oss-sec mailing list archives
Re: CVE request: thttpd: Denial of Service (App. crash, local)
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 14 Dec 2012 18:13:44 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/12/2012 03:57 AM, Matthias Weckbecker wrote:
Hi Kurt, Steve, vendors, ..., I think I have never posted it to oss-sec. glibc's crypt() can return NULL under some circumstances which causes thttpd to crash while dereferencing: https://bugzilla.novell.com/show_bug.cgi?id=783165 Maybe you want to assign a CVE. Matthias
- From the Novell bug: Matthias Weckbecker 2012-12-13 10:57:38 UTC For the sake of completeness (got reminded by some random dude on oss): This affects glibc 2.11 (as shipped with 11.4) (with thttpd-2.25b). Also can you post a link to the affected code? thanks. Please use CVE-2012-5640 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQy87IAAoJEBYNRVNeJnmTK0YP/jjyu9SeRrhpV9FCg0nUlfcJ bfqnrJEw9co7/JsMKJWKoIVqq8wDr4jxmyhANdlAZtapiFPlGficNBnpk+QgWSA9 u1TWooq7tEf4flxXjPYa2JPopfxXHXBBupZSWPeTNxBLlUs1OoO+/EP9y52LI/jM SS9qTZhCBQdIqT9VEZlbY+D35cM+QfGVKf4Y2nzbMKTOdnDw46WCjA/ALI4KmVIc F+GpxHJdk541PDd5dnRSaYYK6Q6ImM8uWqIAWz1ag+Fgcbmidy79Hg/iWUY2zPll 4pWA00lvM0EYeWpe2vhi0eOxHV0S5L51jFXgTsq2iJrLXe/BE9OrCcC9itccWMQ8 RgWJJ5aXNV1Zd0Pt5fJ5NUTVye+7b8yxZCIGZl8sAl9fwMBKGhbfsgHhXT+RnnIM t9RWOt64RG2fkoc1s7I0m6VhCRm5r58VLv/HobeXDfEZmN1ca6/3Q5jotLOMwh2H Igy0v3Lkl8FqbZlQri+akC+q5yOVbN4wuU7Z2KbLZge2mGxMNdsAWGu1p5zKHLoZ 6gPDE1Dktizb1q8Vy8nfOVYhNtpf3+Jj5J16Fxgc5fUa+IOs2uN690C30acdVZ6Q wMNnQsA9iVSP+YCc3WptXj2nQUUehjHh1xjp6HSmZbxLQdJTglOfi185Ouug3F/m 9ZLaZdlwwFXNPJtSvTDy =484d -----END PGP SIGNATURE-----
Current thread:
- CVE request: thttpd: Denial of Service (App. crash, local) Matthias Weckbecker (Dec 12)
- Re: CVE request: thttpd: Denial of Service (App. crash, local) Henri Salo (Dec 12)
- Re: CVE request: thttpd: Denial of Service (App. crash, local) Kurt Seifried (Dec 14)