[Secure-testing-team] Bug#497835: gmanedit: Found several buffer overflows
François Wendling
frwendling at free.fr
Thu Sep 4 19:56:30 UTC 2008
Package: gmanedit
Version: 0.4.1-1
Severity: important
Tags: security
Hi,
Gmanedit includes several buffer overflows. It needs to be audited
seriously, user input is never checked. Here are the ones i found :
* Launch the wizard, click all the boxes, complete the wizard. Check
for "cad[512]" in the source, it's where the problem is, it should
be increased ; it fixes the problem, but it's ugly.
* Launch the wizard, type a very long line in title or name of the
manpage. At first the UI doesn't limit the number of characters
you can enter, then the code handles it badly.
* Open preferences, flood the inputbox.
* Same like above, but this time it comes from the rc file. Just fill the
"COMMAND=" parameters with a lot of characters.
* Fill the editor with a 200kb file, then try to see the man ("view
created page").
Maybe there are some others, so it needs a good audit. I don't send a
patch, because i can't fix properly, but don't hesitate to ask me
more if you need.
Regards,
More information about the Secure-testing-team
mailing list