794763 – glibc: F_S format string protection bypass via "nargs" integer overflow

Bug 794763 - glibc: F_S format string protection bypass via "nargs" integer overflow

Summary: glibc: F_S format string protection bypass via "nargs" integer overflow

Keywords:
Status:	CLOSED DUPLICATE of bug 794766
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-02-17 15:08 UTC by Stefan Cornelius
Modified:	2019-09-29 12:50 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2012-02-17 15:48:02 UTC
Embargoed:

Attachments	(Terms of Use)

Description Stefan Cornelius 2012-02-17 15:08:05 UTC

In the Phrack article "A Eulogy for Format Strings", a researcher using nickname "Captain Planet" reported an integer overflow flaw in the format string protection mechanism offered by FORTIFY_SOURCE. A remote attacker could provide a specially crafted executable, leading to FORTIFY_SOURCE format string protection mechanism bypass, when executed.

References:
http://www.phrack.org/issues.html?issue=67&id=9#article

Upstream bug and Kees Cook's proposed patches:
  http://sourceware.org/bugzilla/show_bug.cgi?id=13656
  http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html
  http://sourceware.org/ml/libc-alpha/2012-02/msg00012.html
  http://sourceware.org/ml/libc-alpha/2012-02/msg00073.html

Comment 1 Stefan Cornelius 2012-02-17 15:48:02 UTC


*** This bug has been marked as a duplicate of bug 794766 ***

Note You need to log in before you can comment on or make changes to this bug.