[Debian-med-packaging] Bug#1009900: fis-gtm: Multiple CVEs in fis-gtm

Wed Apr 20 19:59:55 BST 2022

Hi Amul,

I guess a new upstream version will fix this.  Are you able to prepare
the latest version?

Kind regards

       Andreas.

Am Wed, Apr 20, 2022 at 11:13:31AM +0100 schrieb Neil Williams:
> Source: fis-gtm
> Version: 6.3-014-3
> Severity: important
> Tags: security
> X-Debbugs-Cc: codehelp at debian.org, Debian Security Team <team at security.debian.org>
> 
> Hi,
> 
> The following vulnerabilities were published for fis-gtm.
> 
> CVE-2021-44492[0]:
> | An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS
> | GT.M through V7.0-000. Using crafted input, attackers can cause a type
> | to be incorrectly initialized in the function f_incr in
> | sr_port/f_incr.c and cause a crash due to a NULL pointer dereference.
> 
> 
> CVE-2021-44493[1]:
> | An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS
> | GT.M through V7.0-000. Using crafted input, an attacker can cause a
> | call to $Extract to force an signed integer holding the size of a
> | buffer to take on a large negative number, which is then used as the
> | length of a memcpy call that occurs on the stack, causing a buffer
> | overflow.
> 
> 
> CVE-2021-44494[2]:
> | An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS
> | GT.M through V7.0-000. Using crafted input, an attacker can cause
> | calls to ZRead to crash due to a NULL pointer dereference.
> 
> 
> CVE-2021-44495[3]:
> | An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS
> | GT.M through V7.0-000. Using crafted input, an attacker can cause a
> | NULL pointer dereference after calls to ZPrint.
> 
> 
> CVE-2021-44496[4]:
> | An issue was discovered in FIS GT.M through V7.0-000 (related to the
> | YottaDB code base). Using crafted input, an attacker can control the
> | size variable and buffer that is passed to a call to memcpy. An
> | attacker can use this to overwrite key data structures and gain
> | control of the flow of execution.
> 
> 
> CVE-2021-44497[5]:
> | An issue was discovered in FIS GT.M through V7.0-000 (related to the
> | YottaDB code base). Using crafted input, can cause the bounds of a for
> | loop to be miscalculated, which leads to a use after free condition a
> | pointer is pushed into previously free memory by the loop.
> 
> 
> CVE-2021-44498[6]:
> | An issue was discovered in FIS GT.M through V7.0-000 (related to the
> | YottaDB code base). Using crafted input, attackers can cause a type to
> | be incorrectly initialized in the function f_incr in sr_port/f_incr.c
> | and cause a crash due to a NULL pointer dereference.
> 
> 
> CVE-2021-44499[7]:
> | An issue was discovered in FIS GT.M through V7.0-000 (related to the
> | YottaDB code base). Using crafted input, an attacker can cause a call
> | to $Extract to force an signed integer holding the size of a buffer to
> | take on a large negative number, which is then used as the length of a
> | memcpy call that occurs on the stack, causing a buffer overflow.
> 
> 
> CVE-2021-44500[8]:
> | An issue was discovered in FIS GT.M through V7.0-000 (related to the
> | YottaDB code base). A lack of input validation in calls to eb_div in
> | sr_port/eb_muldiv.c allows attackers to crash the application by
> | performing a divide by zero.
> 
> 
> CVE-2021-44501[9]:
> | An issue was discovered in FIS GT.M through V7.0-000 (related to the
> | YottaDB code base). Using crafted input, an attacker can cause calls
> | to ZRead to crash due to a NULL pointer dereference.
> 
> 
> CVE-2021-44502[10]:
> | An issue was discovered in FIS GT.M through V7.0-000 (related to the
> | YottaDB code base). Using crafted input, an attacker can control the
> | size of a memset that occurs in calls to util_format in
> | sr_unix/util_output.c.
> 
> 
> CVE-2021-44503[11]:
> | An issue was discovered in FIS GT.M through V7.0-000 (related to the
> | YottaDB code base). Using crafted input, an attacker can cause a call
> | to va_arg on an empty variadic parameter list, most likely causing a
> | memory segmentation fault.
> 
> 
> CVE-2021-44504[12]:
> | An issue was discovered in FIS GT.M through V7.0-000 (related to the
> | YottaDB code base). Using crafted input, an attacker can cause a size
> | variable, stored as an signed int, to equal an extremely large value,
> | which is interpreted as a negative value during a check. This value is
> | then used in a memcpy call on the stack, causing a memory segmentation
> | fault.
> 
> 
> CVE-2021-44505[13]:
> | An issue was discovered in FIS GT.M through V7.0-000 (related to the
> | YottaDB code base). Using crafted input, an attacker can cause a NULL
> | pointer dereference after calls to ZPrint.
> 
> 
> CVE-2021-44506[14]:
> | An issue was discovered in FIS GT.M through V7.0-000 (related to the
> | YottaDB code base). A lack of input validation in calls to do_verify
> | in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL
> | pointer by corrupting a function pointer.
> 
> 
> CVE-2021-44507[15]:
> | An issue was discovered in FIS GT.M through V7.0-000 (related to the
> | YottaDB code base). A lack of parameter validation in calls to memcpy
> | in str_tok in sr_unix/ztimeoutroutines.c allows attackers to attempt
> | to read from a NULL pointer.
> 
> 
> CVE-2021-44508[16]:
> | An issue was discovered in FIS GT.M through V7.0-000 (related to the
> | YottaDB code base). A lack of NULL checks in calls to ious_open in
> | sr_unix/ious_open.c allows attackers to crash the application by
> | dereferencing a NULL pointer.
> 
> 
> CVE-2021-44509[17]:
> | An issue was discovered in FIS GT.M through V7.0-000 (related to the
> | YottaDB code base). Using crafted input, attackers can cause an
> | integer underflow of the size of calls to memset in op_fnj3 in
> | sr_port/op_fnj3.c in order to cause a segmentation fault and crash the
> | application.
> 
> 
> CVE-2021-44510[18]:
> | An issue was discovered in FIS GT.M through V7.0-000 (related to the
> | YottaDB code base). Using crafted input, attackers can cause a
> | calculation of the size of calls to memset in op_fnj3 in
> | sr_port/op_fnj3.c to result in an extremely large value in order to
> | cause a segmentation fault and crash the application.
> 
> 
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2021-44492
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44492
> [1] https://security-tracker.debian.org/tracker/CVE-2021-44493
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44493
> [2] https://security-tracker.debian.org/tracker/CVE-2021-44494
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44494
> [3] https://security-tracker.debian.org/tracker/CVE-2021-44495
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44495
> [4] https://security-tracker.debian.org/tracker/CVE-2021-44496
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44496
> [5] https://security-tracker.debian.org/tracker/CVE-2021-44497
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44497
> [6] https://security-tracker.debian.org/tracker/CVE-2021-44498
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44498
> [7] https://security-tracker.debian.org/tracker/CVE-2021-44499
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44499
> [8] https://security-tracker.debian.org/tracker/CVE-2021-44500
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44500
> [9] https://security-tracker.debian.org/tracker/CVE-2021-44501
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44501
> [10] https://security-tracker.debian.org/tracker/CVE-2021-44502
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44502
> [11] https://security-tracker.debian.org/tracker/CVE-2021-44503
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44503
> [12] https://security-tracker.debian.org/tracker/CVE-2021-44504
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44504
> [13] https://security-tracker.debian.org/tracker/CVE-2021-44505
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44505
> [14] https://security-tracker.debian.org/tracker/CVE-2021-44506
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44506
> [15] https://security-tracker.debian.org/tracker/CVE-2021-44507
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44507
> [16] https://security-tracker.debian.org/tracker/CVE-2021-44508
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44508
> [17] https://security-tracker.debian.org/tracker/CVE-2021-44509
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44509
> [18] https://security-tracker.debian.org/tracker/CVE-2021-44510
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44510
> 
> Please adjust the affected versions in the BTS as needed.
> 
> 
> -- System Information:
> Debian Release: bookworm/sid
>   APT prefers unstable
>   APT policy: (500, 'unstable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 5.16.0-6-amd64 (SMP w/16 CPU threads; PREEMPT)
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
> 
> _______________________________________________
> Debian-med-packaging mailing list
> Debian-med-packaging at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-med-packaging
> 

-- 
http://fam-tille.de