Vigil@nce: WordNet, code execution
September 2008 by Vigil@nce
Several WordNet vulnerabilities can be used by an attacker to
execute code.
– Gravity: 2/4
– Consequences: user access/rights
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: medium (2/3)
– Creation date: 02/09/2008
– Identifier: VIGILANCE-VUL-8079
IMPACTED PRODUCTS
– Debian Linux [confidential versions]
– Mandriva Linux [confidential versions]
– Unix - plateform
DESCRIPTION
The WordNet suite is used to check English language. It has
several vulnerabilities.
An attacker can generate an overflow in the morph.c:morphstr(),
morph.c:morphword() and search.c:getindex() functions. [grav:1/4]
An attacker can generate an overflow via the WNSEARCHDIR, WNHOME
and WNDBVERSION environment variables. [grav:1/4]
An attacker can generate an overflow by loading a malicious
database. [grav:2/4]
Depending on the context, an attacker can therefore execute code
with privileges of WordNet users.
CHARACTERISTICS
– Identifiers: BID-30958, CVE-2008-2149, DSA 1634-1, MDVSA-2008:182,
ocert-2008-014, VIGILANCE-VUL-8079
– Url: https://vigilance.aql.fr/tree/1/8079