Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 434408 (CVE-2012-4412) - <sys-libs/glibc-2.19-r1: strcoll() integer overflow leading to buffer overflow (CVE-2012-{4412,4424})
Summary: <sys-libs/glibc-2.19-r1: strcoll() integer overflow leading to buffer overflo...
Status: RESOLVED FIXED
Alias: CVE-2012-4412
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: A2 [glsa cleanup]
Keywords:
Depends on: 518364
Blocks:
  Show dependency tree
 
Reported: 2012-09-09 09:06 UTC by Agostino Sarubbo
Modified: 2015-03-08 14:53 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-09-09 09:06:33 UTC
An integer overflow, leading to buffer overflow flaw was found in the way the implementation of strcoll() routine, used to compare two strings based on the current locale, of glibc, the GNU libc libraries, performed calculation of memory requirements / allocation, needed for storage of the strings. If an application linked against glibc was missing an application-level sanity checks for validity of strcoll() arguments and accepted untrusted input, an attacker could use this flaw to cause the particular application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

Upstream bug report (including reproducer):
[1] http://sourceware.org/bugzilla/show_bug.cgi?id=14547
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2013-10-15 03:15:26 UTC
CVE-2012-4412 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4412):
  Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or
  libc6) 2.17 and earlier allows context-dependent attackers to cause a denial
  of service (crash) or possibly execute arbitrary code via a long string,
  which triggers a heap-based buffer overflow.
Comment 2 Chris Reffett (RETIRED) gentoo-dev Security 2013-10-15 03:21:06 UTC
Fixed in master, see [1]. Any chance on getting a backport of the fixes?

[1] http://sourceware.org/bugzilla/show_bug.cgi?id=14547#c7
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2013-10-15 03:22:09 UTC
CVE-2012-4424 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4424):
  Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka
  glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause
  a denial of service (crash) or possibly execute arbitrary code via a long
  string that triggers a malloc failure and use of the alloca function.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev Security 2015-03-03 03:19:08 UTC
Maintainer(s), please drop the vulnerable version(s).

Added to an existing GLSA Request.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2015-03-08 14:53:33 UTC
This issue was resolved and addressed in
 GLSA 201503-04 at http://security.gentoo.org/glsa/glsa-201503-04.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).