Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200711-27
HistoryNov 18, 2007 - 12:00 a.m.

Link Grammar: User-assisted execution of arbitrary code

2007-11-1800:00:00
Gentoo Foundation
security.gentoo.org
7

0.271 Low

EPSS

Percentile

96.8%

JSON

Background

The Link Grammar parser is a syntactic parser of English, based on link grammar, an original theory of English syntax.

Description

Alin Rad Pop from Secunia Research discovered a boundary error in the function separate_sentence() in file tokenize.c when processing an overly long word which might lead to a stack-based buffer overflow.

Impact

A remote attacker could entice a user to parse a specially crafted sentence, resulting in the remote execution of arbitrary code with the privileges of the user running the application. Note that this vulnerability may be triggered by an application using Link Grammar to parse sentences (e.g. AbiWord).

Workaround

There is no known workaround at this time.

Resolution

All Link Grammar users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/link-grammar-4.2.4-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-libs/link-grammar< 4.2.4-r1UNKNOWN

Related

fedora 2
openvas 10
securityvulns 3
nessus 5
prion 1
cvelist 1
cve 1
debian 1
debiancve 1
ubuntu 1
ubuntucve 1
fedora
fedora
[SECURITY] Fedora 8 Update: link-grammar-4.2.5-1.fc8
2007-11-13 00:06:54
[SECURITY] Fedora 7 Update: link-grammar-4.2.5-1.fc7
2007-11-15 03:37:06
openvas
openvas
Fedora Update for link-grammar FEDORA-2007-3235
2009-02-27 00:00:00
Fedora Update for link-grammar FEDORA-2007-3235
2009-02-27 00:00:00
Debian: Security Advisory (DSA-1432-1)
2008-01-17 00:00:00
securityvulns
securityvulns
Link Grammar / AbiWord buffer overflow
2007-11-08 00:00:00
Secunia Research: AbiWord Link Grammar &quot;separate_sentence&#40;&#41;&quot; Buffer Overflow
2007-11-08 00:00:00
Secunia Research: Link Grammar &quot;separate_sentence&#40;&#41;&quot; Buffer Overflow
2007-11-08 00:00:00
nessus
nessus
Fedora 8 : link-grammar-4.2.5-1.fc8 (2007-3235)
2007-11-14 00:00:00
GLSA-200711-27 : Link Grammar: User-assisted execution of arbitrary code
2007-11-20 00:00:00
Fedora 7 : link-grammar-4.2.5-1.fc7 (2007-3339)
2007-11-15 00:00:00
prion
prion
Stack overflow
2007-11-08 02:46:00
cvelist
cvelist
CVE-2007-5395
2007-11-08 02:00:00
cve
cve
CVE-2007-5395
2007-11-08 02:46:00
debian
debian
[SECURITY] [DSA 1432-1] New link-grammar packages fix execution of code
2007-12-16 15:13:42
debiancve
debiancve
CVE-2007-5395
2007-11-08 02:46:00
ubuntu
ubuntu
link-grammar vulnerability
2007-11-26 00:00:00
ubuntucve
ubuntucve
CVE-2007-5395
2007-11-08 00:00:00

0.271 Low

EPSS

Percentile

96.8%

JSON
Related for GLSA-200711-27
fedora2openvas10securityvulns3nessus5prion1cvelist1cve1debian1debiancve1ubuntu1ubuntucve1