[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#650790: libc6: __tzfile_read heap overflow

Package: libc6
Version: 2.11.2-10
Severity: normal


http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/

Running the example program results in a crash.

Note that this can be leveraged to exploit multiple ftp daemons (as disclosed earlier today): http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html

(I ran the test on a different machine than I am reporting from on because the machine I am reporting from is using grsecurity. I can provide further information if requested).

-- System Information:
Debian Release: 6.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (x86_64)

Kernel: Linux 3.0.8-1-grsec (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libc6 depends on:
ii  libc-bin                      2.11.2-10  Embedded GNU C Library: Binaries
ii  libgcc1                       1:4.4.5-8  GCC support library

Versions of packages libc6 recommends:
ii  libc6-i686                    2.11.2-10  Embedded GNU C Library: Shared lib

Versions of packages libc6 suggests:
ii  debconf [debconf-2.0]         1.5.36.1   Debian configuration management sy
ii  glibc-doc                     2.11.2-10  Embedded GNU C Library: Documentat
ii  locales                       2.11.2-10  Embedded GNU C Library: National L

-- debconf information:
  glibc/upgrade: true
  glibc/disable-screensaver:
  glibc/restart-failed:
* glibc/restart-services: postfix openbsd-inetd mysql cron
Reply to: