mailing list archives
Re: GNU libc/regcomp(3) Multiple Vulnerabilities
From: Maksymilian Arciemowicz <cxib () securityreason com>
Date: Tue, 11 Jan 2011 19:25:40 +0100
-----BEGIN PGP SIGNED MESSAGE-----
On 01/11/2011 04:33 PM, halfdog wrote:
Nice find, but not the first one, look at:
I just reported the issue to ubuntu so see how their bug tracking team
was performing on an issue where a standard byte-array-fuzzer just
needed 2secs to find it. I wanted to know, if they could detect a
misclassified issue (was not reported as security bug) and bring it to a
fix. I would have bet, that they would be faster than you, but it seems
that you made the race. What I learned from the excercise (see bug
report date March 2009), is that the ubuntu launchpad platform is an
invaluable source of exploits when used together with google mining.
I agree with you but in my opinion ubuntu tracking team has here nothing
to do. Main problem exists in the GNU libc code so this team should fix
the problem. Just compare the regcomp(3)/BSD and regcomp (3)/linux. In
my opinion the GNU libc implementation is the worst in terms of safety.
Probably vulnerability in glob(3) (CVE-2010-2632) can be used to
resource exhasusion in GNU inetutils ftp server.
pub 4096R/D6E5B530 2010-09-19
uid Maksymilian Arciemowicz (cx) <max () cxib net>
sub 4096R/58BA663C 2010-09-19
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/