SWI-Prolog "canoniseFileName()" and "expand()" Buffer

by Carol~ Moderator - 1/4/13 8:55 AM

In Reply to: VULNERABILITIES / FIXES - January 04, 2013 by Carol~ Moderator

SWI-Prolog "canoniseFileName()" and "expand()" Buffer Overflow Vulnerabilities

Release Date : 2013-01-04

Criticality level : Moderately critical
Impact: System access
Where : From remote
Solution Status : Vendor Patch

Software: SWI-Prolog 6.x

Description:
Two vulnerabilities have been reported in SWI-Prolog, which can be exploited by malicious people to potentially compromise a vulnerable system.

1) An error within the "canoniseFileName()" function (os/pl-os.c) when handling patch canonisation paths can be exploited to cause a stack-based buffer overflow.

2) An error within the "expand()" function (os/pl-glob.c) when expanding file names can be exploited to cause a stack-based buffer overflow.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 6.2.5.

Solution:
Update to version 6.2.5.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html

http://secunia.com/advisories/51709/