Bug#650790: libc6: __tzfile_read heap overflow
Package: libc6
Version: 2.11.2-10
Severity: normal
http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/
Running the example program results in a crash.
Note that this can be leveraged to exploit multiple ftp daemons (as disclosed earlier today): http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html
(I ran the test on a different machine than I am reporting from on because the machine I am reporting from is using grsecurity. I can provide further information if requested).
-- System Information:
Debian Release: 6.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (x86_64)
Kernel: Linux 3.0.8-1-grsec (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libc6 depends on:
ii libc-bin 2.11.2-10 Embedded GNU C Library: Binaries
ii libgcc1 1:4.4.5-8 GCC support library
Versions of packages libc6 recommends:
ii libc6-i686 2.11.2-10 Embedded GNU C Library: Shared lib
Versions of packages libc6 suggests:
ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy
ii glibc-doc 2.11.2-10 Embedded GNU C Library: Documentat
ii locales 2.11.2-10 Embedded GNU C Library: National L
-- debconf information:
glibc/upgrade: true
glibc/disable-screensaver:
glibc/restart-failed:
* glibc/restart-services: postfix openbsd-inetd mysql cron
Reply to: