Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 17 Feb 2012 17:22:04 +0100
From: Stefan Cornelius <>
To: "" <>
Subject: CVE-2012-0864 assignment notification -- glibc F_S format string
 protection bypass via "nargs" integer overflow


In the Phrack article "A Eulogy for Format Strings", a researcher using
nickname "Captain Planet" reported an integer overflow flaw in the
format string protection mechanism offered by FORTIFY_SOURCE. A remote
attacker could provide a specially crafted executable, leading to
FORTIFY_SOURCE format string protection mechanism bypass, when executed.


Red Hat bug:

We have assigned CVE-2012-0864 to this issue.

Upstream bug and Kees Cook's proposed patches:

Thanks and kind regards,

Stefan Cornelius / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.