bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: glob resource exhaustion [CVE-2010-2632]


From: Mike Frysinger
Subject: Re: glob resource exhaustion [CVE-2010-2632]
Date: Wed, 13 Oct 2010 18:49:17 -0400
User-agent: KMail/1.13.5 (Linux/2.6.35.4; KDE/4.5.2; x86_64; ; )

On Wednesday, October 13, 2010 18:38:14 Bruno Haible wrote:
> Mike Frysinger wrote:
> > i havent seen any mention on glibc or gnulib lists of CVE-2010-2632.  the
> > report claims glibc is affected, and since the gnulib/glibc
> > implementations are pretty similar, gnulib would be as well.  i dont
> > suppose there is a bug report somewhere i could follow for status on
> > this ?
> > 
> > http://securityreason.com/exploitalert/9223
> 
> But why should this be a bug in libc?

the original report discussed GLOB_LIMIT not functioning correctly which would 
make it a bug in libc:
        http://securityreason.com/achievement_securityalert/89

but i see now that this is a BSD-specific enhancement and not available in 
gnulib/glibc.  so nm my noise.

> Just my 0.02 €. Feel free to open a bug in glibc bugzilla if you want to
> hear Ulrich Drepper's opinion.

i'm sure i can find more useful things to do.  like punching rusty nails.
-mike

Attachment: signature.asc
Description: This is a digitally signed message part.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]