integer overflow in xdr_array function in glibc

bug-glibc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

integer overflow in xdr_array function in glibc

From:	Andrew Marlow
Subject:	integer overflow in xdr_array function in glibc
Date:	Mon, 05 Aug 2002 13:03:00 +0100

CERT has reported a security vunerability in Sun's XDR library. The same
code is apparently in the GNU glib library. Here is the article that Sun
published about it:

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46122&zone_32=category%3Asecurity

and here's what CERT have to say:

http://www.kb.cert.org/vuls/id/192995

CERT say that this has been reported to GNU glib developers but I can see
no record of it. They also say that GNU has not responded. I thought I
would report it just in case it's been missed. I only came across this by
chance because I browse CERT every now and then.

I would be grateful if the GNU glib developers could look into this and
report what they find one way or the other. If this has already been fixed
then when the bug receives wider news coverage it would be good for people
to know GNU are handling it.

Regards,

Andrew Marlow.

[Prev in Thread]

Current Thread

[Next in Thread]

integer overflow in xdr_array function in glibc, Andrew Marlow <=

Prev by Date: 涓氬姟鑱旂郴
Next by Date: [姆其牢堡绊]康惑皋老傍楼肺焊郴扁
Previous by thread: test
Next by thread: [姆其牢堡绊]康惑皋老傍楼肺焊郴扁
Index(es):
- Date
- Thread