Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170623212041.GT26922@waldemar-brodkorb.de>
Date: Fri, 23 Jun 2017 23:20:41 +0200
From: Waldemar Brodkorb <wbx@...ibc-ng.org>
To: fefe <qbenjin@...com>
Cc: Peter Korsgaard <peter@...sgaard.com>,
	"Anthony G. Basile" <basile@...eharbor.net>,
	oss-security <oss-security@...ts.openwall.com>
Subject: Re: two vulns in  uClibc-0.9.33.2

Hi,
fefe wrote,

> >> I found two vulns in  uClibc-0.9.33.2 (https://uclibc.org/)
> 
> >uClibc is dead. Active development happens on uClibc-ng. Is uClibc-ng
> also affected by these issues?
> 
> 
> uclibc_ng is also affected.
 
I tried to cross-compile attached code and run it in
qemu-system-arm.

What should be the result?

I see a segfault for poc2.c. But this also happens with glibc
based system.

Is the complete app code just plain wrong?
Can you provide full application code and the results showing the
issue?

best regards
 Waldemar

View attachment "poc1.c" of type "text/x-csrc" (335 bytes)

View attachment "poc2.c" of type "text/x-csrc" (458 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.