FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

greed -- insecure GRX file processing

Affected packages
greed <= 0.81p

Details

VuXML ID bd579366-5290-11d9-ac20-00065be4b5b6
Discovery 2004-12-15
Entry 2005-01-03
Modified 2005-01-13

A buffer overflow vulnerability has been detected in the greed URL handling code. This bug can especially be a problem when greed is used to process GRX (GetRight) files that originate from untrusted sources.

The bug finder, Manigandan Radhakrishnan, gave the following description:

Here are the bugs. First, in main.c, DownloadLoop() uses strcat() to copy an input filename to the end of a 128-byte COMMAND array. Second, DownloadLoop() passes the input filename to system() without checking for special characters such as semicolons.

References

CVE Name CVE-2004-1273
CVE Name CVE-2004-1274
Message 653D74053BA6F54A81ED83DCF969DF08CFA2AA@pivxes1.pivx.com
URL http://secunia.com/advisories/13534/
URL http://tigger.uic.edu/~jlongs2/holes/greed.txt