Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 03 Apr 2013 09:06:00 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Marcus Meissner <meissner@...e.de>
Subject: Re: CVE Request: glibc getaddrinfo() stack overflow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/03/2013 05:10 AM, Marcus Meissner wrote:
> Hi,
> 
> A customer reported a glibc crash, which turned out to be a stack
> overflow in getaddrinfo().
> 
> getaddrinfo() uses: struct sort_result results[nresults]; with
> nresults controlled by the nameservice chain (DNS or /etc/hosts).
> 
> This will be visible mostly on threaded applications with smaller
> stacksizes, or operating near out of stack.
> 
> Reproducer I tried: $ for i in `seq 1 10000000`; do echo "ff00::$i
> a1" >>/etc/hosts; done $ ulimit -s 1024 $ telnet a1 Segmentation
> fault (clean out /etc/hosts again )
> 
> 
> I am not sure you can usually push this amount of addresses via DNS
> for all setups.
> 
> Andreas is currently pushing the patch to glibc GIT.
> 
> Reference: https://bugzilla.novell.com/show_bug.cgi?id=813121
> 
> Ciao, Marcus

Please use CVE-2013-1914 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRXEVYAAoJEBYNRVNeJnmTJAwQAJxeNaGDoLRQ0PRzWshaxk/R
VR/yXYe4DfugtL+lgMgL82T8sQJeSBSWsgBx+f43mnAcGSPhZlHVtPAl5g7Vhe38
/04kiHRGr5srLrl8HFwNLCMRv8nAbslYdHeID6bu6eUN8VoUrhbp5Nd0Fh7I+gqQ
9ryci9tfPaMOmV6gxs1Ug97wGmlBHiXcTlzQR/zGYxDnZe1KS+zMBUgrhrvWxI+z
6L1hZeGJd1aRe61D/HDSZZGuj/olrgSphdN5tUQaKb/TmJlbhfbk1ds2oX4vNcbm
sjnKnT0ttQHfGJHJCTgYOfO13MK2KwEcEBsnUfhUKvx5HdbpMMnPTMT+3IV4I0+K
a07asqZ2P6/zdOz2UeUNJyNXIM5Ruprb0Wy9XbPZUcoWaqBBUGYawdbwqdfAENUs
FTBcqUOhv85igtSoCauYNwpKgBv1xjyYpsxdMRMOMyZsf3b8g4atU2sEumzWxcw3
Jlu4+Nh9JuZtHvHFfpRmA5JPM9mARqAecEDMGS6ZUdeuTCMKIQBkI29Q7pVZG9Jd
30U/evCus1p6K/7iWz5S1iazt1EZOBhAJy4ebrnMIM3eGQGaivwjppIQj8EgtTTh
BIRzW9qVYgf7EpJK9xODx/Oer8AO4+/OYdJ/v9Qq3PCApJRUurBdE/6uc6hTc6cD
I03eGoB7ue4PmzWCFfDk
=eAD0
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ