Date: Thu, 17 Aug 2017 14:24:47 +0930 From: Doran Moppert <dmoppert@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2017-7555 augeas: crash/memory corruption when handling certain escaped strings A vulnerability was found in augeas <http://augeas.net/> that could allow attackers to cause memory corruption possibly leading to arbitrary code execution by passing crafted strings that would be mis-handled by parse_name(). A patch created by David Lutterkort is available on the following PR: https://github.com/hercules-team/augeas/pull/480 Briefly, input strings ending with a whitespace char would be escaped (aug_escape_name) then incorrectly trimmed in parse_name, leading to a later loop stepping over the terminating NUL character. Crashes in libvirtd were observed. This issue was discovered by Han Han (Red Hat) through fuzzing with the Dice testing framework. https://bugzilla.redhat.com/show_bug.cgi?id=1478373 -- Doran Moppert Red Hat Product Security [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ