[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] glibc and alloca()

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] glibc and alloca()
From: Graham Gower <graham.gower@xxxxxxxxx>
Date: Sat, 26 Feb 2011 09:04:04 +1030

On 25 February 2011 18:52, Maksymilian Arciemowicz
<cxib@xxxxxxxxxxxxxxxxxx> wrote:
> Chris Evans <scarybeasts <at> gmail.com> writes:
>> Linux distribution might still have vulnerabilities in this area.
>
> proftpd use gnu libc implementation
>
> http://www.proftpd.org/docs/RELEASE_NOTES-1.3.4rc1
>  + Updated fnmatch implementation, using glibc-2.9 version.
>
> Version 1.3.3d may contain this issue
>

http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f15ce4d8dc139523fe0c273580b604b2453acba6

http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/lib/pr_fnmatch.c?revision=1.9&view=markup
http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/lib/pr_fnmatch_loop.c?revision=1.9&view=markup

Perhaps they need to update the fnmatch implementation again.

-Graham

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] glibc and alloca()
  - From: Chris Evans
- Re: [Full-disclosure] glibc and alloca()
  - From: Maksymilian Arciemowicz

Prev by Date: [Full-disclosure] [USN-1071-1] Linux kernel vulnerabilities
Next by Date: [Full-disclosure] [USN-1072-1] Linux vulnerabilities
Previous by thread: Re: [Full-disclosure] glibc and alloca()
Next by thread: [Full-disclosure] CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System
Index(es):
- Date
- Thread