oss-sec mailing list archives
CVE-2015-1781 in glibc
From: Florian Weimer <fweimer () redhat com>
Date: Tue, 21 Apr 2015 14:54:10 +0200
Arjun Shankar of Red Hat discovered that the nss_dns code does not adjust the buffer length when the buffer start pointer is aligned. As a result, a buffer overflow can occur in the implementation of functions such as gethostbyname_r, and crafted DNS responses might cause application crashes or result in arbitrary code execution. This can only happen if these functions are called with a misaligned buffer. I looked at quite a bit of source code, and tested applications with a patched glibc that logs misaligned buffers. I did not observe any such misaligned buffers. Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=18287 Upstream commit: https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386 -- Florian Weimer / Red Hat Product Security
Current thread:
- CVE-2015-1781 in glibc Florian Weimer (Apr 21)