[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: thttpd: Denial of Service (App. crash, local)
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2012-12-15 1:13:44
Message-ID: 50CBCEC8.3070000 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/12/2012 03:57 AM, Matthias Weckbecker wrote:
> Hi Kurt, Steve, vendors, ...,
>
> I think I have never posted it to oss-sec. glibc's crypt() can
> return NULL under some circumstances which causes thttpd to crash
> while dereferencing:
>
> https://bugzilla.novell.com/show_bug.cgi?id=783165
>
> Maybe you want to assign a CVE.
>
> Matthias
>
- From the Novell bug:
Matthias Weckbecker 2012-12-13 10:57:38 UTC
For the sake of completeness (got reminded by some random dude on
oss): This affects glibc 2.11 (as shipped with 11.4) (with thttpd-2.25b).
Also can you post a link to the affected code? thanks.
Please use CVE-2012-5640 for this issue.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJQy87IAAoJEBYNRVNeJnmTK0YP/jjyu9SeRrhpV9FCg0nUlfcJ
bfqnrJEw9co7/JsMKJWKoIVqq8wDr4jxmyhANdlAZtapiFPlGficNBnpk+QgWSA9
u1TWooq7tEf4flxXjPYa2JPopfxXHXBBupZSWPeTNxBLlUs1OoO+/EP9y52LI/jM
SS9qTZhCBQdIqT9VEZlbY+D35cM+QfGVKf4Y2nzbMKTOdnDw46WCjA/ALI4KmVIc
F+GpxHJdk541PDd5dnRSaYYK6Q6ImM8uWqIAWz1ag+Fgcbmidy79Hg/iWUY2zPll
4pWA00lvM0EYeWpe2vhi0eOxHV0S5L51jFXgTsq2iJrLXe/BE9OrCcC9itccWMQ8
RgWJJ5aXNV1Zd0Pt5fJ5NUTVye+7b8yxZCIGZl8sAl9fwMBKGhbfsgHhXT+RnnIM
t9RWOt64RG2fkoc1s7I0m6VhCRm5r58VLv/HobeXDfEZmN1ca6/3Q5jotLOMwh2H
Igy0v3Lkl8FqbZlQri+akC+q5yOVbN4wuU7Z2KbLZge2mGxMNdsAWGu1p5zKHLoZ
6gPDE1Dktizb1q8Vy8nfOVYhNtpf3+Jj5J16Fxgc5fUa+IOs2uN690C30acdVZ6Q
wMNnQsA9iVSP+YCc3WptXj2nQUUehjHh1xjp6HSmZbxLQdJTglOfi185Ouug3F/m
9ZLaZdlwwFXNPJtSvTDy
=484d
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic