OSVDB ID: 81313

Title: FlightGear src/FDM/YASim/Rotor.cpp Rotor::getValueforFGSet() Function Aircraft Model Rotor Tag Parsing Remote Overflow

Info

Disclosure

Mar 20, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

FlightGear is prone to an overflow condition. The Rotor::getValueforFGSet() function in src/FDM/YASim/Rotor.cpp fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted aircraft model rotor tag, a remote attacker can potentially execute arbitrary code.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Curtis Olson

FlightGear

2.6

References

CVE ID: 2012-2091 (see also: NVD)
Secunia Advisory ID: 48780
Related OSVDB ID: 81312
Mail List Post: http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081997.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082002.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082017.html
http://www.openwall.com/lists/oss-security/2012/04/10/13
Vendor Specific News/Changelog Entry: http://sourceforge.net/mailarchive/message.php?msg_id=28957051
http://sourceforge.net/mailarchive/message.php?msg_id=29011989
http://sourceforge.net/mailarchive/message.php?msg_id=29012174
https://bugzilla.redhat.com/show_bug.cgi?id=811630
https://bugzilla.redhat.com/show_bug.cgi?id=811634
Other Advisory URL: http://www.openwall.com/lists/oss-security/2012/04/10/13

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/81313