Motor: Execution of arbitrary code — GLSA 200608-27

Motor uses a vulnerable ktools library, which could lead to the execution of arbitrary code.

Affected Packages

dev-util/motor on all architectures
Affected versions < 3.4.0-r1
Unaffected versions revision >= 3.3.0-r1, >= 3.4.0-r1

Background

Motor is a text mode based programming environment for Linux, with a syntax highlighting feature, project manager, makefile generator, gcc and gdb front-end, and CVS integration.

Description

In November 2005, Zone-H Research reported a boundary error in the ktools library in the VGETSTRING() macro of kkstrtext.h, which may cause a buffer overflow via an overly long input string.

Impact

A remote attacker could entice a user to use a malicious file or input, which could lead to the crash of Motor and possibly the execution of arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All Motor 3.3.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-util/motor-3.3.0-r1"

All motor 3.4.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-util/motor-3.4.0-r1"

References

Release Date
August 29, 2006

Latest Revision
August 29, 2006: 01

Severity
normal

Exploitable
remote

Bugzilla entries