ID

VAR-201708-1104

CVE

CVE-2017-12865

TITLE

ConnMan Buffer error vulnerability

DESCRIPTION

Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable. ConnMan Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. connman is prone to a stack-based buffer overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. connman 1.34 and prior are vulnerable. ConnMan is a tool for network management on Tizen systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3956-1 security@debian.org https://www.debian.org/security/ Luciano Bello August 27, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : connman CVE ID : CVE-2017-12865 Debian Bug : 872844 Security consultants in NRI Secure Technologies discovered a stack overflow vulnerability in ConnMan, a network manager for embedded devices. For the oldstable distribution (jessie), this problem has been fixed in version 1.21-1.2+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1.33-3+deb9u1. For the testing distribution (buster), this problem has been fixed in version 1.33-3+deb9u1. For the unstable distribution (sid), this problem has been fixed in version 1.35-1. We recommend that you upgrade your connman packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAlmjRVgACgkQbsLe9o/+ N3T3/Q//VQRbz2KIvb/nJA79D9HsmJiV5MCs8odlsPfV+796eENsgepO3elsdm75 vo5FHTORoN+tc2cw9zOkpgR/tTNYVFq/adcchecjW6E8Ruh57AwT1PaDDStaTger ra9tk3QBVOWBkhdZmag8RxNt99EK9o1pVn0zu2cdNWwWR+0DJFLOTn+icvaX9a00 E53GXX/CCMEYw0Smo3t3D0HuR6NLLDFbyV1Cf/fte29Hdt7Ni0aXUZsjyqlND7LI mF1m4OcouoGhS/QFBEkIsduMs07Merc7ZHQ93z/RMtqQzo9Ev/7qBsgGG7TokTif m+HmH6x6OJ+QIVca2VK7i3pKmWu+zLtF5zixG/U0ED5nVoeDE1vnHmLlQilHOzi/ Dxmb6gPNQvbLYE3Hr2ytgL4ICmADVeUlpVfEc4km17G8fiTCaCY5vAlKRUy209bE d9izLn1u3J2i1gb3IsJ1qxfIG3kxy6xnXXED0sGZXCp61HU2SaXTiK76B5MLiBHP wQN335oSsRIbORSsCvfcqVUAtLs9BLqV3fQ57wb7nM5qH7vfHndcGXc/lVNb6eJe 3PjOIyDUU58K987FnvbN+FSWGuv5cfbsQLZwfICU5s95r2EAoS06tk2/iGU76Wwy zjmu3on4C2men6TxIaWCOamkBR+igB9MvRIRD2wRIUkg5mudmf8= =p3fr -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201812-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ConnMan: Multiple vulnerabilities Date: December 02, 2018 Bugs: #628566, #630028 ID: 201812-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in ConnMan, the worst of which could result in the remote execution of code. Background ========== ConnMan provides a daemon for managing Internet connections. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/connman < 1.35-r1 >= 1.35-r1 Description =========== Multiple vulnerabilities have been discovered in ConnMan. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All ConnMan users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/connman-1.35-r1" References ========== [ 1 ] CVE-2017-12865 https://nvd.nist.gov/vuln/detail/CVE-2017-12865 [ 2 ] CVE-2017-5716 https://nvd.nist.gov/vuln/detail/CVE-2017-5716 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201812-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Pedro Sampaio

SOURCES

LAST UPDATE DATE

2025-04-20T23:19:52.724000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE