oss-sec mailing list archives
Re: CVE request: glibc formatted printing vulnerabilities
From: Kees Cook <kees () ubuntu com>
Date: Wed, 11 Jul 2012 14:37:29 -0700
Hi Stefan, On Wed, Jul 11, 2012 at 12:32:35PM +0200, Stefan Cornelius wrote:
3) It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca(). A remote attacker could provide a specially crafted sequence of format specifiers, leading to a crash or, potentially, FORTIFY_SOURCE format string protection mechanism bypass, when processed. References: https://bugzilla.redhat.com/show_bug.cgi?id=826943 Red Hat patch backports/testcases for RHEL6 that include a patch for this: https://bugzilla.redhat.com/attachment.cgi?id=594722&action=diff Red Hat patch backport/testcase for RHEL5 (older glibc versions) https://bugzilla.redhat.com/attachment.cgi?id=594727&action=diff
Is there an upstream commit proposed for this one? I see it mixed into the RH patch with fixes for 1) and 2). Thanks, -Kees -- Kees Cook
Current thread:
- CVE request: glibc formatted printing vulnerabilities Stefan Cornelius (Jul 11)
- Re: CVE request: glibc formatted printing vulnerabilities Kurt Seifried (Jul 11)
- Re: CVE request: glibc formatted printing vulnerabilities Kees Cook (Jul 11)
- Re: CVE request: glibc formatted printing vulnerabilities Stefan Cornelius (Jul 11)