Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 17 Aug 2017 14:24:47 +0930
From: Doran Moppert <dmoppert@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2017-7555 augeas: crash/memory corruption when handling certain
 escaped strings

A vulnerability was found in augeas <http://augeas.net/> that could
allow attackers to cause memory corruption possibly leading to arbitrary
code execution by passing crafted strings that would be mis-handled by
parse_name().  A patch created by David Lutterkort is available on the
following PR:

https://github.com/hercules-team/augeas/pull/480

Briefly, input strings ending with a whitespace char would be escaped
(aug_escape_name) then incorrectly trimmed in parse_name, leading to a
later loop stepping over the terminating NUL character.  Crashes in
libvirtd were observed.

This issue was discovered by Han Han (Red Hat) through fuzzing with the
Dice testing framework.

https://bugzilla.redhat.com/show_bug.cgi?id=1478373

-- 
Doran Moppert
Red Hat Product Security

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ