Date: Wed, 8 May 2013 23:07:02 +0200 From: Peter Bex <Peter.Bex@...all.nl> To: Open Source Security <oss-security@...ts.openwall.com> Subject: CVE request: CHICKEN Scheme incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun) Hi all, I'd like to request a CVE for a select() fd_set buffer overrun problem in CHICKEN Scheme before 4.8.2 and all stable versions up to and including 22.214.171.124, on non-Windows systems. The bug exists due to an incomplete fix for CVE-2012-6122. Originally, only the userland thread scheduler's use of select() was rewritten to use POSIX poll(). It was later discovered by Florian Zumbiehl and Joerg Wittenberger that select() was still being used in three other places. This bug is remotelye xploitable in networking code, under the right conditions (if the "ulimit -n" value exceeds FD_SETSIZE). The announcement can be found at http://lists.nongnu.org/archive/html/chicken-announce/2013-05/msg00000.html There are two commits which together fix the bug: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=9e2022652258e8a30e5cedbf0abc9cd85a0f6af7 http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=556108092774086b6c86c2e27daf3f740ffec091 Cheers, Peter Bex
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.