oss-security - CVE-2012-0864 assignment notification -- glibc F_S format string protection bypass via "nargs" integer overflow

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Message-ID: <4F3E7EAC.208@redhat.com>
Date: Fri, 17 Feb 2012 17:22:04 +0100
From: Stefan Cornelius <scorneli@...hat.com>
To: "" <coley@...us.mitre.org>
CC: oss-security@...ts.openwall.com
Subject: CVE-2012-0864 assignment notification -- glibc F_S format string
 protection bypass via "nargs" integer overflow

Hi,

In the Phrack article "A Eulogy for Format Strings", a researcher using
nickname "Captain Planet" reported an integer overflow flaw in the
format string protection mechanism offered by FORTIFY_SOURCE. A remote
attacker could provide a specially crafted executable, leading to
FORTIFY_SOURCE format string protection mechanism bypass, when executed.

References:
http://www.phrack.org/issues.html?issue=67&id=9#article

Red Hat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=794766

We have assigned CVE-2012-0864 to this issue.

Upstream bug and Kees Cook's proposed patches:
  http://sourceware.org/bugzilla/show_bug.cgi?id=13656
  http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html
  http://sourceware.org/ml/libc-alpha/2012-02/msg00012.html
  http://sourceware.org/ml/libc-alpha/2012-02/msg00073.html

Thanks and kind regards,

--
Stefan Cornelius / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.