[Bf-committers] Blender appears on the Bugtraq security list

Kent Mein mein at cs.umn.edu
Fri Jan 6 21:13:40 CET 2006


In reply to Hans Lambermont (hans at lambermont.dyndns.org):

> AFAIK this is the first time that a security bug in Blender popped up on
> the bugtraq list. Is the issue involved also fixed in the blender.org
> CVS tree ? 
> 

I'm pretty sure this is the one I fixed earlier would be nice for someone
to track down this guy and verify its fixed.

Kent

> [USN-238-1] Blender vulnerability
> 	22733 by: Martin Pitt
> 
> [USN-238-2] Blender vulnerability
> 	22734 by: Martin Pitt
> 
> Btw, I have no idea what USN-238-1 is about (does Blender have
> networking capabilities that I missed ?) But USN-238-2 is about a .blend
> file.
> 
> See below.
> 
> -- Hans Lambermont
> 
>     From: Martin Pitt <martin.pitt at canonical.com>
>     To: ubuntu-security-announce at lists.ubuntu.com
>     Subject: [USN-238-1] Blender vulnerability
>     Date: Fri, 6 Jan 2006 10:13:41 +0100
>     Cc: full-disclosure at lists.grok.org.uk, bugtraq at securityfocus.com
>     Message-ID: <20060106091341.GB5197 at piware.de>
> 
> ===========================================================
> Ubuntu Security Notice USN-238-1	   January 06, 2006
> blender vulnerability
> CVE-2005-3354
> ===========================================================
> 
> A security issue affects the following Ubuntu releases:
> 
> Ubuntu 5.10 (Breezy Badger)
> 
> The following packages are affected:
> 
> blender
> 
> The problem can be corrected by upgrading the affected package to
> version 2.37a-1ubuntu1.1.  In general, a standard system upgrade is
> sufficient to effect the necessary changes.
> 
> Details follow:
> 
> Kurt Fitzner discovered that the NBD (network block device) server did
> not correctly verify the maximum size of request packets. By sending
> specially crafted large request packets, a remote attacker who is
> allowed to access the server could exploit this to execute arbitrary
> code with root privileges.
> 
>   Source archives:
> 
>     http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1.diff.gz
>       Size/MD5:    11607 282c2bc853abdd9fcadeb94fd42d293f
>     http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1.dsc
>       Size/MD5:      759 f6d6c5fe8bba50202cb60db85a1f3240
>     http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a.orig.tar.gz
>       Size/MD5:  7885589 2af6afdb01c1d297c43602982d9a919c
> 
>   amd64 architecture (Athlon64, Opteron, EM64T Xeon)
> 
>     http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_amd64.deb
>       Size/MD5:  4791610 926553266642bd9f625e1b27dccd23ff
> 
>   i386 architecture (x86 compatible Intel/AMD)
> 
>     http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_i386.deb
>       Size/MD5:  4113452 ee9f2a301ed054d9c56dd2412757465b
> 
>   powerpc architecture (Apple Macintosh G3/G4/G5)
> 
>     http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_powerpc.deb
>       Size/MD5:  4641056 8b75ee14b6ce089d7172c88343a1b821
> 
> 
> 
>     From: Martin Pitt <martin.pitt at canonical.com>
>     To: ubuntu-security-announce at lists.ubuntu.com
>     Subject: [USN-238-2] Blender vulnerability
>     Date: Fri, 6 Jan 2006 10:47:44 +0100
>     Cc: full-disclosure at lists.grok.org.uk, bugtraq at securityfocus.com
>     Message-ID: <20060106094744.GC5197 at piware.de>
> 
> ===========================================================
> Ubuntu Security Notice USN-238-2	   January 06, 2006
> blender vulnerability
> CVE-2005-4470
> ===========================================================
> 
> A security issue affects the following Ubuntu releases:
> 
> Ubuntu 5.10 (Breezy Badger)
> 
> The following packages are affected:
> 
> blender
> 
> The problem can be corrected by upgrading the affected package to
> version 2.37a-1ubuntu1.1.  In general, a standard system upgrade is
> sufficient to effect the necessary changes.
> 
> The original advisory in USN-238-1 accidentially contained a wrong CVE
> number and advisory text. We apologize for this error.
> 
> Details follow:
> 
> Damian Put discovered that Blender did not properly validate a
> 'length' value in .blend files. Negative values led to an
> insufficiently sized memory allocation. By tricking a user into
> opening a specially crafted .blend file, this could be exploited to
> execute arbitrary code with the privileges of the Blender user.
> 
>   Source archives:
> 
>     http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1.diff.gz
>       Size/MD5:    11607 282c2bc853abdd9fcadeb94fd42d293f
>     http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1.dsc
>       Size/MD5:      759 f6d6c5fe8bba50202cb60db85a1f3240
>     http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a.orig.tar.gz
>       Size/MD5:  7885589 2af6afdb01c1d297c43602982d9a919c
> 
>   amd64 architecture (Athlon64, Opteron, EM64T Xeon)
> 
>     http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_amd64.deb
>       Size/MD5:  4791610 926553266642bd9f625e1b27dccd23ff
> 
>   i386 architecture (x86 compatible Intel/AMD)
> 
>     http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_i386.deb
>       Size/MD5:  4113452 ee9f2a301ed054d9c56dd2412757465b
> 
>   powerpc architecture (Apple Macintosh G3/G4/G5)
> 
>     http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_powerpc.deb
>       Size/MD5:  4641056 8b75ee14b6ce089d7172c88343a1b821
> 
> ----- End forwarded message -----
> 
> -- 
> http://hans.dse.nl/   () ASCII-ribbon campaign against vCards,
>                       /\ HTML-mail and proprietary formats.
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at projects.blender.org
> http://projects.blender.org/mailman/listinfo/bf-committers

-- 
mein at cs.umn.edu
http://www.cs.umn.edu/~mein


More information about the Bf-committers mailing list