ID CVE-2005-1194
Summary Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_servers
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_servers
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation
  • cpe:2.3:o:redhat:enterprise_linux:4.0:-:advanced_server
    cpe:2.3:o:redhat:enterprise_linux:4.0:-:advanced_server
  • cpe:2.3:o:redhat:enterprise_linux:4.0:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:4.0:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:4.0:-:workstation
    cpe:2.3:o:redhat:enterprise_linux:4.0:-:workstation
  • Red Hat Desktop 3.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:3.0
  • Red Hat Desktop 4.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:4.0
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:ia64
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:ia64
CVSS
Base: 4.6 (as of 12-05-2005 - 14:11)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-381.NASL
    description An updated nasm package that fixes multiple security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. NASM is an 80x86 assembler. Two stack based buffer overflow bugs have been found in nasm. An attacker could create an ASM file in such a way that when compiled by a victim, could execute arbitrary code on their machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-1287 and CVE-2005-1194 to these issues. All users of nasm are advised to upgrade to this updated package, which contains backported fixes for these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18196
    published 2005-05-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18196
    title RHEL 2.1 / 3 / 4 : nasm (RHSA-2005:381)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-090.NASL
    description A buffer overflow in nasm was discovered by Josh Bressers. If an attacker could trick a user into assembling a malicious source file, they could use this vulnerability to execute arbitrary code with the privileges of the user running nasm. The provided packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 18306
    published 2005-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18306
    title Mandrake Linux Security Advisory : nasm (MDKSA-2005:090)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-128-1.NASL
    description Josh Bressers discovered a buffer overflow in the ieee_putascii() function of nasm. If an attacker tricked a user into assembling a malicious source file, they could exploit this to execute arbitrary code with the privileges of the user that runs nasm. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 20518
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20518
    title Ubuntu 4.10 / 5.04 : nasm vulnerability (USN-128-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-381.NASL
    description An updated nasm package that fixes multiple security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. NASM is an 80x86 assembler. Two stack based buffer overflow bugs have been found in nasm. An attacker could create an ASM file in such a way that when compiled by a victim, could execute arbitrary code on their machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-1287 and CVE-2005-1194 to these issues. All users of nasm are advised to upgrade to this updated package, which contains backported fixes for these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21816
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21816
    title CentOS 3 / 4 : nasm (CESA-2005:381)
oval via4
accepted 2013-04-29T04:12:42.971-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.
family unix
id oval:org.mitre.oval:def:11256
status accepted
submitted 2010-07-09T03:56:16-04:00
title Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.
version 22
redhat via4
advisories
rhsa
id RHSA-2005:381
refmap via4
bid 13506
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 21-08-2010 - 00:28
Published 04-05-2005 - 00:00
Last modified 10-10-2017 - 21:30
Back to Top