oss-sec mailing list archives
Re: two vulns in uClibc-0.9.33.2
From: Waldemar Brodkorb <wbx () uclibc-ng org>
Date: Fri, 23 Jun 2017 23:20:41 +0200
Hi, fefe wrote,
I found two vulns in uClibc-0.9.33.2 (https://uclibc.org/)uClibc is dead. Active development happens on uClibc-ng. Is uClibc-ngalso affected by these issues? uclibc_ng is also affected.
I tried to cross-compile attached code and run it in qemu-system-arm. What should be the result? I see a segfault for poc2.c. But this also happens with glibc based system. Is the complete app code just plain wrong? Can you provide full application code and the results showing the issue? best regards Waldemar
Attachment:
poc1.c
Description:
Attachment:
poc2.c
Description:
Current thread:
- Re: two vulns in uClibc-0.9.33.2, (continued)
- Re: two vulns in uClibc-0.9.33.2 Peter Korsgaard (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Seth Arnold (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Kurt Seifried (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Michal Zalewski (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Bob Friesenhahn (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Florian Weimer (Jun 17)
- Re: two vulns in uClibc-0.9.33.2 Michal Zalewski (Jun 17)
- Re: two vulns in uClibc-0.9.33.2 Simon McVittie (Jun 17)
- Re: two vulns in uClibc-0.9.33.2 Jakub Wilk (Jun 17)
- Re: two vulns in uClibc-0.9.33.2 Waldemar Brodkorb (Jun 23)
- re: two vulns in uClibc-0.9.33.2 fefe (Jun 26)