Bug 947882 - (CVE-2013-1914) CVE-2013-1914 glibc: Stack (frame) overflow in getaddrinfo() when processing entry mapping to long list of address structures
CVE-2013-1914 glibc: Stack (frame) overflow in getaddrinfo() when processing ...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20130403,reported=2...
: Security
Depends On: 947892 951130 951132 951213 980323
Blocks: 947890 974906
  Show dependency treegraph
 
Reported: 2013-04-03 09:33 EDT by Jan Lieskovsky
Modified: 2015-10-15 13:52 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-11-22 00:35:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Local copy of proposed patch by Novell (1.30 KB, patch)
2013-04-03 09:35 EDT, Jan Lieskovsky
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Novell 813121 None None None Never

  None (edit)
Description Jan Lieskovsky 2013-04-03 09:33:33 EDT
A stack (frame) overflow flaw, leading to denial of service (application crash), was found in the way getaddrinfo() routine (returning a list of address structures for particular request) of glibc, the collection of GNU libc libraries, processed certain requests. If an application linked against glibc accepted untrusted getaddrinfo() input remotely, a remote attacker could issue a specially-crafted request, which once processed would lead to that application crash.

References:
[1] https://bugzilla.novell.com/show_bug.cgi?id=813121
[2] http://www.openwall.com/lists/oss-security/2013/04/03/2

Proposed Novell patch:
[3] http://bugzillafiles.novell.org/attachment.cgi?id=533210
Comment 1 Jan Lieskovsky 2013-04-03 09:35:58 EDT
Created attachment 731167 [details]
Local copy of proposed patch by Novell
Comment 2 Jan Lieskovsky 2013-04-03 09:37:18 EDT
This issue affects the versions of the glibc package, as shipped with Red Hat Enterprise Linux 5 and 6.

--

This issue affects the versions of the glibc package, as shipped with Fedora release of 17 and 18. Please schedule an update.
Comment 3 Jan Lieskovsky 2013-04-03 09:43:06 EDT
Created glibc tracking bugs for this issue

Affects: fedora-all [bug 947892]
Comment 9 Carlos O'Donell 2013-04-03 10:52:20 EDT
We are aware of this issue and we are looking at it in upstream [1].

The application stack overflow results in a crash but requires poisoning DNS. We will wait for a more thorough upstream review and test before fixing this in all of Fedora.

Given the low priority we will fix this as required in RHEL.

If anyone has an objection to this plan of action please speak up with comments about why this should be higher than low priority and low severity.

[1] http://sourceware.org/ml/libc-alpha/2013-04/msg00060.html
Comment 10 Jan Lieskovsky 2013-04-03 11:20:28 EDT
The CVE identifier of CVE-2013-1914 has been assigned to this issue:
  http://www.openwall.com/lists/oss-security/2013/04/03/6
Comment 21 errata-xmlrpc 2013-04-24 13:37:44 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:0769 https://rhn.redhat.com/errata/RHSA-2013-0769.html
Comment 24 Fedora Update System 2013-08-21 20:49:57 EDT
glibc-2.17-13.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 25 errata-xmlrpc 2013-11-21 05:44:36 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:1605 https://rhn.redhat.com/errata/RHSA-2013-1605.html
Comment 26 Martin Prpic 2014-10-06 09:37:06 EDT
IssueDescription:

It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.

Note You need to log in before you can comment on or make changes to this bug.