Ubuntu
link-grammar package

[CVE-2007-5395] link-grammar is vulnerable

Bug #162511 reported by Stephan Rügamer on 2007-11-13

254

Affects		Status	Importance	Assigned to	Milestone
	link-grammar (Ubuntu)	Fix Released	Low	Unassigned
	Dapper	Fix Released	Low	Kees Cook
	Edgy	Fix Released	Low	Kees Cook
	Feisty	Fix Released	Low	Kees Cook
	Gutsy	Fix Released	Low	Kees Cook
	Hardy	Fix Released	Low	Unassigned

Bug Description

Binary package hint: link-grammar

Dear Colleagues,

link-grammar is vulnerable.
From CVE:

Stack-based buffer overflow in the separate_word function in tokenize.c in Link Grammar 4.1b and possibly other versions, as used in AbiWord Link Grammar 4.2.4, allows remote attackers to execute arbitrary code via a long word, as reachable through the separate_sentence function.

I'll attached some debdiffs to versions which are affected to this vulnerability.

Regards,

\sh

Related branches

lp:ubuntu/dapper-updates/link-grammar

lp:ubuntu/edgy-security/link-grammar

lp:ubuntu/feisty-security/link-grammar

lp:ubuntu/gutsy-updates/link-grammar

CVE References

2007-5395

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-11-13:

#1

feisty debdiff to fix this issue Edit (4.3 KiB, text/plain)

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-11-13:

#2

gutsy debdiff to fix this issue Edit (4.3 KiB, text/plain)

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-11-13:

#3

edgy debdiff to fix this issue Edit (4.3 KiB, text/plain)

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-11-13:

#4

dapper debdiff to fix this issue Edit (4.2 KiB, text/plain)

Revision history for this message

Kees Cook (kees) wrote on 2007-11-13:

#5

Thanks for getting this prepared. Since this is a user-assisted attack and Edgy and newer should be stack-overflow-protected, I'm giving this a low priority. I will get it uploaded shortly. Thanks!

Changed in link-grammar:
assignee:	nobody → keescook
importance:	Undecided → Low
status:	New → In Progress

Revision history for this message

Kees Cook (kees) wrote on 2007-11-20:

#6

Thanks for getting these prepared. I haven't been able to reproduce a crash with "just" a 62 character word. Have you seen any proof-of-concepts for this? I've uploaded the fixes to the security queue, they should be published shortly.

Changed in link-grammar:
assignee:	keescook → nobody
status:	In Progress → Fix Released
assignee:	nobody → keescook
importance:	Undecided → Low
status:	New → Fix Committed
assignee:	nobody → keescook
importance:	Undecided → Low
status:	New → Fix Committed
assignee:	nobody → keescook
importance:	Undecided → Low
status:	New → Fix Committed
assignee:	nobody → keescook
importance:	Undecided → Low
status:	New → Fix Committed

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-11-26:

#7

link-grammar (4.2.2-4ubuntu0.7.10.1) gutsy-security; urgency=low

  * SECURITY UPDATE: Stack-based buffer overflow in the separate_word function
    in tokenize.c in Link Grammar 4.1b and possibly other versions, as used in
    AbiWord Link Grammar 4.2.4, allows remote attackers to execute arbitrary code
    via a long word, as reachable through the separate_sentence function.
  * debian/patches/CVE-2007-5395: Added patch according to upstream.
    (See: https://bugzilla.redhat.com/attachment.cgi?id=255061)
    (LP: #162511)
  * References:
    CVE-2007-5395
    https://bugzilla.redhat.com/show_bug.cgi?id=371221

-- Stephan Hermann <email address hidden> Tue, 13 Nov 2007 22:32:54 +0100

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-11-26:

#8

link-grammar (4.2.2-4ubuntu0.7.04.1) feisty-security; urgency=low

  * SECURITY UPDATE: Stack-based buffer overflow in the separate_word function
    in tokenize.c in Link Grammar 4.1b and possibly other versions, as used in
    AbiWord Link Grammar 4.2.4, allows remote attackers to execute arbitrary code
    via a long word, as reachable through the separate_sentence function.
  * debian/patches/CVE-2007-5395: Added patch according to upstream.
    (See: https://bugzilla.redhat.com/attachment.cgi?id=255061)
    (LP: #162511)
  * References:
    CVE-2007-5395
    https://bugzilla.redhat.com/show_bug.cgi?id=371221

-- Stephan Hermann <email address hidden> Tue, 13 Nov 2007 22:38:50 +0100

Changed in link-grammar:
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released

Kees Cook (kees) on 2008-03-07

Changed in link-grammar:
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

redhat-bugs #371221
[CLOSED ERRATA] Edit

Bug watches keep track of this bug in other bug trackers.