LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   [Slackware-current]: glibc 2.17; CVE-2013-4332 (http://www.linuxquestions.org/questions/slackware-14/%5Bslackware-current%5D-glibc-2-17%3B-cve-2013-4332-a-4175476903/)

mancha 09-12-2013 02:48 PM

[Slackware-current]: glibc 2.17; CVE-2013-4332
 
Pat:

Three integer overflow vulnerabilities were recently discovered in glibc memory allocator functions:
pvalloc, valloc, and memalign which can corrupt the heap. The issue was assigned CVE-2013-4332.

I've made available a backport patch for glibc 2.17 for your consideration.

To test this vulnerability you can run the PoC as below:

Pre-patch:
Code:

root@infinity:~# ./glibc-test ; echo $?
*** Error in `./glibc-test': free(): invalid next size (normal): 0x093a4008 ***
^C

Post-patch:
Code:

root@infinity:~# ./glibc-test ; echo $?
0

PoC:
Code:

/* gcc -o glibc-test glibc-test.c */

#include <stdlib.h>
#include <malloc.h>
#include <unistd.h>

int main(void)
{
  void *memptr;
  unsigned long pagesize = getpagesize();

  /* uncomment one at a time (pvalloc, valloc, or posix_memalign)  */
  pvalloc (-pagesize);
  //valloc (-pagesize);
  //posix_memalign(&memptr, pagesize, -pagesize);

  return 0;
}

--mancha

---
[1] http://seclists.org/oss-sec/2013/q3/597
[2] https://sourceware.org/git/?p=glibc....h=1159a193696a
[3] https://sourceware.org/git/?p=glibc....h=55e17aadc1ef
[4] https://sourceware.org/git/?p=glibc....h=b73ed247781d

number22 09-12-2013 05:48 PM

glibc 2.18 has same problem; (against my 2.18 multilib build).

mancha 09-12-2013 06:04 PM

Quote:

Originally Posted by number22
glibc 2.18 has same problem; (against my 2.18 multilib build).

The commits I referenced: [2], [3], and [4] should apply cleanly to glibc 2.18 once you remove
the ChangeLog blobs.

--mancha

number22 09-12-2013 07:34 PM

tried your patch with clean 2.17 glibc SlackBuild 64 bit(slackbuild and all slackware's patches), still have the problem.

jon lee 09-13-2013 09:23 AM

Is this why I'm seeing this bug:
Code:

bash-4.2$ firefox

(process:15933): GLib-CRITICAL **: g_slice_set_config: assertion `sys_page_size == 0' failed

randomly from a few web sites?

Ilgar 09-13-2013 10:58 AM

Glib and glibc are different things. The former is a part of the Gtk+ toolkit that is also used by Firefox.

mancha 09-14-2013 07:47 AM

Quote:

Originally Posted by number22
tried your patch with clean 2.17 glibc SlackBuild 64 bit(slackbuild and all slackware's patches), still have the problem.

Works perfectly fine for me on both Slackware-current and Slackware64-current.

--mancha

number22 09-14-2013 03:35 PM

Quote:

Originally Posted by mancha (Post 5027573)
Works perfectly fine for me on both Slackware-current and Slackware64-current.

--mancha

I used 3 patches from links you provided and finally get all(pvalloc, valloc, posix_memalign) works(2.17, and 2.18 multilibs), anyway, thanks, I don't know why your patch didn't. And I tested on glibc 2.7 (slackware 12.2), this problem occurred as well.

mancha 09-18-2013 10:21 AM

Great way to start one's day - a beta announcement!

Glad my CVE-2013-4332 backport works back to 2.9 (with offsets); I hadn't checked anything aside from -current though I guess I should have. Tagging this thread solved.

--mancha

PS Small typo in ChangeLog.txt and security announcement that might be worth fixing:
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2013-4332" (extra 2013 slipped in)

dchmelik 11-11-2013 08:22 AM

On Slackware 14.1, I am having the exact same problem with Firefox, and perhaps other programs, but definitely similar results--segmentation faults--on many of the programs I use or used: Emacs, GIMP, Seamonkey, Thunderbird, image viewers, etc., and I had had the problem on SlackBuilds like Claws Mail, but I also did a new installation on my PC and laptop, without SlackBuilds, erased all my X/KDE configuration. Someone said it may be my RAM, however that is just several months old, and I did memtest86+ until it said '100%', with no errors (though it seemed like it had only got far into test #8 of 11 and was calling that '100%', but was still going--I thought it restarted). My installation ISO's md5sum was ok.

mancha 11-11-2013 02:36 PM

Quote:

Originally Posted by dchmelik (Post 5062525)
On Slackware 14.1, I am having the exact same problem with Firefox, and perhaps other programs, but definitely similar results--segmentation faults--on many of the programs.

It's unclear to me how this has anything to do with this thread: glibc 2.17 & CVE-2013-4332.

--mancha

GazL 11-11-2013 02:42 PM

It looks like he's latched onto post #5, but didn't read Ilgar's reply in post #6 saying that it wasn't relevant. :(

jprzybylski 11-11-2013 03:08 PM

Quote:

Originally Posted by jon lee (Post 5027143)
Is this why I'm seeing this bug:
Code:

bash-4.2$ firefox

(process:15933): GLib-CRITICAL **: g_slice_set_config: assertion `sys_page_size == 0' failed

randomly from a few web sites?

For reference, that's this bug. It's a pretty critical error, but it also seems extremely rare for it to affect anything at all. And yes, it's a GLib error, not a glibc error, so it has nothing to do with this thread in particular.

Slackware 14.1 gets released, and within a week OpenSSH and glibc have vulnerabilities. Seems legit.


All times are GMT -5. The time now is 06:29 AM.