Date: Thu, 17 Aug 2017 14:24:47 +0930 From: Doran Moppert <dmoppert@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2017-7555 augeas: crash/memory corruption when handling certain escaped strings A vulnerability was found in augeas <http://augeas.net/> that could allow attackers to cause memory corruption possibly leading to arbitrary code execution by passing crafted strings that would be mis-handled by parse_name(). A patch created by David Lutterkort is available on the following PR: https://github.com/hercules-team/augeas/pull/480 Briefly, input strings ending with a whitespace char would be escaped (aug_escape_name) then incorrectly trimmed in parse_name, leading to a later loop stepping over the terminating NUL character. Crashes in libvirtd were observed. This issue was discovered by Han Han (Red Hat) through fuzzing with the Dice testing framework. https://bugzilla.redhat.com/show_bug.cgi?id=1478373 -- Doran Moppert Red Hat Product Security Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.