[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 29 Oct 2015 17:45:21 -0700
From: akuster <akuster@...sta.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org, Florian Weimer <fweimer@...hat.com>
Subject: Re: CVE Request: Glibc Pointer guarding weakness
On 10/15/2015 01:08 AM, Florian Weimer wrote:
> On 09/05/2015 06:49 PM, Hector Marco-Gisbert wrote:
>> Hello,
>>
>> A weakness in the dynamic loader have been found, Glibc prior to 2.22.90
>> are affected. The issue is that the LD_POINTER_GUARD in the environment
>> is not sanitized allowing local attackers easily to bypass the pointer
>> guarding protection on set-user-ID and set-group-ID programs.
>>
>>
>> Details and PoC at:
>> http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html
>>
>>
>> A patch is already sent to Glibc maintainers. This issue is similar to
>> http://hmarco.org/bugs/CVE-2013-4788.html but now affect to dynamic
>> linked applications.
>
>> Could you please assign a CVE ?
Did I miss the assignment or this does not warrant a CVE?
- armin
>
> Upstream commit:
>
> https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=a014cecd82b71b70a6a843e250e06b541ad524f7
>
> Florian
>
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
