LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

nasm: buffer overflow in the ieee_putascii() function

Package(s):nasm CVE #(s):CAN-2005-1194
Created:May 17, 2005 Updated:May 19, 2005
Description: Josh Bressers discovered a buffer overflow in the ieee_putascii() function of nasm 0.98 and earlier. If an attacker tricked a user into assembling a malicious source file, they could exploit this to execute arbitrary code with the privileges of the user that runs nasm.
Alerts:
Mandriva MDKSA-2005:090 2005-05-18
Ubuntu USN-128-1 2005-05-17
(Log in to post comments)

nasm: buffer overflow in the ieee_putascii() function

Posted May 26, 2005 7:55 UTC (Thu) by mjc@redhat.com (guest, #2303) [Link]

Note this issue was discovered by Jindrich Novy of Red Hat, not Josh Bressers

nasm: buffer overflow in the ieee_putascii() function

Posted Jun 1, 2005 17:30 UTC (Wed) by QuisUtDeus (guest, #14854) [Link]

If someone is "tricked" into assembling/compiling/executing a malicious program, then the malefactor can do pretty much anything as the executing user, without a buffer overrun. So, this doesn't seem quite as severe in that light.

Still something to fix.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds