Bug 947882 (CVE-2013-1914) - CVE-2013-1914 glibc: Stack (frame) overflow in getaddrinfo() when processing entry mapping to long list of address structures
Summary: CVE-2013-1914 glibc: Stack (frame) overflow in getaddrinfo() when processing ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-1914
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 947892 951130 951132 951213 980323
Blocks: 947890 974906
TreeView+ depends on / blocked
 
Reported: 2013-04-03 13:33 UTC by Jan Lieskovsky
Modified: 2019-09-29 13:02 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.
Clone Of:
Environment:
Last Closed: 2013-11-22 05:35:52 UTC


Attachments (Terms of Use)
Local copy of proposed patch by Novell (1.30 KB, patch)
2013-04-03 13:35 UTC, Jan Lieskovsky
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Novell 813121 None None None 2019-04-04 09:00:17 UTC
Red Hat Product Errata RHSA-2013:0769 normal SHIPPED_LIVE Low: glibc security and bug fix update 2013-04-24 21:36:14 UTC
Red Hat Product Errata RHSA-2013:1605 normal SHIPPED_LIVE Moderate: glibc security, bug fix, and enhancement update 2013-11-20 21:54:09 UTC

Description Jan Lieskovsky 2013-04-03 13:33:33 UTC
A stack (frame) overflow flaw, leading to denial of service (application crash), was found in the way getaddrinfo() routine (returning a list of address structures for particular request) of glibc, the collection of GNU libc libraries, processed certain requests. If an application linked against glibc accepted untrusted getaddrinfo() input remotely, a remote attacker could issue a specially-crafted request, which once processed would lead to that application crash.

References:
[1] https://bugzilla.novell.com/show_bug.cgi?id=813121
[2] http://www.openwall.com/lists/oss-security/2013/04/03/2

Proposed Novell patch:
[3] http://bugzillafiles.novell.org/attachment.cgi?id=533210

Comment 1 Jan Lieskovsky 2013-04-03 13:35:58 UTC
Created attachment 731167 [details]
Local copy of proposed patch by Novell

Comment 2 Jan Lieskovsky 2013-04-03 13:37:18 UTC
This issue affects the versions of the glibc package, as shipped with Red Hat Enterprise Linux 5 and 6.

--

This issue affects the versions of the glibc package, as shipped with Fedora release of 17 and 18. Please schedule an update.

Comment 3 Jan Lieskovsky 2013-04-03 13:43:06 UTC
Created glibc tracking bugs for this issue

Affects: fedora-all [bug 947892]

Comment 9 Carlos O'Donell 2013-04-03 14:52:20 UTC
We are aware of this issue and we are looking at it in upstream [1].

The application stack overflow results in a crash but requires poisoning DNS. We will wait for a more thorough upstream review and test before fixing this in all of Fedora.

Given the low priority we will fix this as required in RHEL.

If anyone has an objection to this plan of action please speak up with comments about why this should be higher than low priority and low severity.

[1] http://sourceware.org/ml/libc-alpha/2013-04/msg00060.html

Comment 10 Jan Lieskovsky 2013-04-03 15:20:28 UTC
The CVE identifier of CVE-2013-1914 has been assigned to this issue:
  http://www.openwall.com/lists/oss-security/2013/04/03/6

Comment 21 errata-xmlrpc 2013-04-24 17:37:44 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:0769 https://rhn.redhat.com/errata/RHSA-2013-0769.html

Comment 24 Fedora Update System 2013-08-22 00:49:57 UTC
glibc-2.17-13.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 25 errata-xmlrpc 2013-11-21 10:44:36 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:1605 https://rhn.redhat.com/errata/RHSA-2013-1605.html

Comment 26 Martin Prpič 2014-10-06 13:37:06 UTC
IssueDescription:

It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.


Note You need to log in before you can comment on or make changes to this bug.