'Re: [oss-security] CVE request: thttpd: Denial of Service (App. crash, local)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: thttpd: Denial of Service (App. crash, local)
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-12-15 1:13:44
Message-ID: 50CBCEC8.3070000 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/12/2012 03:57 AM, Matthias Weckbecker wrote:
> Hi Kurt, Steve, vendors, ...,
> 
> I think I have never posted it to oss-sec. glibc's crypt() can
> return NULL under some circumstances which causes thttpd to crash
> while dereferencing:
> 
> https://bugzilla.novell.com/show_bug.cgi?id=783165
> 
> Maybe you want to assign a CVE.
> 
> Matthias
> 

- From the Novell bug:
Matthias Weckbecker 2012-12-13 10:57:38 UTC
For the sake of completeness (got reminded by some random dude on
oss): This affects glibc 2.11 (as shipped with 11.4) (with thttpd-2.25b).

Also can you post a link to the affected code? thanks.

Please use CVE-2012-5640 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQy87IAAoJEBYNRVNeJnmTK0YP/jjyu9SeRrhpV9FCg0nUlfcJ
bfqnrJEw9co7/JsMKJWKoIVqq8wDr4jxmyhANdlAZtapiFPlGficNBnpk+QgWSA9
u1TWooq7tEf4flxXjPYa2JPopfxXHXBBupZSWPeTNxBLlUs1OoO+/EP9y52LI/jM
SS9qTZhCBQdIqT9VEZlbY+D35cM+QfGVKf4Y2nzbMKTOdnDw46WCjA/ALI4KmVIc
F+GpxHJdk541PDd5dnRSaYYK6Q6ImM8uWqIAWz1ag+Fgcbmidy79Hg/iWUY2zPll
4pWA00lvM0EYeWpe2vhi0eOxHV0S5L51jFXgTsq2iJrLXe/BE9OrCcC9itccWMQ8
RgWJJ5aXNV1Zd0Pt5fJ5NUTVye+7b8yxZCIGZl8sAl9fwMBKGhbfsgHhXT+RnnIM
t9RWOt64RG2fkoc1s7I0m6VhCRm5r58VLv/HobeXDfEZmN1ca6/3Q5jotLOMwh2H
Igy0v3Lkl8FqbZlQri+akC+q5yOVbN4wuU7Z2KbLZge2mGxMNdsAWGu1p5zKHLoZ
6gPDE1Dktizb1q8Vy8nfOVYhNtpf3+Jj5J16Fxgc5fUa+IOs2uN690C30acdVZ6Q
wMNnQsA9iVSP+YCc3WptXj2nQUUehjHh1xjp6HSmZbxLQdJTglOfi185Ouug3F/m
9ZLaZdlwwFXNPJtSvTDy
=484d
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic