oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2012-0864 assignment notification -- glibc F_S format string protection bypass via "nargs" integer overflow

From: Stefan Cornelius <scorneli () redhat com>
Date: Fri, 17 Feb 2012 17:22:04 +0100
Hi,

In the Phrack article "A Eulogy for Format Strings", a researcher using
nickname "Captain Planet" reported an integer overflow flaw in the
format string protection mechanism offered by FORTIFY_SOURCE. A remote
attacker could provide a specially crafted executable, leading to
FORTIFY_SOURCE format string protection mechanism bypass, when executed.

References:
http://www.phrack.org/issues.html?issue=67&id=9#article

Red Hat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=794766

We have assigned CVE-2012-0864 to this issue.

Upstream bug and Kees Cook's proposed patches:
  http://sourceware.org/bugzilla/show_bug.cgi?id=13656
  http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html
  http://sourceware.org/ml/libc-alpha/2012-02/msg00012.html
  http://sourceware.org/ml/libc-alpha/2012-02/msg00073.html

Thanks and kind regards,

--
Stefan Cornelius / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: