Bug#626370: CVE-2011-1659: Integer overflow in posix/fnmatch.c
Package: eglibc
Severity: important
Tags: squeeze lenny security
Hi,
CVE-2011-1659 is about an integer overflow in posix/fnmatch.c (function
fnmatch).
The following versions of eglibc are vulnerable (manual check with a program
using fnmatch):
- lenny i386 - libc6 2.7-18lenny7
- squeeze amd64 - libc6 2.11.2-10
- squeeze amd64 - libc6-i386 2.11.2-10
Others versions aren't be checked, but may be vulnerable too.
The upstream reported (and corrected) the problem here:
http://sourceware.org/bugzilla/show_bug.cgi?id=12583
The upstream bug report included:
- a source program using fnmatch (which I used to check the problem)
- a patch to "check size of pattern in wide character representation"
The diff introduced to correct the problem is here:
http://sourceware.org/git/?p=glibc.git;a=commit;h=8126d90480fa3e0c5c5cd0d02cb1c93174b45485
I haved to modify the test program for segv occurs:
- use a UTF-8 locale installed on my system (en_US.UTF8 wasn't)
- increase the string size used in fnmatch (for libc6-i386 on amd64 only)
Thanks.
Sébastien Marie
-- System Information:
Debian Release: 6.0.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to: