Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: thttpd: Denial of Service (App. crash, local)
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 14 Dec 2012 18:13:44 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/12/2012 03:57 AM, Matthias Weckbecker wrote:
Hi Kurt, Steve, vendors, ...,

I think I have never posted it to oss-sec. glibc's crypt() can
return NULL under some circumstances which causes thttpd to crash
while dereferencing:

https://bugzilla.novell.com/show_bug.cgi?id=783165

Maybe you want to assign a CVE.

Matthias


- From the Novell bug:
Matthias Weckbecker 2012-12-13 10:57:38 UTC
For the sake of completeness (got reminded by some random dude on
oss): This affects glibc 2.11 (as shipped with 11.4) (with thttpd-2.25b).

Also can you post a link to the affected code? thanks.

Please use CVE-2012-5640 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQy87IAAoJEBYNRVNeJnmTK0YP/jjyu9SeRrhpV9FCg0nUlfcJ
bfqnrJEw9co7/JsMKJWKoIVqq8wDr4jxmyhANdlAZtapiFPlGficNBnpk+QgWSA9
u1TWooq7tEf4flxXjPYa2JPopfxXHXBBupZSWPeTNxBLlUs1OoO+/EP9y52LI/jM
SS9qTZhCBQdIqT9VEZlbY+D35cM+QfGVKf4Y2nzbMKTOdnDw46WCjA/ALI4KmVIc
F+GpxHJdk541PDd5dnRSaYYK6Q6ImM8uWqIAWz1ag+Fgcbmidy79Hg/iWUY2zPll
4pWA00lvM0EYeWpe2vhi0eOxHV0S5L51jFXgTsq2iJrLXe/BE9OrCcC9itccWMQ8
RgWJJ5aXNV1Zd0Pt5fJ5NUTVye+7b8yxZCIGZl8sAl9fwMBKGhbfsgHhXT+RnnIM
t9RWOt64RG2fkoc1s7I0m6VhCRm5r58VLv/HobeXDfEZmN1ca6/3Q5jotLOMwh2H
Igy0v3Lkl8FqbZlQri+akC+q5yOVbN4wuU7Z2KbLZge2mGxMNdsAWGu1p5zKHLoZ
6gPDE1Dktizb1q8Vy8nfOVYhNtpf3+Jj5J16Fxgc5fUa+IOs2uN690C30acdVZ6Q
wMNnQsA9iVSP+YCc3WptXj2nQUUehjHh1xjp6HSmZbxLQdJTglOfi185Ouug3F/m
9ZLaZdlwwFXNPJtSvTDy
=484d
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]