oss-sec mailing list archives
Re: Re: CVE Request: glibc getaddrinfo() stack overflow
From: Florian Weimer <fweimer () redhat com>
Date: Thu, 22 Aug 2013 09:18:59 +0200
On 07/04/2013 09:06 PM, Maksymilian wrote:
Perhaps there are some missing CVE ids?In 2011 the problem with alloca() was not defined as a vulnerability. http://sourceware.org/bugzilla/show_bug.cgi?id=12671
I believe the analysis in this bug report is incorrect. The security implications are unclear. A straight copy of a long name to a stack buffer should trigger a crash because it hits the guard page, but even that could be a problem for daemons.
On the other hand, it's impossible to know for sure that no GCC version ever lays out the stack in such a way that we end up with a problem. Multi-threaded programs linking in script interpreters are more exposed to these problems, too.
-- Florian Weimer / Red Hat Product Security Team
Current thread:
- Re: CVE Request: glibc getaddrinfo() stack overflow Raphael Geissert (Jul 04)
- <Possible follow-ups>
- Re: CVE Request: glibc getaddrinfo() stack overflow Maksymilian (Jul 04)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Aug 22)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Sep 14)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Kurt Seifried (Sep 16)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Raphael Geissert (Sep 17)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Aug 22)