CVE-2010-1620 - Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.

CVE-2010-1620

Summary

Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a (1) file or (2) socket that provides configuration data with many entries, leading to a heap-based buffer overflow.

References

Vulnerable Configurations

cpe:2.3:a:gnustep:gnustep_base:1.11.2:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.11.2:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.12.0:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.12.0:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.13.0:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.13.0:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.15.1:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.15.1:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.15.2:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.15.2:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.15.4:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.15.4:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.17.0:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.17.0:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.18.0:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.18.0:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.19.0:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.19.0:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.19.1:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.19.1:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.19.2:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:1.19.2:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:*:*:*:*:*:*:*:*
cpe:2.3:a:gnustep:gnustep_base:*:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 12-05-2010 - 21:07)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

confirm	http://ftpmain.gnustep.org/pub/gnustep/core/gnustep-base-1.20.0.tar.gz http://savannah.gnu.org/bugs/?29755 http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336 https://bugs.launchpad.net/ubuntu/+source/gnustep-base/+bug/573108
mlist	[oss-security] 20100507 Re: CVE Assignment (gnustep)
secunia	39746

Last major update

12-05-2010 - 21:07

Published

12-05-2010 - 11:46

Last modified

12-05-2010 - 21:07