SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#814557

GNOME gedit contains format string vulnerability

Overview

gedit has a format string vulnerability in some error dialogs that can occur when a file is opened for editing.

I. Description

gedit is the official text editor of the GNOME desktop environment. gedit 2.10.2 has a format string error in some some error dialogs that can occur when a file is opened for editing. Some of the messages in these dialogs, which can contain the name of the file being opened, are interpreted as format strings. Versions prior to v2.10.2 may also be vulnerable.

II. Impact

An attacker can execute arbitrary code if a user can be coerced to open a file with a particular name.

III. Solution

Upgrade to gedit v2.10.3 or later.

Systems Affected
VendorStatusDate NotifiedDate Updated
Debian LinuxVulnerable12-Aug-2005
FreeBSD, Inc.Unknown12-Aug-2005
Gentoo LinuxVulnerable12-Aug-2005
GNOMEVulnerable12-Aug-2005
MandrakeSoftUnknown1-Jul-2005
Mandriva, Inc.Vulnerable12-Aug-2005
NetBSDUnknown11-Jul-2005
Red Hat Software, Inc.Vulnerable15-Aug-2005
Silicon Graphics, Inc.Unknown12-Aug-2005
TurboLinuxUnknown1-Jul-2005
Ubuntu LinuxVulnerable12-Aug-2005

References


http://secunia.com/advisories/15454/
http://www.securityfocus.com/bid/13699
http://www.securityfocus.com/archive/1/401869
http://www.securityfocus.com/archive/1/402048
http://mail.gnome.org/archives/gnome-announce-list/2005-June/msg00006.html
http://security.gentoo.org/glsa/glsa-200506-09.xml
https://www.ubuntulinux.org/support/documentation/usn/usn-138-1
http://rhn.redhat.com/errata/RHSA-2005-499.html
http://www.mandriva.com/security/advisories?name=MDKSA-2005:102
http://securitytracker.com/alerts/2005/Jun/1014179.html
http://www.debian.org/security/2005/dsa-753
http://www.auscert.org.au/5269

Credit

This issue was discovered by jsk:exworm of www.0xbadexworm.org.

This document was written by Hal Burch.

Other Information

Date Public:2005-05-24
Date First Published:2005-08-12
Date Last Updated:2005-08-15
CERT Advisory: 
CVE-ID(s):CAN-2005-1686
NVD-ID(s):CAN-2005-1686
US-CERT Technical Alerts: 
Metric:0.97
Document Revision:27

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2005 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader