This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/12671] multiple vulnerabilities in netdb.h/aliases.h/glob.h
- From: "thoger at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Mon, 18 Apr 2011 14:28:10 +0000
- Subject: [Bug libc/12671] multiple vulnerabilities in netdb.h/aliases.h/glob.h
- Auto-submitted: auto-generated
- References: <bug-12671-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=12671
Tomas Hoger <thoger at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |thoger at redhat dot com
--- Comment #1 from Tomas Hoger <thoger at redhat dot com> 2011-04-18 14:26:10 UTC ---
(In reply to comment #0)
> --- netdb.h ---
> In netdb.h we have a lot of vulnerable functions. Using alloca function, in
> nscd lib, generate code execution via long name string.
Can you please explain the code execution? It's not quite obvious from your
examples.
> (gdb) x/i $rip
> => 0x7ffff7adfe59 <memcpy+969>: movnti %r9,0x10(%rdi)
> (gdb) x/x $rdi
> 0x7ffff7a58fe9: 0x41414141
> (gdb) x/x $r9
> 0x4141414141414141: Cannot access memory at address 0x4141414141414141
As far as I can see, the instruction is trying to read value stored in register
r9, not from the memory pointed to by register r9.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.