Date: Wed, 11 Nov 1998 01:37:26 +0100 From: Duncan Simpson <dps@IO.STARGATE.CO.UK> Subject: catdoc-0.90 buffer overruns To: BUGTRAQ@NETSPACE.ORG --==_Exmh_1048945481P Content-Type: multipart/mixed ; boundary="==_Exmh_10391748110" This is a multipart MIME message. --==_Exmh_10391748110 Content-Type: text/plain; charset=us-ascii catdoc-0.90 is full of buffer overruns. The cloest things to a remote exploit is a reported exploit document, of which I have not got a copy of to try. It would is quite believable, given the level of buffer overruns, This could be a security problem if catdoc is used with privilege users do not have for automated indexing purposes or otherwise used with raised privilege. There are lots of overruns for bad guys to exploit. I think the attached patch fixes all of the bugs. The author has been sent this patch over a week ago and received to response. (Even if nobody can think of an exploit situation having buffer overruns is not cool). --==_Exmh_10391748110 Content-Type: application/x-gzip ; name="catdoc-fix.gz" Content-Description: catdoc-fix.gz Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="catdoc-fix.gz" H4sICBbNSDYCA2NhdGRvYy1maXgAvVp5b9vGEv9b+hQbF2koibRFSb6kKEjqumgBOwksB+1D bAgMubSIUCTFw0cDv8/+ZvamDlttgsegFrU7Ozs7x29mVnUchxS5v+d7ZZD6u7P/Nn7LIzKh GXFd4vaG/d6w1yfu8fFRs9Pp1Egbl7OKvE9vCdkn3f6wdzTsH3DKt2+J47p9+5B0+Mfbt01C 70uaJ8SfeXmbzL1smnnlzCZtHChoyb6OFFmUlKSIbhKvrHI69WfU/1qfrJKvSXqXTL1iOqP3 o6Zzm0YBCaMkmIZRTC1kS9phFcd8Iz9NipLw0cSbU5uYI0jSGjU7383EFpL/TYEdYexy6gVT oAujG8HVWIMDyAmpJ59+mVyev/vIVxTVl6IEPRnkbWKSN5267fzdICrKmlV6w8HBEA25xn5+ jXIwdPvDQV/br7dvH5AO/O11mfm4uO2pl9/cwuZ4Snz34f0nmgRR2Ozgv702mXghJbc0L6I0 IWlIijKHLS38yB6s12F0TwOmIfKlCt/Y5PXu7u6blvwk7b1mpyi9MvJryi2A6xQYTJEXH4Ll XN3wAvzqxvCz+ncvaDU735odgg8uikcoL/saj0E4UKwFRCMxBiMJyss2QWZ8Eyd2XEUDQ5/l 8PX41VX31agBCjhNCnBaAq46j8CB4bR4JskV5WdMcbNGQyrsC/W9qqBqGxIVECX30byawyov LzWTnEJQJEgJgjzCKche+7uePeRA+HPuRQnJ8vQm9+Zk20dy+JinPi0KWpA0K8H8hc18uSAi yAvCPLggXgIugA4elRUSIgf0ukEPQWP/QGCG8KzVEJr8Z3J5en5xgnHwUxQGNCSfJqcXFydN R0dvSecZi1I+Zd/Qkia31s7vH85Pd1poxW1pbeavaajIcDWJQmK11Qj51mS2WZJUzcOCR3bG 40P7GIHRhQ88JBgXdpsKFY3B6l/pNKcYQXSKAFDOMzmLXMKc0uWxplNk1Ocj4zp81MNPnTNM 87lXTplo9uTj6cn09K9LppTNnMwQVIxWVGMTg7dNTN5MZS/0Bi1A9Ki0MKKcnGax59M5Tcp/ c4SL049n6ghP8fpXhzC580OYWxjHIGI6KryyfLAYXqcgeZBWZauFTqJQW4TE9ritFiwj92DY HWjkPujasLSDH/vMwQB2ZikACKJeO6F3Y9+L49S3xJnVZMvu7R/gGThA+uwtTpMbnnDhu8MR LHsgFuoFYczISI7CNzl58vu7i8npJdMcm9cBh3+QRJKaZQCnZXoU05+71yzAEAEBaJ4Qooaz a+UQQCoBXtKo3KqcQcy0nAFiPu4LBDflDJOawRGReiCYSnFXOIj0QHR6SKCqWM0RS4KTmuQr yQJ8q7qZkSIDTwThQkiFD/JgjCGy3E7n6tSCqMV1uc4I7AmzHLwiRNemeW7vnHhJkkJWTb1A oj15WRCHqZXgVJhWSXCV7MjtuafpfPb+09kZG3pUMYJrIT/EW8eIXrBUnfa7w+6RUZ0e2n2I EfjYP2AxgpqlXg6FZoGRL6QGQcH3CQJWFEZgpBikQPMHUU79Ms0jWuzCQkxstUyoSkZSpgQw pWRmiTCUQlTGDF+9DPIsqBHM/0RW/UHP3o+okH9YgRxH86hsNcm3+jwzP39fMAxg76DsaUGz z73r8bdf/7iYTk4/2t1H7p61Qo5xdRyoqjBS3lMwWJpAtDyAgtGoV12mU+a+8NXKxqzpyEbZ eNFxtW+TBRaE/iy3Mvvsj8kl7sixnT8YFAuG5Q0FI1oHmb1wMoyeBid0sjf8uLAAxtZFD9l5 xxQLURHSnKSQ+/MKyjB0ID+dZ3CKpITQ4VzZA3oro6SibOQR/2yUhCzDBoy+ZiIxdTS0t36G metxl/GMx/BFqPKM416RkhDsAXgHU0qVELCExsAW1NdYgPpBLSJVG6Iw0deJKHwBp7Uc3JLu dqjZUPW7YsCxckVsjd86QI1jyBfcjsUsC3casyxP5tRLoJKt8hy/SQR4MBgwsNTRwBzKOFQX jrP7alQbc4W647ErdP0BPBbd3vPhmATMxQ4pq9zp9Hzy64fJdLqi+zVK94JgSu8p+2LoZoMp NlA/YaD/j3kaug+QdnKImeX1EQRS8PphLUWtSmAGM84EDvdiLBCmJWlE0CJpLAKZj+BEY30g I7pvFcuNWhgTHsjECEjoK4VAgiLudJT4j+Y54iWU+U7J6hCztN+K83Rim3C855Ebq+TOZPN8 bAsNM3Rb43GXx4dI/yNtXUzQ+0fYJB31bZdfPzB4ZNdAsu0RuUfdoNRyj2yNBKSzQVnFuL2j 65EeRnlweN/tXXO/EXG0VCW19ORTFa6RHAXnTSVuh6wWoYLkiRL07LkS9Ptr0CfPuFKDynIz pt4tFE+1klTw204l6tCCqCV8iLXZckzlaGV3BJegyiyjG1ZedMjuII+P7SPjDgsxDoDCQpcS /OR9k+kPbu/weqUeEa4hj8Fuw7AsHpkdxfLsysHkFZLcylqZ38pUslDhlYrYVMIXb+NkocJV tsBcg3o5GvC7WVfcszw21S2ZkQOWiznGaFlVIpxQNwJwFM7aUtOilygSk8JUSkugh7lANwbi ZvhR5QHZHsimfuv2QC9YbaHNy+se85uevLpWWFGUaYYvAqyw+qSF72U0QOAD+ExRw2yuSvD6 Ggxl9M61XgzsyfSg8Kume3lB3pLJ6p+v1B2dWCADyqhTVJkinw1tHe7Oe6KXBbZw5j20fPRV jjDPXR6Bw25tHEm+bJru0D00Oreu3e+D73btgezcfliHVHNuniVZWhjv7MjL/LTiN3VWPdtU yVeWeGVpbrY0S1fO2gJ3OZhqDiARJaYNwqwqC4vxtMXFkdZyLVmKQkhfKoPANhdG+BvuI1oZ zvDVVfKKX0PpUhdMC+kkg5LzBiRiFbGYFdBHxuwHGxY9lr6948xUrcXlFlIowcVkm49jeDi1 JoqvWiwtEFWtEB9rR76+9WZJaY5UjBB1LPZvZ+KtYywYafK7GTqzlb3hVD///CIqWM6CVAP6 yVgbQ4wSJhsLhrVd99p3aY7G9kBaBzr7uxnFq/+U4La75M8IUJtd6+cVb0J5VnTMPj9kni81 Z8hruyt61Kr2LVT/BoJnTq+bhtp9QwbmybC+dBpPGLTxrATglw04qiWtMYIwAL72otNpoY0w KpwGT0eOrCx5nGRj5qciapiVwCIvWDoUpS20ExzXhD2cuoc4Lkubv0U3mDZBMoiZuRclWPnq qqQhamaxFmyuOmvVrmSiTWGdMphUtyeZ4MEyvg49gt0sX/QuCCBX7ZJz7x5KogALtCWpXcFD 4Mzy7LO/JzVI1hnHomk8975SkCpLEWZAVH7kAKv8kDCNiuvAhgkJQmyFCVIDG0BBXT1shQr6 qmOdF8lZAxfk0CZgwHuObWFhSdRnUEFSbwMKppQ1TIBm7jsAga/eCgkE6ZoA5DNPn1GFPifW Ma/ZrrPW5i1Vayjt/UzgK8svhNFFV/nIKrwfls3Vr5onaQKNbllARRb5acAvV9AgcAA4kLqs LuiioolPd2GF/PV6Bi2NuotlbekxFoaHPaMwfNQZHWsvqAVrgWH+TmRXPv4GJMpaTmyUZPX/ pcHMM7K0hmGs8Xeuru5fdgd/7diWLDNbwFr16brSFgsk9vCvUBlu4oAa+4WysE+w3NF3W1Jq zkIWIPBf05wlX/DnT1Yh/w+rqeNSWiIAAA== --==_Exmh_10391748110 Content-Type: text/plain; charset=us-ascii Duncan (-: "software industry, the: unique industry where selling substandard goods is legal and you can charge extra for fixing the problems." --==_Exmh_10391748110-- --==_Exmh_1048945481P Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.3ia iQCVAwUBNkjqU84kG9UPwSZpAQH5iAP/a3eMyZQW1MZLLzPhcOTAyLOUc6rR04fF bkTBB/FcQQmd7jbKK6m+O28YKq5lvA2yhQ3Kosm404/VUBaQOQQd8RBnL8zwy7gF JsRgkyxVG7ZXG8VCYhXPdFhKcgQ+DJuHgIoJwPzfgceI9bT+Mxnj+flBORE8ZfIG HUZljEhtZyw= =vl8r -----END PGP MESSAGE----- --==_Exmh_1048945481P--