Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2436f805-5fbc-ebe3-0d5c-b47903803427@cojocar.com>
Date: Wed, 20 Jul 2016 21:31:28 -0700
From: Lucian Cojocar <lucian@...ocar.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: uclibc-ng (and uclibc): ARM arch:
 code execution

On 06/29/2016 12:13 AM, Lucian Cojocar wrote:
> Hi all,
> 
> u-clibc and uclibc-ng is used in several projects[4, 5].
> 
> As described here[3], an attacker that controls the length parameter of
> the `memset' can also control the value of the PC register. The issue is
> similar to CVE-2011-2702. A patch has been proposed for uclibc-ng[1]. A
> denial of service proof of concept is available[2].
> 

This was fixed in version 1.0.16 of uclibc-ng[1]

[1] http://mailman.uclibc-ng.org/pipermail/devel/2016-July/001067.html

Lucian

> 
> [1]http://repo.or.cz/uclibc-ng.git/commit/e3848e3dd64a8d6437531488fe341354bc02eaed
> [2]http://article.gmane.org/gmane.comp.lib.uclibc-ng/27
> [3]http://mailman.uclibc-ng.org/pipermail/devel/2016-May/000890.html
> [4]https://www.uclibc.org/products.html
> [5]http://www.uclibc-ng.org/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.