oss-sec mailing list archives
Re: CVE id request: libc fortify source information disclosure
From: Tomas Hoger <thoger () redhat com>
Date: Thu, 2 Sep 2010 19:17:59 +0200
On Thu, 2 Sep 2010 12:23:23 -0400 Dan Rosenberg wrote:
It seems the fix would need to remove all possibly-useful info from the error message.The backtrace or memory map don't really contain any potentially sensitive information that couldn't be obtained otherwise. It's just the reference to argv[0] (in glibc/debug/fortify_fail.c) that worries me, because this can be directly influenced to cause a printout of process memory.
In case of stack protector failed check, it's still an attempt to print-out info based on what's known to be (partially) corrupted. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE id request: libc fortify source information disclosure Nico Golde (Aug 25)
- Re: CVE id request: libc fortify source information disclosure Josh Bressers (Aug 31)
- Re: CVE id request: libc fortify source information disclosure Steven M. Christey (Aug 31)
- Re: CVE id request: libc fortify source information disclosure Tomas Hoger (Sep 02)
- Re: CVE id request: libc fortify source information disclosure Dan Rosenberg (Sep 02)
- Re: CVE id request: libc fortify source information disclosure Tomas Hoger (Sep 02)
- Re: CVE id request: libc fortify source information disclosure Dan Rosenberg (Sep 02)
- Re: CVE id request: libc fortify source information disclosure Steven M. Christey (Aug 31)
- Re: CVE id request: libc fortify source information disclosure Josh Bressers (Aug 31)