Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200412-20] NASM: Buffer overflow vulnerability


Vulnerability Assessment Details

[GLSA-200412-20] NASM: Buffer overflow vulnerability

Vulnerability Assessment Summary
NASM: Buffer overflow vulnerability

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200412-20
(NASM: Buffer overflow vulnerability)


Jonathan Rockway discovered that NASM-0.98.38 has an unprotected
vsprintf() to an array in preproc.c. This code vulnerability may lead
to a buffer overflow and potential execution of arbitrary code.

Impact

A remote attacker could craft a malicious object file which, when
supplied in NASM, would result in the execution of arbitrary code with
the rights of the user running NASM.

Workaround

There is no known workaround at this time.

References:
http://sourceforge.net/mailarchive/forum.php?thread_id=6166881&forum_id=4978


Solution:
All NASM users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/nasm-0.98.38-r1"


Network Security Threat Level: Medium


Networks Security ID:

Vulnerability Assessment Copyright: (C) 2005 Michel Arboi

Cables, Connectors

32GB KIT 4X8GB  DDR-2 8GB PC-2 5300 667MHZ ECC Fully Buffered Server Memory DELL
$16.9
32GB KIT 4X8GB  DDR-2 8GB PC-2 5300 667MHZ ECC Fully Buffered Server Memory DELL pictureMicron 16GB 2x8G PC3-10600R DDR3 1333Mhz ECC REG Registered Server Memory
$20.0
Micron 16GB 2x8G PC3-10600R DDR3 1333Mhz ECC REG Registered Server Memory  pictureHP Proliant MicroServer Gen8 2.5GHz-16GB-4x 4TB ENT SATA-G8 Server
$600.0
HP Proliant MicroServer Gen8 2.5GHz-16GB-4x 4TB ENT SATA-G8 Server pictureSamsung 32G 4X 8GB PC3L-10600R 2Rx4 DDR3-1333MHz ECC Server REG-DIMM Memory Lot
$40.0
Samsung 32G 4X 8GB PC3L-10600R 2Rx4 DDR3-1333MHz ECC Server REG-DIMM Memory Lot picture


Discussions

No Discussions have been posted on this vulnerability.