musl - Re: Security advisory for musl libc - stack-based buffer overflow in ipv6 literal parsing [CVE-2015-1817]

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Mon, 30 Mar 2015 11:33:37 +0700
From: Рысь <lynx@...server.ru>
To: musl@...ts.openwall.com
Subject: Re: Security advisory for musl libc - stack-based buffer
 overflow in ipv6 literal parsing [CVE-2015-1817]

On Mon, 30 Mar 2015 00:01:25 -0400
Rich Felker <dalias@...c.org> wrote:

> A stack-based buffer overflow has been found in musl libc's ipv6
> address literal parsing code. Programs which call the inet_pton or
> getaddrinfo function with AF_INET6 or AF_UNSPEC and untrusted address
> strings are affected. Successful exploitation yields control of the
> return address. Having enabled stack protector at the application
> level does not mitigate the issue. All users should patch or upgrade.
> 
> Software: musl libc (http://www.musl-libc.org)
> 
> Severity: high
> 
> Affected Versions: 0.9.15 - 1.0.4, 1.1.0 - 1.1.7.
> 
> Bug introduced in commit: 78f889153167452de4cbced921f6428b3d4f663a
> 
> Bug fixed in commit: fc13acc3dcb5b1f215c007f583a63551f6a71363
> 
> Patch: musl_dn_expand_overflow_fix.diff (attached) (fix+hardening)

How much it affects readonly embedded systems as well? Does almost
latest dropbear listening ssh port publicly is actually vulnerable?

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.