oss-sec mailing list archives
Re: Re: CVE Request: glibc getaddrinfo() stack overflow
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 16 Sep 2013 20:27:04 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/14/2013 04:56 AM, Florian Weimer wrote:
On 08/22/2013 09:18 AM, Florian Weimer wrote:On 07/04/2013 09:06 PM, Maksymilian wrote:Perhaps there are some missing CVE ids?In 2011 the problem with alloca() was not defined as a vulnerability. http://sourceware.org/bugzilla/show_bug.cgi?id=12671I believe the analysis in this bug report is incorrect. The security implications are unclear. A straight copy of a long name to a stack buffer should trigger a crash because it hits the guard page, but even that could be a problem for daemons. On the other hand, it's impossible to know for sure that no GCC version ever lays out the stack in such a way that we end up with a problem. Multi-threaded programs linking in script interpreters are more exposed to these problems, too.Kurt told me that the above didn't make it sufficiently clear that I consider this issue CVE-worthy.
I prefer things to be explicit rather than assumed =). Please use CVE-2013-4357 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSN733AAoJEBYNRVNeJnmT378P/1+MwskEw1/W62U4GiP6OvEM Jwx+NagiRoW1vSzmMxMeg623qH+oc5KrmtYHv8X/vG18CTm89gIf7Di4usKKWfOa 2YL5nIwJZrmHVf8kBsH/J8TPZYzzIpkcLHW/w8uqpXQJrDjjJUuHAD5PNHJE+rYA ir1jK09r/Bbv+eGgPQyWMadvxHKRuyhTGNamz5URXJDggEhzlgs9DJkMlVZRmF8M apSWDXWwqf6851aPNornYq78aJEy6itVR5k59e/vFCl19irELj9/7yUDhOcNb8Fk R62uTP4KIOkYIiJONdJlfjvFNN1shhhnZGyiqR7JrD20S7qhLyUWLbIap+l9L0GV 0S1uCrvYhd6spNEmMD2xPdQqF/x1hRqviWcBVtZ32J/jJznb7DRbzhalDxaCCdFr POfK3vo4REPp7rJZSOM68Synltc4uYMImY4YYGd4Ib7biGciKG+PdeFeqcCXfRtS RC3Af3c+yE3BpUuJO/ce3BKIRYw/K7LtUxEHVGfG86mn0teze/m3ghOCE62c1vOv A3zn79ykd2peuSyNOh3masCsuK3AiJG0F9N2U4KPYlDUvVzwJUPH1QAhYPBVPrYI yKz45S1HxeYacrOaf55a5eNSvUqIvvEs7Q7xoSWiV/WTqUO4EDp2jo1QuVgwpAFM 2MObiF6IKdmIsKIZVF1i =Xt7J -----END PGP SIGNATURE-----
Current thread:
- Re: CVE Request: glibc getaddrinfo() stack overflow Raphael Geissert (Jul 04)
- <Possible follow-ups>
- Re: CVE Request: glibc getaddrinfo() stack overflow Maksymilian (Jul 04)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Aug 22)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Sep 14)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Kurt Seifried (Sep 16)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Raphael Geissert (Sep 17)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Aug 22)