oss-sec mailing list archives
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
From: cve-assign () mitre org
Date: Thu, 29 Jan 2015 11:52:02 -0500 (EST)
On 28/01/15 06:57 PM, Huzaifa Sidhpurwala wrote:On 01/29/2015 03:17 AM, Florian Weimer wrote:Use CVE-2012-6686 for "unbound alloca use in glob_in_dir" as covered by Red Hat Bugzilla ID 797096.Oh, it seems Huzaifa posted the wrong Bugzilla reference.Yes, sorry wrong bz.We still need assignment for this fix: <https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7> The matching Red Hat Bugzilla bug is: <https://bugzilla.redhat.com/show_bug.cgi?id=981942>The above is the correct bug with the corresponding impact at: https://bugzilla.redhat.com/show_bug.cgi?id=1186614 MITRE, Can we still use the above CVE for this issue?This would be a bad idea and lead to much confusion, especially for people that have already consumed this CVE and written up reports that in turn have been shipped to other people/etc. Can we REJECT this CVE if the issue is not a security issue, obviously if it is a security issue we should keep this CVE.
The scope of CVE-2012-6686 has already been explicitly identified, i.e. it is 797096. If 797096 does not cover a security issue, or is a duplicate, then we would need to REJECT the CVE.
However, 797096 reports that the issue "can lead to program crashes if excessively long inputs are passed to certain functions." This still sounds like it could be a vulnerability.
Is this already associated with a different CVE? 797096 points to RHBA-2013:0022, which maps to CVE-2013-4357. However, 797096's title does not include CVE-2013-4357.
Additionally if we can get a new CVE for Bz981942 that would be great, thanks!
There now appear to be two different requests for two separate Bugzilla IDs that might be discussing the same issue. Please clarify.
BZ 1186614 is "glibc: Invalid-free when using getaddrinfo()". It points to https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7 which is "Fix encoding name for IDN in getaddrinfo" and modifies gaih_inet() in sysdeps/posix/getaddrinfo.c by setting name=p and malloc_name=true.
CVE-2013-7424 is now assigned with the issue whose scope is defined by commit 2e96f1c7 / gaih_inet(). (A 2011 year is not used because 2e96f1c7 does not clearly identify any security relevance.)
A separate Bugzilla ID, 981942, might be a duplicate. It is titled "ping6 with idn causes crash," includes Comment 4 (Carlos O'Donell 2013-07-08 09:54:18 EDT) which references a discrepancy with upstream's "name = p;" fix in gaih_inet(). It also directly includes commit 2e96f1c7, which has now been associated with CVE-2013-7424/BZ1186614. Yet, here in 981942, there is no apparent reference to 1186614.
Is 981942 a duplicate of CVE-2013-7424/BZ1186614, or is a separate CVE ID required? If a new ID is required, please explain the difference.
--- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Current thread:
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235), (continued)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Marek Kroemeke (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Filip Palian (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Huzaifa Sidhpurwala (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) cve-assign (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Huzaifa Sidhpurwala (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) cve-assign (Jan 29)
- Please REJECT CVE-2012-6686 Florian Weimer (Feb 24)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Raphael Geissert (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Paul Pluzhnikov (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Yves-Alexis Perez (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Sven Kieske (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Paul Pluzhnikov (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)