672228 – (CVE-2018-19591) <sys-libs/glibc-2.28-r4 - if_nametoindex may not close descriptor

Bug 672228 (CVE-2018-19591) - <sys-libs/glibc-2.28-r4 - if_nametoindex may not close descriptor

Summary: <sys-libs/glibc-2.28-r4 - if_nametoindex may not close descriptor

Status:	RESOLVED FIXED

Alias:	CVE-2018-19591

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://sourceware.org/git/gitweb.cgi...
Whiteboard:	A3 [glsa+ cve]
Keywords:

Depends on:
Blocks:

Reported:	2018-11-29 11:46 UTC by Jeroen Roovers (RETIRED)
Modified:	2019-08-15 15:40 UTC (History)
CC List:	1 user (show)

See Also:	https://sourceware.org/bugzilla/show_bug.cgi?id=23927
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeroen Roovers (RETIRED) gentoo-dev

2018-11-29 11:46:49 UTC

In sysdeps/unix/sysv/linux/if_index.c, __if_nametoindex() creates a socket descriptor but does not close it if the 'ifname' parameter is too long. This is a resource leak (CWE-404).

Additionally, it is possible to call getaddrinfo() with a crafted 'node' parameter, that leads to the offending code in __if_nametoindex().

In short, untrusted hostname resolutions (via getaddrinfo()) lead to descriptor exhaustion.

MITRE has assigned CVE-2018-19591 for this issue.

Attribution: Guido Vranken

Comment 1 Andreas K. Hüttel archtester

2019-05-01 18:50:11 UTC

All affected packages are masked. No cleanup (toolchain package).
Security please proceed.

Comment 2 GLSAMaker/CVETool Bot gentoo-dev

2019-08-15 15:40:11 UTC

This issue was resolved and addressed in
 GLSA 201908-06 at https://security.gentoo.org/glsa/201908-06
by GLSA coordinator Aaron Bauman (b-man).