||
Oval ID: | oval:org.mitre.oval:def:7971 | ||
Title: | DSA-1634 wordnet -- stack and heap overflows | ||
Description: | Rob Holland discovered several programming errors in WordNet, an electronic lexical database of the English language. These flaws could allow arbitrary code execution when used with untrusted input, for example when WordNet is in use as a back end for a web application. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1634 CVE-2008-2149 CVE-2008-3908 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | wordnet |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2009-04-09 | Name : Mandriva Update for wordnet MDVSA-2008:182 (wordnet) File : nvt/gb_mandriva_MDVSA_2008_182.nasl |
2009-04-09 | Name : Mandriva Update for wordnet MDVSA-2008:182-1 (wordnet) File : nvt/gb_mandriva_MDVSA_2008_182_1.nasl |
2008-10-09 | Name : Gentoo Security Advisory GLSA 200810-01 (wordnet) File : nvt/glsa_200810_01.nasl |
2008-09-24 | Name : Debian Security Advisory DSA 1634-2 (wordnet) File : nvt/deb_1634_2.nasl |
2008-09-17 | Name : Debian Security Advisory DSA 1634-1 (wordnet) File : nvt/deb_1634_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
48479 | Princeton WordNet (wn) morph.c Command Line Local Overflow A local overflow exists in WordNet. WordNet fails to handle a boundary error in morph.c resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
48478 | Princeton WordNet (wn) search.c Multiple Local Overflows A local overflow exists in WordNet. WordNet fails to handle multiple boundary errors in search.c resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
48477 | Princeton WordNet (wn) morph.c Environment Variable Handling Local Overflow A local overflow exists in WordNet. WordNet fails to handle boundary errors within the "do_init()" function in lib/morph.c accessible via specially crafted "WNSEARCHDIR" or "WNHOME" environment variables resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
48476 | Princeton WordNet (wn) wnutil.c Environment Variable Handling Local Overflow A buffer overflow exists in WordNet. WordNet fails to handle a boundary in wnulitc. specifically called via the WNDBVERSION environmental variable resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
48475 | Princeton WordNet (wn) binsrch.c Data File Handling Local Overflow A local overflow exists in WordNet. WordNet experiences boundary errors in "bin_search()" and "bin_search_key()" functions in binsrch.c resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code executio resulting in a loss of integrity. |
45153 | WordNet wn Multiple Function Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-182.nasl - Type : ACT_GATHER_INFO |
2008-10-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200810-01.nasl - Type : ACT_GATHER_INFO |
2008-09-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1634.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:36:06 |
|