oss-sec mailing list archives
CVE request: CHICKEN Scheme incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun)
From: Peter Bex <Peter.Bex () xs4all nl>
Date: Wed, 8 May 2013 23:07:02 +0200
Hi all, I'd like to request a CVE for a select() fd_set buffer overrun problem in CHICKEN Scheme before 4.8.2 and all stable versions up to and including 4.8.0.3, on non-Windows systems. The bug exists due to an incomplete fix for CVE-2012-6122. Originally, only the userland thread scheduler's use of select() was rewritten to use POSIX poll(). It was later discovered by Florian Zumbiehl and Joerg Wittenberger that select() was still being used in three other places. This bug is remotelye xploitable in networking code, under the right conditions (if the "ulimit -n" value exceeds FD_SETSIZE). The announcement can be found at http://lists.nongnu.org/archive/html/chicken-announce/2013-05/msg00000.html There are two commits which together fix the bug: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=9e2022652258e8a30e5cedbf0abc9cd85a0f6af7 http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=556108092774086b6c86c2e27daf3f740ffec091 Cheers, Peter Bex
Current thread:
- CVE request: CHICKEN Scheme incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun) Peter Bex (May 08)