Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <mpro.ls732t0w2f6ps06u2.taviso@cmpxchg8b.com>
Date: Tue, 27 Sep 2011 20:52:05 +0200
From: Tavis Ormandy <taviso@...xchg8b.com>
To: oss-security@...ts.openwall.com
Subject: rpm/librpm/rpm-python memory corruption pre-verification


Hey, after the scary flaws Georgi spotted in apt-get, I had a quick look at
rpm signature verification. Some trivial bitflipping found a few memory
corruption issues.

Originally I didn't think yum used rpm, but i was wrong, rpm-python is a
native module wrapper that exports librpm to python. I'll step through the
signature verification logic when I get a chance.

Obviously we need the sections of rpm code touched before signature
verification to be bulletproof, as most distributions rely on public mirror
services that may or may not be trusted. Any volunteers who know crypto
better than me appreciated, I'll be primarily looking for memory corruption.

https://bugzilla.redhat.com/show_bug.cgi?id=741606
https://bugzilla.redhat.com/show_bug.cgi?id=741612

Tavis.

-- 
-------------------------------------
taviso@...xchg8b.com | pgp encrypted mail preferred
-------------------------------------------------------

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.