FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
87cc48fd-5fdd-11d8-80e3-0020ed76ef5amnGoSearch buffer overflow in UdmDocToTextBuf()

Jedi/Sector One reported the following on the full-disclosure list:

Every document is stored in multiple parts according to its sections (description, body, etc) in databases. And when the content has to be sent to the client, UdmDocToTextBuf() concatenates those parts together and skips metadata.

Unfortunately, that function lacks bounds checking and a buffer overflow can be triggered by indexing a large enough document.

'len' is fixed to 10K [in UdmDocToTextBuf] in searchd.c . S->val length depends on the length of the original document and on the indexer settings (the sample configuration file has low limits that work around the bug, though).

Exploitation should be easy, moreover textbuf points to the stack.


Discovery 2004-02-15
Entry 2004-02-15
mnogosearch
ge 3.2.* lt 3.2.15

http://lists.netsys.com/pipermail/full-disclosure/2004-February/017366.html