Main Security Downloads Forum Free e-books Security Advisories Vulnerabilities IT News Virus Central Services Advertise Newsletter Shop Search Wap-PDA/mobile Other Affiliates Contact RSS feeds

Vendor: Gentoo Vendor ID: GLSA 200603-07 Title: Flex potential arbitrary code execution Publishing date: March 10, 2006 Published by: Nikola Strahija Other advisories by Gentoo: Wireshark dissectors vulnerabilities GIMP buffer overflow bug Xine-lib buffer overflow Libpng buffer overflow bug SHOUTcast server multiple vulnerabilities CVE: CVE-2006-0459     Printable version  |    Send to a friend   Security Advisory info: An attacker could feed malicious input to an application making use of an affected scanner and trigger the buffer overflow, potentially resulting in the execution of arbitrary code. Scroll down to see the full advisory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200603-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: flex: Potential insecure code generation Date: March 10, 2006 Bugs: #122940 ID: 200603-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== flex might generate code with a buffer overflow, making applications using such scanners vulnerable to the execution of arbitrary code. Background ========== flex is a programming tool used to generate scanners (programs which recognize lexical patterns in text). Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-devel/flex < 2.5.33-r1 >= 2.5.33-r1 Description =========== Chris Moore discovered a buffer overflow in a special class of lexicographical scanners generated by flex. Only scanners generated by grammars which use either REJECT, or rules with a "variable trailing context" might be at risk. Impact ====== An attacker could feed malicious input to an application making use of an affected scanner and trigger the buffer overflow, potentially resulting in the execution of arbitrary code. Workaround ========== Avoid using vulnerable grammar in your flex scanners. Resolution ========== All flex users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-devel/flex-2.5.33-r1" References ========== [ 1 ] CVE-2006-0459 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0459 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200603-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0     Printable version  |    Send to a friend

	Our Services			Information			Our Online Shop			Community Forum Topics
	Free weekly Newsletter Advertise on Xatrix Monthly News Archive Community Forum			Impressum/about Contributing Newsletter archive Latest bugs			Top sellers New Items Books Software			for micrsoft 2003 Admin Request---PHI... setting up a new se... Beautiful girls
Our Privacy Policy | Contact Us Powered by TiP / Rapid IT | HITB.org All content on this website is property of Xatrix Security if not noted otherwise. Copyright 2000 - 2010 Xatrix Security