FS#16253 - [glibc] strfmon() integer overflow
Attached to Project:
Arch Linux
Opened by Roman Kyrylych (Romashka) - Saturday, 19 September 2009, 07:37 GMT
Last edited by Allan McRae (Allan) - Thursday, 22 October 2009, 10:28 GMT
Opened by Roman Kyrylych (Romashka) - Saturday, 19 September 2009, 07:37 GMT
Last edited by Allan McRae (Allan) - Thursday, 22 October 2009, 10:28 GMT
|
Details
Description:
GNU glibc is prone to an integer-overflow weakness. An attacker can exploit this issue through other applications such as PHP to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition Additional info: * glibc x<=2.10.1 affected * exploit is available * no fix available yet * details at http://securityreason.com/achievement_securityalert/67 |
This task depends upon
Closed by Allan McRae (Allan)
Thursday, 22 October 2009, 10:28 GMT
Reason for closing: Fixed
Additional comments about closing: 2.10.1-5 in [testing]
Thursday, 22 October 2009, 10:28 GMT
Reason for closing: Fixed
Additional comments about closing: 2.10.1-5 in [testing]
http://sources.redhat.com/bugzilla/show_bug.cgi?id=9707 - Closed as invalid
http://sources.redhat.com/bugzilla/show_bug.cgi?id=10600
"Despite the differences in the code NetBSD libc and glibc, issue is the same but the exploit differs"
I will deal with this when I do the toolchain rebuild for the upcoming binutils release.