oss-sec mailing list archives
Re: CVE Request: glibc getaddrinfo() stack overflow
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 03 Apr 2013 09:06:00 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/03/2013 05:10 AM, Marcus Meissner wrote:
Hi, A customer reported a glibc crash, which turned out to be a stack overflow in getaddrinfo(). getaddrinfo() uses: struct sort_result results[nresults]; with nresults controlled by the nameservice chain (DNS or /etc/hosts). This will be visible mostly on threaded applications with smaller stacksizes, or operating near out of stack. Reproducer I tried: $ for i in `seq 1 10000000`; do echo "ff00::$i a1" >>/etc/hosts; done $ ulimit -s 1024 $ telnet a1 Segmentation fault (clean out /etc/hosts again ) I am not sure you can usually push this amount of addresses via DNS for all setups. Andreas is currently pushing the patch to glibc GIT. Reference: https://bugzilla.novell.com/show_bug.cgi?id=813121 Ciao, Marcus
Please use CVE-2013-1914 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRXEVYAAoJEBYNRVNeJnmTJAwQAJxeNaGDoLRQ0PRzWshaxk/R VR/yXYe4DfugtL+lgMgL82T8sQJeSBSWsgBx+f43mnAcGSPhZlHVtPAl5g7Vhe38 /04kiHRGr5srLrl8HFwNLCMRv8nAbslYdHeID6bu6eUN8VoUrhbp5Nd0Fh7I+gqQ 9ryci9tfPaMOmV6gxs1Ug97wGmlBHiXcTlzQR/zGYxDnZe1KS+zMBUgrhrvWxI+z 6L1hZeGJd1aRe61D/HDSZZGuj/olrgSphdN5tUQaKb/TmJlbhfbk1ds2oX4vNcbm sjnKnT0ttQHfGJHJCTgYOfO13MK2KwEcEBsnUfhUKvx5HdbpMMnPTMT+3IV4I0+K a07asqZ2P6/zdOz2UeUNJyNXIM5Ruprb0Wy9XbPZUcoWaqBBUGYawdbwqdfAENUs FTBcqUOhv85igtSoCauYNwpKgBv1xjyYpsxdMRMOMyZsf3b8g4atU2sEumzWxcw3 Jlu4+Nh9JuZtHvHFfpRmA5JPM9mARqAecEDMGS6ZUdeuTCMKIQBkI29Q7pVZG9Jd 30U/evCus1p6K/7iWz5S1iazt1EZOBhAJy4ebrnMIM3eGQGaivwjppIQj8EgtTTh BIRzW9qVYgf7EpJK9xODx/Oer8AO4+/OYdJ/v9Qq3PCApJRUurBdE/6uc6hTc6cD I03eGoB7ue4PmzWCFfDk =eAD0 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: glibc getaddrinfo() stack overflow Marcus Meissner (Apr 03)
- Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Apr 03)
- Re: CVE Request: glibc getaddrinfo() stack overflow Sebastian Krahmer (Apr 03)
- Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Apr 03)
- Re: CVE Request: glibc getaddrinfo() stack overflow Sebastian Krahmer (Apr 03)
- Re: CVE Request: glibc getaddrinfo() stack overflow Kurt Seifried (Apr 03)
- Re: CVE Request: glibc getaddrinfo() stack overflow Marcus Meissner (Apr 05)
- Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Apr 03)