Bug 1029468

Summary: pvm: trcsort crashes with exit status 139
Product: [Other] Security Response Reporter: Ratul Gupta <ratulg>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: alex, dledford, hobbes1069, jkurik, ktdreyer
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-05-29 07:09:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1029469, 1029471    
Bug Blocks: 1029473    

Description Ratul Gupta 2013-11-12 12:47:32 UTC 
trcsort, found in the package PVM, crashes with exit status 139.

The reporter has specifically crafted a shell file, which have been confirmed to crash the application with error output as:
/crash.sh: line 20:  7696 Segmentation fault      (core dumped) /usr/share/pvm3/bin/LINUXX86_64/tracer "`cat $DIR/argv_1.symb`" < "$DIR/file___dev__stdin.symb"

The complete crash dump and shell file is provided by the original reporter here:
http://www.forallsecure.com/bug-reports/a69cfdfa36bb4f338c9d6464f0703fcc8821b309/full_report

References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=716396
Comment 1 Ratul Gupta 2013-11-12 12:50:00 UTC 
Created pvm tracking bugs for this issue:

Affects: fedora-all [bug 1029469]
Affects: epel-6 [bug 1029471]
Comment 3 Huzaifa S. Sidhpurwala 2014-05-29 07:09:52 UTC 
The Red Hat Security Security Response team does not consider this issue to be a security flaw.