Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 434408 (CVE-2012-4412)

Summary: <sys-libs/glibc-2.19-r1: strcoll() integer overflow leading to buffer overflow (CVE-2012-{4412,4424})
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: toolchain
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=855385
Whiteboard: A2 [glsa cleanup]
Package list:
Runtime testing required: ---
Bug Depends on: 518364    
Bug Blocks:    

Description Agostino Sarubbo gentoo-dev 2012-09-09 09:06:33 UTC
An integer overflow, leading to buffer overflow flaw was found in the way the implementation of strcoll() routine, used to compare two strings based on the current locale, of glibc, the GNU libc libraries, performed calculation of memory requirements / allocation, needed for storage of the strings. If an application linked against glibc was missing an application-level sanity checks for validity of strcoll() arguments and accepted untrusted input, an attacker could use this flaw to cause the particular application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

Upstream bug report (including reproducer):
[1] http://sourceware.org/bugzilla/show_bug.cgi?id=14547
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2013-10-15 03:15:26 UTC
CVE-2012-4412 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4412):
  Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or
  libc6) 2.17 and earlier allows context-dependent attackers to cause a denial
  of service (crash) or possibly execute arbitrary code via a long string,
  which triggers a heap-based buffer overflow.
Comment 2 Chris Reffett (RETIRED) gentoo-dev Security 2013-10-15 03:21:06 UTC
Fixed in master, see [1]. Any chance on getting a backport of the fixes?

[1] http://sourceware.org/bugzilla/show_bug.cgi?id=14547#c7
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2013-10-15 03:22:09 UTC
CVE-2012-4424 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4424):
  Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka
  glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause
  a denial of service (crash) or possibly execute arbitrary code via a long
  string that triggers a malloc failure and use of the alloca function.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev Security 2015-03-03 03:19:08 UTC
Maintainer(s), please drop the vulnerable version(s).

Added to an existing GLSA Request.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2015-03-08 14:53:33 UTC
This issue was resolved and addressed in
 GLSA 201503-04 at http://security.gentoo.org/glsa/glsa-201503-04.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).