[manjaro-security] [arch-security] [ASA-201606-17] lib32-glibc: denial of service

Levente Polyak anthraxx at archlinux.org
Sun Jun 19 13:50:23 CEST 2016


Arch Linux Security Advisory ASA-201606-17
==========================================

Severity: Medium
Date    : 2016-06-19
CVE-ID  : CVE-2016-4429
Package : lib32-glibc
Type    : denial of service
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package lib32-glibc before version 2.23-5 is vulnerable to denial
of service.

Resolution
==========

Upgrade to 2.23-5.

# pacman -Syu "lib32-glibc>=2.23-5"

The problem has been fixed upstream but no release is available yet.

Workaround
==========

None.

Description
===========

clntudp_call allocates a buffer, using alloca, to store the payload of
an incoming socket error. If a malicious server floods the client with
crafted ICMP and UDP packets, this can cause the client to allocate
sufficiently many such temporary buffers to cause a stack (frame)
overflow (denial of service).

The size of the allocated buffer depends on the request size. If the
request size is close to the page size or even larger, this could cause
the stack pointer to step over the guard page, leading to additional
impact beyond denial of service.

Impact
======

A remote attacker is able to send specially crafted ICMP and UDP
packets that are leading to denial of service.

References
==========

https://access.redhat.com/security/cve/CVE-2016-4429
https://sourceware.org/bugzilla/show_bug.cgi?id=20112

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20160619/f86357ac/attachment.pgp>


More information about the manjaro-security mailing list