oss-sec mailing list archives
CVE-2012-0864 assignment notification -- glibc F_S format string protection bypass via "nargs" integer overflow
From: Stefan Cornelius <scorneli () redhat com>
Date: Fri, 17 Feb 2012 17:22:04 +0100
Hi, In the Phrack article "A Eulogy for Format Strings", a researcher using nickname "Captain Planet" reported an integer overflow flaw in the format string protection mechanism offered by FORTIFY_SOURCE. A remote attacker could provide a specially crafted executable, leading to FORTIFY_SOURCE format string protection mechanism bypass, when executed. References: http://www.phrack.org/issues.html?issue=67&id=9#article Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=794766 We have assigned CVE-2012-0864 to this issue. Upstream bug and Kees Cook's proposed patches: http://sourceware.org/bugzilla/show_bug.cgi?id=13656 http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html http://sourceware.org/ml/libc-alpha/2012-02/msg00012.html http://sourceware.org/ml/libc-alpha/2012-02/msg00073.html Thanks and kind regards, -- Stefan Cornelius / Red Hat Security Response Team
Current thread:
- CVE-2012-0864 assignment notification -- glibc F_S format string protection bypass via "nargs" integer overflow Stefan Cornelius (Feb 17)