Bug 779320 (CVE-2012-4412) - VUL-1: CVE-2012-4412: glibc: buffer overflow in strcoll
Summary: VUL-1: CVE-2012-4412: glibc: buffer overflow in strcoll
Status: RESOLVED FIXED
: CVE-2012-4424 (view as bug list)
Alias: CVE-2012-4412
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Deadline: 2013-12-24
Assignee: Andreas Schwab
QA Contact: Security Team bot
URL:
Whiteboard: maint:running:50123:moderate maint:re...
Keywords:
Depends on:
Blocks:
 
Reported: 2012-09-07 17:41 UTC by Marcus Meissner
Modified: 2014-09-18 05:21 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2012-09-07 17:41:48 UTC 
is public, via oss-sec

CVE-2012-4412

From: Jan Lieskovsky <jlieskov@redhat.com>
Subject: [oss-security] CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 &&
 #14552)

Hello Kurt, Steve, Florian, Jeff, Jakub, vendors,

1) Issue #1: 
------------
  An integer overflow, leading to buffer overflow
flaw was found in the way the implementation of
strcoll() routine, used to compare two strings
based on the current locale, of glibc, the GNU
libc libraries, performed calculation of memory
requirements / allocation, needed for storage
of the strings. If an application linked against
glibc was missing an application-level sanity
checks for validity of strcoll() arguments and
accepted untrusted input, an attacker could use
this flaw to cause the particular application
to crash or, potentially, execute arbitrary code
with the privileges of the user running the
application.

Upstream bug report (including reproducer):
[1] http://sourceware.org/bugzilla/show_bug.cgi?id=14547

References:
[2] https://bugzilla.redhat.com/show_bug.cgi?id=855385

Could you allocate a CVE identifier for this?
Comment 1 Swamp Workflow Management 2012-09-07 22:00:37 UTC 
bugbot adjusting priority
Comment 2 Matthias Weckbecker 2012-09-10 09:12:35 UTC 
Kurt Seifried of RH has already took a look into this and decided to assign it
CVE-2012-4412. The other, second issue, however, hasn't been looked at yet.
Comment 4 Leonardo Chiquitto 2012-11-29 12:00:16 UTC 
Is it feasible to fix this in the running update or should we postpone it to the next one? I.e. is the problem fixed upstream already?
Comment 5 Andreas Schwab 2012-11-29 13:04:45 UTC 
This is really a duplicate of #779325.
Comment 7 Bernhard Wiedemann 2013-08-13 10:00:06 UTC 
This is an autogenerated message for OBS integration:
This bug (779320) was mentioned in
https://build.opensuse.org/request/show/186878 Factory / glibc
Comment 8 Andreas Schwab 2013-08-26 10:16:54 UTC 
First patch now commit 1326ba1.
Other two patches updated:
<http://permalink.gmane.org/gmane.comp.lib.glibc.alpha/34470>
<http://permalink.gmane.org/gmane.comp.lib.glibc.alpha/34538>
Comment 9 Stephan Barth 2013-08-28 13:51:27 UTC 
*** Bug 779325 has been marked as a duplicate of this bug. ***
Comment 10 Swamp Workflow Management 2013-08-29 05:17:21 UTC 
The SWAMPID for this issue is 54298.
This issue was rated as low.
Please submit fixed packages until 2013-09-26.
Also create a patchinfo file using this link:
https://swamp.suse.de/webswamp/wf/54298
Comment 15 Swamp Workflow Management 2013-09-30 16:04:33 UTC 
openSUSE-SU-2013:1510-1: An update that solves 6 vulnerabilities and has 5 fixes is now available.

Category: security (moderate)
Bug References: 779320,801246,805054,813121,813306,819383,819524,824046,830257,834594,839870
CVE References: CVE-2012-4412,CVE-2013-0242,CVE-2013-1914,CVE-2013-2207,CVE-2013-4237,CVE-2013-4332
Sources used:
openSUSE 12.3 (src):    glibc-2.17-4.7.1, glibc-testsuite-2.17-4.7.2, glibc-testsuite-2.17-4.7.3, glibc-utils-2.17-4.7.1
Comment 17 Swamp Workflow Management 2013-12-10 06:24:49 UTC 
Update released for: glibc, glibc-32bit, glibc-debuginfo, glibc-debuginfo-32bit, glibc-debuginfo-64bit, glibc-debuginfo-x86, glibc-debugsource, glibc-devel, glibc-devel-32bit, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-32bit, glibc-locale-x86, glibc-obsolete, glibc-profile, glibc-profile-32bit, glibc-profile-x86, glibc-x86, nscd
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SDK 11-SP2 (i386, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)
Comment 18 Swamp Workflow Management 2013-12-10 06:53:24 UTC 
Update released for: glibc, glibc-32bit, glibc-debuginfo, glibc-debuginfo-32bit, glibc-debuginfo-64bit, glibc-debuginfo-x86, glibc-debugsource, glibc-devel, glibc-devel-32bit, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-32bit, glibc-locale-x86, glibc-obsolete, glibc-profile, glibc-profile-32bit, glibc-profile-x86, glibc-x86, nscd
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (i386, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 19 Swamp Workflow Management 2013-12-10 12:42:25 UTC 
The SWAMPID for this issue is 55384.
This issue was rated as moderate.
Please submit fixed packages until 2013-12-24.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 22 Swamp Workflow Management 2013-12-19 10:04:43 UTC 
Update released for: glibc, glibc-devel, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-profile, nscd, timezone
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)
Comment 23 Swamp Workflow Management 2013-12-19 11:04:31 UTC 
Update released for: glibc, glibc-32bit, glibc-dceext, glibc-dceext-32bit, glibc-dceext-devel, glibc-debuginfo, glibc-devel, glibc-devel-32bit, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-32bit, glibc-obsolete, glibc-profile, glibc-profile-32bit, nscd
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 24 Swamp Workflow Management 2013-12-19 11:06:06 UTC 
Update released for: glibc, glibc-32bit, glibc-debuginfo, glibc-debugsource, glibc-devel, glibc-devel-32bit, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-32bit, glibc-obsolete, glibc-profile, glibc-profile-32bit, nscd
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 25 Victor Pereira 2014-01-16 11:05:41 UTC 
fixed
Comment 27 Swamp Workflow Management 2014-09-12 00:05:10 UTC 
SUSE-SU-2014:1119-1: An update that solves three vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 772242,779320,818630,828235,828637,834594,892073
CVE References: CVE-2012-4412,CVE-2013-4237,CVE-2014-5119
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    glibc-2.4-31.111.1
Comment 28 Swamp Workflow Management 2014-09-12 04:04:43 UTC 
SUSE-SU-2014:1122-1: An update that solves 7 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 750741,779320,801246,830268,834594,836746,839870,843735,864081,882600,883022,886416,892073
CVE References: CVE-2012-4412,CVE-2013-0242,CVE-2013-4237,CVE-2013-4332,CVE-2013-4788,CVE-2014-4043,CVE-2014-5119
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    glibc-2.11.1-0.58.1
Comment 29 Swamp Workflow Management 2014-09-15 17:04:27 UTC 
SUSE-SU-2014:1128-1: An update that solves 6 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 779320,801246,824639,834594,839870,842291,860501,882600,892073,894553,894556
CVE References: CVE-2012-4412,CVE-2013-0242,CVE-2013-4237,CVE-2013-4332,CVE-2014-4043,CVE-2014-5119
Sources used:
SUSE Linux Enterprise Server 10 SP3 LTSS (src):    glibc-2.4-31.77.112.1