lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4D2CA0A4.8000207@securityreason.com>
Date: Tue, 11 Jan 2011 19:25:40 +0100
From: Maksymilian Arciemowicz <cxib@...urityreason.com>
To: halfdog <me@...fdog.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: GNU libc/regcomp(3) Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/11/2011 04:33 PM, halfdog wrote:
> 
> Nice find, but not the first one, look at:
> 
> https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/343894
> 
> I just reported the issue to ubuntu so see how their bug tracking team
> was performing on an issue where a standard byte-array-fuzzer just
> needed 2secs to find it. I wanted to know, if they could detect a
> misclassified issue (was not reported as security bug) and bring it to a
> fix. I would have bet, that they would be faster than you, but it seems
> that you made the race. What I learned from the excercise (see bug
> report date March 2009), is that the ubuntu launchpad platform is an
> invaluable source of exploits when used together with google mining.

I agree with you but in my opinion ubuntu tracking team has here nothing
to do. Main problem exists in the GNU libc code so this team should fix
the problem. Just compare the regcomp(3)/BSD and regcomp (3)/linux. In
my opinion the GNU libc implementation is the worst in terms of safety.
Probably vulnerability in glob(3) (CVE-2010-2632) can be used to
resource exhasusion in GNU inetutils ftp server.


- -- 
Best Regards
pub   4096R/D6E5B530 2010-09-19
uid                  Maksymilian Arciemowicz (cx) <max@...b.net>
sub   4096R/58BA663C 2010-09-19
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJNLKCKAAoJEIO8+dzW5bUw3JcP/jnau2AewihKbwSjQB5x3Civ
fDL/LS2i+HRP+lMsmVsGqMpZN3kebdhm4M4/ZqTxQsVdAkBA9Ky5qL61nvz/BnVq
IAU/JYd+5pt5NX4y3Qlcbwrcv1DgleZen4X7zP6hpQ2OuJd2iGvsTFqv7gq1g2pr
CXhurbGP4v+ANZZJIq60D1LvKxjZ/lFAfkhJP5gTIF/l1QK0CmGTbWQdKxcxh4Rl
ECT+k5LUNVA6dWSmnRzf+npKaIuEcxE5ckrkoRqccIyEYQJNLRImczSkmvATB5fi
1RaY7dFW135xrVZnYukJrq02lTGZHNfyQH6oVY8gzSATAJiM8ax59H37hV/6KNyN
N5khIGHbgufoVF6n1R4LAbLlIVLzyJnlenMRS7HRFfYIJghYxwgNUhSop3q2ShRq
qxfSaPsw0SihDP/bw5Y1XGsUIbk/sWbp4V1+TyROmO9sfW9+Ye7SC6yGV0kqghxc
OkZSpWzT/Mj+MZZNc3FLj2qPspbC22tuapL0Bp6Ywe7KpSrVcf5NAc2BOxEsqYr9
2D21u4trRzUaNe/Aw7PGqZoWM9abvFKN74kLGJ1UOhgTNjziX4HZHMZf2c5laUDu
LYYEfvUWASR/lT4xJiK/VvS320175rRPLq6MRpQNu7M+mwcLvKOfDeSVxLT9lsXx
/biFVUcPpSviVnPNTn1W
=xmsD
-----END PGP SIGNATURE-----

Download attachment "0xD6E5B530.asc" of type "application/pgp-keys" (3086 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ