SB2014052002 - Multiple vulnerabilities in call-cc Chicken Scheme

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2013-1874)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory. <a href = http://cwe.mitre.org/data/definitions/426.html> CWE-426: Untrusted Search Path </a>

2) Buffer overflow (CVE-ID: CVE-2014-3776)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.

Remediation

Install update from vendor's website.

References

• http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=blob;f=NEWS;h=c21c7cf9d1faf4f78736890ac7ca1d4b82d72ddd;hb=c6750af99ada7fa4815ee834e4e705bcfac9c137
• http://seclists.org/oss-sec/2013/q1/692
• http://www.osvdb.org/91520
• http://www.securityfocus.com/bid/58583
• https://exchange.xforce.ibmcloud.com/vulnerabilities/85065
• http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e
• http://lists.gnu.org/archive/html/chicken-announce/2014-05/msg00001.html
• http://lists.gnu.org/archive/html/chicken-hackers/2014-05/msg00032.html
• http://seclists.org/oss-sec/2014/q2/328
• http://seclists.org/oss-sec/2014/q2/334
• http://www.securityfocus.com/bid/67468
• https://bugs.call-cc.org/ticket/1124
• https://security.gentoo.org/glsa/201612-54