Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 14 Feb 2017 19:43:32 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: Pending CVE requests for glibc

On Tue, Sep 08, 2015 at 01:02:44PM +0530, Huzaifa Sidhpurwala wrote:
> Hi MITRE,
> 
> I could not help but notice, some glibc security issues were not
> assigned CVE ids.

Blast from the past :-)

I re-submitted this via the new MITRE webform and this got assigned
within a few hours. Here's the assignments looped back to oss-security:

> 1. glibc: multiple overflows in strxfrm()
> Integer overflow when computing memory allocation sizes (similar to
> CVE-2012-4412) was reported [1] in glibc strxfrm() function. Attached
> strxfrm-int32.c should trigger this issue on a 32-bit systems.
> Additionally, it was discovered [1] that strxfrm() falls back to an
> unbounded alloca if malloc fails making it vulnerable to stack-based
> buffer overflows (similar to CVE-2012-4424). Attached strxfrm-alloca.c
> should trigger this issue.
> 
> Previously a request was made via:
> http://seclists.org/oss-sec/2015/q1/540

CVE-2015-8982

> 2. glibc: _IO_wstr_overflow integer overflow
> An integer overflow flaw, leading to a heap-based buffer overflow, was
> found in glibc's _IO_wstr_overflow() function. If an application used
> this function, it could cause the application to crash or, potentially,
> execute arbitrary code with the privileges of the user running the
> application.
> 
> https://sourceware.org/bugzilla/show_bug.cgi?id=17269
> https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33

CVE-2015-8983

> 3. glibc: potential denial of service in internal_fnmatch()
> It was reported [1] that when processing certain malformed patterns,
> fnmatch can skip over the NUL byte terminating the pattern.  This can
> potentially result in an application crash if fnmatch hits an unmapped
> page before encountering a NUL byte.
> 
> https://sourceware.org/bugzilla/show_bug.cgi?id=18032
> https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185
> 
> Previously a request was made via:
> http://seclists.org/oss-sec/2015/q1/689

CVE-2015-8984

> 4. glibc: potential denial of service in pop_fail_stack()
> A crash was reported [1] during glibc extended regular expression
> processing. No known patch exists at the time of writing.
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392

CVE-2015-8985

Cheers,
        Moritz

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ