Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20170817045446.GA21510@sin.redhat.com>
Date: Thu, 17 Aug 2017 14:24:47 +0930
From: Doran Moppert <dmoppert@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2017-7555 augeas: crash/memory corruption when handling certain
 escaped strings

A vulnerability was found in augeas <http://augeas.net/> that could
allow attackers to cause memory corruption possibly leading to arbitrary
code execution by passing crafted strings that would be mis-handled by
parse_name().  A patch created by David Lutterkort is available on the
following PR:

https://github.com/hercules-team/augeas/pull/480

Briefly, input strings ending with a whitespace char would be escaped
(aug_escape_name) then incorrectly trimmed in parse_name, leading to a
later loop stepping over the terminating NUL character.  Crashes in
libvirtd were observed.

This issue was discovered by Han Han (Red Hat) through fuzzing with the
Dice testing framework.

https://bugzilla.redhat.com/show_bug.cgi?id=1478373

-- 
Doran Moppert
Red Hat Product Security

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.