[Secure-testing-team] Bug#481186: CVE-2008-2149: buffer overflows
Steffen Joeris
steffen.joeris at skolelinux.de
Wed May 14 12:17:40 UTC 2008
Package: wordnet
Severity: grave
Tags: security
Justification: user security hole
Hi
The following CVE(0) has been issued against wordnet.
CVE-2008-2149:
Stack-based buffer overflow in the searchwn function in Wordnet 2.0,
2.1, and 3.0 might allow context-dependent attackers to execute
arbitrary code via a long command line option. NOTE: this issue probably
does not cross privilege boundaries except in cases in which Wordnet is
used as a back end.
More information can be found in the gentoo bugreport(1).
I filled it as an RC bug, because wordnet is sometimes used as a backend
for web applications
Please mention the CVE id in your changelog, when you fix this bug.
Cheers
Steffen
(0): http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2149
(1): https://bugs.gentoo.org/show_bug.cgi?id=211491
More information about the Secure-testing-team
mailing list