|
|
Log in / Subscribe / Register

nasm: buffer overflow in the ieee_putascii() function

Package(s):nasm CVE #(s):CAN-2005-1194
Created:May 17, 2005 Updated:May 19, 2005
Description: Josh Bressers discovered a buffer overflow in the ieee_putascii() function of nasm 0.98 and earlier. If an attacker tricked a user into assembling a malicious source file, they could exploit this to execute arbitrary code with the privileges of the user that runs nasm.
Alerts:
Mandriva MDKSA-2005:090 nasm 2005-05-18
Ubuntu USN-128-1 nasm 2005-05-17
to post comments

nasm: buffer overflow in the ieee_putascii() function

Posted May 26, 2005 7:55 UTC (Thu) by mjc@redhat.com (guest, #2303) [Link]

Note this issue was discovered by Jindrich Novy of Red Hat, not Josh Bressers

nasm: buffer overflow in the ieee_putascii() function

Posted Jun 1, 2005 17:30 UTC (Wed) by QuisUtDeus (guest, #14854) [Link]

If someone is "tricked" into assembling/compiling/executing a malicious program, then the malefactor can do pretty much anything as the executing user, without a buffer overrun. So, this doesn't seem quite as severe in that light.

Still something to fix.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds