Bug 779325 (CVE-2012-4424) - VUL-1: glibc: buffer overflow in strcoll / alloca
Summary: VUL-1: glibc: buffer overflow in strcoll / alloca
Status: RESOLVED DUPLICATE of bug 779320
Alias: CVE-2012-4424
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Assignee: Andreas Schwab
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-09-07 18:03 UTC by Marcus Meissner
Modified: 2015-01-20 10:24 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2012-09-07 18:03:03 UTC 
is public via oss-sec

From: Jan Lieskovsky <jlieskov@redhat.com>
Subject: [oss-security] CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552)


(first issue is in other bug)

2) Issue #2 (mentioned here only for completeness,
but I am not of the opinion this should receive a CVE
identifier. See argumentation below [but open to
glibc upstream / others to disprove it]).

alloca() stack overflow (first issue from the report below)
Upstream bug report:
[3] http://sourceware.org/bugzilla/show_bug.cgi?id=14552

If I have looked correctly this is expected / known
behaviour of alloca() - from the manual page:
[4] http://linux.die.net/man/3/alloca

"Return Value
The alloca() function returns a pointer to the
beginning of the allocated space. If the allocation
causes stack overflow, program behavior is undefined."

Under my opinion the above description covers also the
case of 'alloca() stack overflow' as reported in bug [3].
Further opinions / upstream comments appreciated though.
Comment 1 Swamp Workflow Management 2012-09-07 22:00:41 UTC 
bugbot adjusting priority
Comment 2 Matthias Weckbecker 2012-09-19 07:56:04 UTC 
Assigned CVE-2012-4424, meanwhile.
Comment 3 Matthias Weckbecker 2012-09-19 08:17:07 UTC 
To document it more explicitly: The upstream reports can be found here:

  1) http://sourceware.org/bugzilla/show_bug.cgi?id=14552 and
  2) http://sourceware.org/bugzilla/show_bug.cgi?id=14547
Comment 5 Leonardo Chiquitto 2012-11-29 12:04:25 UTC 
Is it feasible to fix this in the running update or should we postpone it to
the next one? I.e. is the problem fixed upstream already?
Comment 6 Andreas Schwab 2012-11-29 13:05:10 UTC 
There is no fix available yet.
Comment 7 Leonardo Chiquitto 2013-02-21 21:42:18 UTC 
I suppose there's no fix for this one upstream yet?
Comment 8 Stephan Barth 2013-08-28 13:04:01 UTC 
Still no upstream fix?
Comment 9 Andreas Schwab 2013-08-28 13:14:12 UTC 
See #779320.
Comment 10 Stephan Barth 2013-08-28 13:51:27 UTC 
OK, this was already too long tracked twice. Resolving as duplicate.

*** This bug has been marked as a duplicate of bug 779320 ***