Pantek Library

Hosting Provided By

CybrHost

High Speed Hosting

Re: glibc glob_filename() recurse call stack overflow (Re[2]: Bash Blues)

From: Vladamir Shmirnov <red_vigil(at)yahoo.com>
Date: Sat Feb 15 2003 - 16:30:04 EST

I came to the same deliberations, that it is in fact a bug in glibc. In the bash source file lib/glob/glob.c, in functiong glob_filename(), the call to bcopy(3) with an extraordinarily long length of source string causes the crash. However, I may note that although I haven't researched this it seems that it could possibly be a bug caused indirectly by the preceding call to alloca(3).

If it is a problem with glibc then other programs are vulnerable, including SUID root, correct? Also, if it is a problem with glibc, it is not exploitable from user space, or is it?? Does glibc share the stack with the user process?

Josh
- 3APA3A <3APA3A@SECURITY.NNOV.RU> wrote:
  > Dear Roland Postle,

Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com Received on Sat Feb 15 17:20:19 2003

This message: [ Message body ]
Next message: admin(at)badger.sytes.net: "A different bash blues"
In reply to 3APA3A: "glibc glob_filename() recurse call stack overflow (Re[2]: Bash Blues)"
Next in thread: Roland Postle: "Re: glibc glob_filename() recurse call stack overflow (Re[2]: Bash Blues)"
Reply: Roland Postle: "Re: glibc glob_filename() recurse call stack overflow (Re[2]: Bash Blues)"
Reply: spacewalker: "Re: glibc glob_filename() recurse call stack overflow (Re[2]: Bash Blues)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:38 EDT

Contact Us Legal Notices Order Services Online
Pantek Home Privacy Policy IT news Site Map Pantek Library