Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 8 May 2013 23:07:02 +0200
From: Peter Bex <Peter.Bex@...all.nl>
To: Open Source Security <oss-security@...ts.openwall.com>
Subject: CVE request: CHICKEN Scheme incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun)

Hi all,

I'd like to request a CVE for a select() fd_set buffer overrun problem
in CHICKEN Scheme before 4.8.2 and all stable versions up to and
including 4.8.0.3, on non-Windows systems.

The bug exists due to an incomplete fix for CVE-2012-6122.  Originally,
only the userland thread scheduler's use of select() was rewritten to
use POSIX poll().  It was later discovered by Florian Zumbiehl and Joerg
Wittenberger that select() was still being used in three other places.

This bug is remotelye xploitable in networking code, under the right
conditions (if the "ulimit -n" value exceeds FD_SETSIZE).

The announcement can be found at
http://lists.nongnu.org/archive/html/chicken-announce/2013-05/msg00000.html

There are two commits which together fix the bug:
http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=9e2022652258e8a30e5cedbf0abc9cd85a0f6af7
http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=556108092774086b6c86c2e27daf3f740ffec091

Cheers,
Peter Bex

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.