Bug 947882 (CVE-2013-1914)
Summary: | CVE-2013-1914 glibc: Stack (frame) overflow in getaddrinfo() when processing entry mapping to long list of address structures | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | unspecified | CC: | codonell, dmalcolm, fweimer, jakub, law, mfranc, mnewsome, pfrankli, schwab, spoyarek | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: |
It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2013-11-22 05:35:52 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 947892, 951130, 951132, 951213, 980323 | ||||||
Bug Blocks: | 947890, 974906 | ||||||
Attachments: |
|
Description
Jan Lieskovsky
2013-04-03 13:33:33 UTC
Created attachment 731167 [details]
Local copy of proposed patch by Novell
This issue affects the versions of the glibc package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue affects the versions of the glibc package, as shipped with Fedora release of 17 and 18. Please schedule an update. Created glibc tracking bugs for this issue Affects: fedora-all [bug 947892] We are aware of this issue and we are looking at it in upstream [1]. The application stack overflow results in a crash but requires poisoning DNS. We will wait for a more thorough upstream review and test before fixing this in all of Fedora. Given the low priority we will fix this as required in RHEL. If anyone has an objection to this plan of action please speak up with comments about why this should be higher than low priority and low severity. [1] http://sourceware.org/ml/libc-alpha/2013-04/msg00060.html The CVE identifier of CVE-2013-1914 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2013/04/03/6 Upstream bug report: http://sourceware.org/bugzilla/show_bug.cgi?id=15330 Relevant upstream patch: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1cef1b19089528db11f221e938f60b9b048945d7 This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0769 https://rhn.redhat.com/errata/RHSA-2013-0769.html glibc-2.17-13.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1605 https://rhn.redhat.com/errata/RHSA-2013-1605.html IssueDescription: It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. |