Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 21 Apr 2015 14:54:10 +0200
From: Florian Weimer <fweimer@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2015-1781 in glibc

Arjun Shankar of Red Hat discovered that the nss_dns code does not
adjust the buffer length when the buffer start pointer is aligned.  As a
result, a buffer overflow can occur in the implementation of functions
such as gethostbyname_r, and crafted DNS responses might cause
application crashes or result in arbitrary code execution.

This can only happen if these functions are called with a misaligned
buffer.  I looked at quite a bit of source code, and tested applications
with a patched glibc that logs misaligned buffers.  I did not observe
any such misaligned buffers.

Upstream bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=18287

Upstream commit:

https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386

-- 
Florian Weimer / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ