[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: glob resource exhaustion [CVE-2010-2632]
|
From: |
Mike Frysinger |
|
Subject: |
Re: glob resource exhaustion [CVE-2010-2632] |
|
Date: |
Wed, 13 Oct 2010 18:49:17 -0400 |
|
User-agent: |
KMail/1.13.5 (Linux/2.6.35.4; KDE/4.5.2; x86_64; ; ) |
On Wednesday, October 13, 2010 18:38:14 Bruno Haible wrote:
> Mike Frysinger wrote:
> > i havent seen any mention on glibc or gnulib lists of CVE-2010-2632. the
> > report claims glibc is affected, and since the gnulib/glibc
> > implementations are pretty similar, gnulib would be as well. i dont
> > suppose there is a bug report somewhere i could follow for status on
> > this ?
> >
> > http://securityreason.com/exploitalert/9223
>
> But why should this be a bug in libc?
the original report discussed GLOB_LIMIT not functioning correctly which would
make it a bug in libc:
http://securityreason.com/achievement_securityalert/89
but i see now that this is a BSD-specific enhancement and not available in
gnulib/glibc. so nm my noise.
> Just my 0.02 €. Feel free to open a bug in glibc bugzilla if you want to
> hear Ulrich Drepper's opinion.
i'm sure i can find more useful things to do. like punching rusty nails.
-mike
signature.asc
Description: This is a digitally signed message part.