oss-sec mailing list archives
Re: CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552)
From: Jeff Law <law () redhat com>
Date: Fri, 07 Sep 2012 11:29:33 -0600
On 09/07/2012 11:21 AM, Kurt Seifried wrote:
Just because it's known/expected behaviour doesn't mean it's not a potential attack vector. Blowing out the stack is definitely a vector for attack:2) Issue #2 (mentioned here only for completeness, but I am not of the opinion this should receive a CVE identifier. See argumentation below [but open to glibc upstream / others to disprove it]).I will hold off on issuing a CVE for this then. Anyone want to weigh in?alloca() stack overflow (first issue from the report below) Upstream bug report: [3] http://sourceware.org/bugzilla/show_bug.cgi?id=14552 If I have looked correctly this is expected / known behaviour of alloca() - from the manual page: [4] http://linux.die.net/man/3/alloca
http://www.phrack.org/issues.html?issue=67&id=9#article http://www.phrack.com/issues.html?issue=63&id=14#article Jeff
Current thread:
- CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Jan Lieskovsky (Sep 07)
- Re: CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Kurt Seifried (Sep 07)
- Re: CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Jeff Law (Sep 07)
- Re: CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Florian Weimer (Sep 10)
- Re: CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Jan Lieskovsky (Sep 10)
- Re: CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Kurt Seifried (Sep 13)
- Re: CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Kurt Seifried (Sep 07)