oss-sec mailing list archives
Re: CVE request: glibc formatted printing vulnerabilities
From: Stefan Cornelius <scorneli () redhat com>
Date: Thu, 12 Jul 2012 08:14:10 +0200
On 07/11/2012 11:37 PM, Kees Cook wrote:
Hi Stefan, On Wed, Jul 11, 2012 at 12:32:35PM +0200, Stefan Cornelius wrote:3) It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca(). A remote attacker could provide a specially crafted sequence of format specifiers, leading to a crash or, potentially, FORTIFY_SOURCE format string protection mechanism bypass, when processed. References: https://bugzilla.redhat.com/show_bug.cgi?id=826943 Red Hat patch backports/testcases for RHEL6 that include a patch for this: https://bugzilla.redhat.com/attachment.cgi?id=594722&action=diff Red Hat patch backport/testcase for RHEL5 (older glibc versions) https://bugzilla.redhat.com/attachment.cgi?id=594727&action=diffIs there an upstream commit proposed for this one? I see it mixed into the RH patch with fixes for 1) and 2). Thanks, -Kees
Hi Kees, Unfortunately, I'm currently unaware of an upstream patch for this. I've asked our maintainers for the status of this and, hopefully, I can provide you with a better response soon. Kind regards, -- Stefan Cornelius / Red Hat Security Response Team
Current thread:
- CVE request: glibc formatted printing vulnerabilities Stefan Cornelius (Jul 11)
- Re: CVE request: glibc formatted printing vulnerabilities Kurt Seifried (Jul 11)
- Re: CVE request: glibc formatted printing vulnerabilities Kees Cook (Jul 11)
- Re: CVE request: glibc formatted printing vulnerabilities Stefan Cornelius (Jul 11)