oss-sec mailing list archives

Re: CVE request: glibc formatted printing vulnerabilities

From: Kees Cook <kees () ubuntu com>
Date: Wed, 11 Jul 2012 14:37:29 -0700

Hi Stefan,

On Wed, Jul 11, 2012 at 12:32:35PM +0200, Stefan Cornelius wrote:

3) It was discovered that the formatted printing functionality in glibc
did not properly restrict the use of alloca(). A remote attacker could
provide a specially crafted sequence of format specifiers, leading to a
crash or, potentially, FORTIFY_SOURCE format string protection mechanism
bypass, when processed.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=826943

Red Hat patch backports/testcases for RHEL6 that include a patch for this:
https://bugzilla.redhat.com/attachment.cgi?id=594722&action=diff

Red Hat patch backport/testcase for RHEL5 (older glibc versions)
https://bugzilla.redhat.com/attachment.cgi?id=594727&action=diff


Is there an upstream commit proposed for this one? I see it mixed into
the RH patch with fixes for 1) and 2).

Thanks,

-Kees

-- 
Kees Cook

Current thread:

CVE request: glibc formatted printing vulnerabilities Stefan Cornelius (Jul 11)
- Re: CVE request: glibc formatted printing vulnerabilities Kurt Seifried (Jul 11)
- Re: CVE request: glibc formatted printing vulnerabilities Kees Cook (Jul 11)
  - Re: CVE request: glibc formatted printing vulnerabilities Stefan Cornelius (Jul 11)