Headline
CVE-2023-30079
A stack overflow vulnerability exists in function read_file in atlibeconf/lib/getfilecontents.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code.
#ifdef HAVE_CONFIG_H # include #endif #include #include #include “libeconf.h” /* Test case: Open default login.defs from shadow and try out if we can read all entries */ int main(int argc, char *argv[]) { econf_file *key_file = NULL; char **keys; size_t key_number; char *val; econf_err error; if ((error = econf_readFile (&key_file, argv[1], "= \t", “#”))) { fprintf (stderr, "ERROR: couldn’t read configuration file: %s\n", econf_errString(error)); return 1; } if ((error = econf_getStringValue (key_file, NULL, "USERGROUPS_ENAB", &val))) { fprintf (stderr, "Error reading USERGROUPS_ENAB: %s\n", econf_errString(error)); return 1; } else if (strlen(val) == 0) { fprintf (stderr, “USERGROUPS_ENAB returns nothing!\n”); return 1; } else if (strcmp (val, “yes”) != 0) { fprintf (stderr, "USERGROUPS_ENAB returns wrong value: '%s’\n", val); return 1; } free (val); if ((error = econf_getStringValue (key_file, NULL, "ENV_SUPATH", &val))) { fprintf (stderr, "Error reading ENV_SUPATH: %s\n", econf_errString(error)); return 1; } else if (strlen(val) == 0) { fprintf (stderr, “ENV_SUPATH returns nothing!\n”); return 1; } else if (strcmp (val, “PATH=/sbin:/bin:/usr/sbin:/usr/bin”) != 0) { fprintf (stderr, "ENV_SUPATH returns wrong value: '%s’\n", val); return 1; } free (val); if ((error = econf_getStringValue (key_file, "", "UMASK", &val))) { fprintf (stderr, "Error reading UMASK: %s\n", econf_errString(error)); return 1; } else if (strlen(val) == 0) { fprintf (stderr, “UMASK returns nothing!\n”); return 1; } else if (strcmp (val, “022”) != 0) { fprintf (stderr, "UMASK returns wrong value: '%s’\n", val); return 1; } free (val); error = econf_getKeys(key_file, NULL, &key_number, &keys); if (error) { fprintf (stderr, "Error getting all keys: %s\n", econf_errString(error)); return 1; } if (key_number == 0) { fprintf (stderr, “No keys found?\n”); return 1; } for (size_t i = 0; i < key_number; i++) { printf ("%zu: %s\n", i, keys[i]); } econf_free (keys); econf_free (key_file); return 0; }
Related news
Red Hat Security Advisory 2023-5458-01 - Libeconf is a highly flexible and configurable library to parse and manage key=value configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it.
An update for libeconf is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30079: A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow that results in a denial of service.