[arch-security] [ASA-201503-26] musl: arbitrary code execution
rgacogne at archlinux.org
Tue Mar 31 14:48:11 UTC 2015
Arch Linux Security Advisory ASA-201503-26
Date : 2015-03-31
CVE-ID : CVE-2015-1817
Package : musl
Type : arbitrary code execution
Remote : No
Link : https://wiki.archlinux.org/index.php/CVE
The package musl before version 1.1.8-1 is vulnerable to arbitrary code
Upgrade to 1.1.8-1.
# pacman -Syu "musl>=1.1.8-1"
The problem has been fixed upstream in version 1.1.8.
A stack-based buffer overflow has been found in musl libc's ipv6 address
literal parsing code. Programs which call the inet_pton or getaddrinfo
function with AF_INET6 or AF_UNSPEC and untrusted address strings are
affected. Successful exploitation yields control of the return address.
Having enabled stack protector at the application level does not
mitigate the issue.
An attacker can execute arbitrary code by submitting a carefully crafted
IPv6 address to a program linked with musl calling inet_pton() or
getaddrinfo() with AF_INET6 or AF_UNSPEC.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security