FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

fsplib -- multiple vulnerabilities

Affected packages
fsplib < 0.9

Details

VuXML ID 4a338d17-412d-11dc-bdb0-0016179b2dd5
Discovery 2007-07-24
Entry 2007-08-02

A Secunia Advisory reports:

fsplib can be exploited to compromise an application using the library.

A boundary error exists in the processing of file names in fsp_readdir_native, which can be exploited to cause a stack-based buffer overflow if the defined MAXNAMLEN is bigger than 256.

A boundary error exists in the processing of directory entries in fsp_readdir, which can be exploited to cause a stack-based buffer overflow on systems with an insufficient size allocated for the d_name field of directory entries.

References

CVE Name CVE-2007-3961
CVE Name CVE-2007-3962
URL http://secunia.com/advisories/26184/