[arch-security] [ASA-201606-17] lib32-glibc: denial of service
anthraxx at archlinux.org
Sun Jun 19 11:50:23 UTC 2016
Arch Linux Security Advisory ASA-201606-17
Date : 2016-06-19
CVE-ID : CVE-2016-4429
Package : lib32-glibc
Type : denial of service
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package lib32-glibc before version 2.23-5 is vulnerable to denial
Upgrade to 2.23-5.
# pacman -Syu "lib32-glibc>=2.23-5"
The problem has been fixed upstream but no release is available yet.
clntudp_call allocates a buffer, using alloca, to store the payload of
an incoming socket error. If a malicious server floods the client with
crafted ICMP and UDP packets, this can cause the client to allocate
sufficiently many such temporary buffers to cause a stack (frame)
overflow (denial of service).
The size of the allocated buffer depends on the request size. If the
request size is close to the page size or even larger, this could cause
the stack pointer to step over the guard page, leading to additional
impact beyond denial of service.
A remote attacker is able to send specially crafted ICMP and UDP
packets that are leading to denial of service.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security