oss-sec mailing list archives
Re: Re: CVE Request: glibc getaddrinfo() stack overflow
From: Florian Weimer <fweimer () redhat com>
Date: Sat, 14 Sep 2013 12:56:02 +0200
On 08/22/2013 09:18 AM, Florian Weimer wrote:
On 07/04/2013 09:06 PM, Maksymilian wrote:Perhaps there are some missing CVE ids?In 2011 the problem with alloca() was not defined as a vulnerability. http://sourceware.org/bugzilla/show_bug.cgi?id=12671I believe the analysis in this bug report is incorrect. The security implications are unclear. A straight copy of a long name to a stack buffer should trigger a crash because it hits the guard page, but even that could be a problem for daemons. On the other hand, it's impossible to know for sure that no GCC version ever lays out the stack in such a way that we end up with a problem. Multi-threaded programs linking in script interpreters are more exposed to these problems, too.
Kurt told me that the above didn't make it sufficiently clear that I consider this issue CVE-worthy.
-- Florian Weimer / Red Hat Product Security Team
Current thread:
- Re: CVE Request: glibc getaddrinfo() stack overflow Raphael Geissert (Jul 04)
- <Possible follow-ups>
- Re: CVE Request: glibc getaddrinfo() stack overflow Maksymilian (Jul 04)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Aug 22)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Sep 14)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Kurt Seifried (Sep 16)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Raphael Geissert (Sep 17)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Aug 22)