Bug 801246 - (CVE-2013-0242) VUL-0: CVE-2013-0242: glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters
(CVE-2013-0242)
VUL-0: CVE-2013-0242: glibc: DoS due to a buffer overrun in regexp matcher by...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Andreas Schwab
Security Team bot
maint:released:sle11-sp2:54433 maint:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-01-30 12:53 UTC by Sebastian Krahmer
Modified: 2014-09-18 05:21 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2013-01-30 12:53:03 UTC
Via oss-sec:

Date: Wed, 30 Jan 2013 06:40:30 -0500 (EST)
From: Jan Lieskovsky
To: oss-security


Hello Kurt, Steve, vendors,

  a security flaw was found in the regular expression matching
routine of glibc, the GNU libc libraries, processed multibyte
characters input. If an application utilized the glibc's regular
expression matching mechanism, an attacker could provide
a specially-crafted input that, when processed would lead
to that executable crash.

Upstream bug report:
[1] http://sourceware.org/bugzilla/show_bug.cgi?id=15078

Relevant patch:
[2] http://sourceware.org/ml/libc-alpha/2013-01/msg00967.html

More background:
* (from Paolo): Jan 30 11:34:19 <bonzini> iankko: it is a memset(foo, 0, ...) that
 overruns the buffer, so it's not controllable by the attacker

* but the denial of service scenario / attack vector is valid (consider network
facing application using glibc's regexp matching on untrusted input)

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Comment 1 Swamp Workflow Management 2013-01-30 23:00:25 UTC
bugbot adjusting priority
Comment 2 Matthias Weckbecker 2013-01-31 12:21:57 UTC
CVE-2013-0242
Comment 3 Marcus Meissner 2013-02-12 15:03:11 UTC
Andreas, do you know what glibc versions are affected?
Comment 4 Andreas Schwab 2013-02-12 15:31:54 UTC
All versions are affected.
Comment 5 Bernhard Wiedemann 2013-05-16 16:00:09 UTC
This is an autogenerated message for OBS integration:
This bug (801246) was mentioned in
https://build.opensuse.org/request/show/175893 Factory / glibc
Comment 6 Swamp Workflow Management 2013-08-29 05:16:24 UTC
The SWAMPID for this issue is 54298.
This issue was rated as low.
Please submit fixed packages until 2013-09-26.
Also create a patchinfo file using this link:
https://swamp.suse.de/webswamp/wf/54298
Comment 11 Swamp Workflow Management 2013-09-30 16:04:45 UTC
openSUSE-SU-2013:1510-1: An update that solves 6 vulnerabilities and has 5 fixes is now available.

Category: security (moderate)
Bug References: 779320,801246,805054,813121,813306,819383,819524,824046,830257,834594,839870
CVE References: CVE-2012-4412,CVE-2013-0242,CVE-2013-1914,CVE-2013-2207,CVE-2013-4237,CVE-2013-4332
Sources used:
openSUSE 12.3 (src):    glibc-2.17-4.7.1, glibc-testsuite-2.17-4.7.2, glibc-testsuite-2.17-4.7.3, glibc-utils-2.17-4.7.1
Comment 13 Swamp Workflow Management 2013-12-10 06:24:36 UTC
Update released for: glibc, glibc-32bit, glibc-debuginfo, glibc-debuginfo-32bit, glibc-debuginfo-64bit, glibc-debuginfo-x86, glibc-debugsource, glibc-devel, glibc-devel-32bit, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-32bit, glibc-locale-x86, glibc-obsolete, glibc-profile, glibc-profile-32bit, glibc-profile-x86, glibc-x86, nscd
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SDK 11-SP2 (i386, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)
Comment 14 Swamp Workflow Management 2013-12-10 06:53:08 UTC
Update released for: glibc, glibc-32bit, glibc-debuginfo, glibc-debuginfo-32bit, glibc-debuginfo-64bit, glibc-debuginfo-x86, glibc-debugsource, glibc-devel, glibc-devel-32bit, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-32bit, glibc-locale-x86, glibc-obsolete, glibc-profile, glibc-profile-32bit, glibc-profile-x86, glibc-x86, nscd
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (i386, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 15 Swamp Workflow Management 2013-12-10 12:41:27 UTC
The SWAMPID for this issue is 55384.
This issue was rated as moderate.
Please submit fixed packages until 2013-12-24.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 18 Swamp Workflow Management 2013-12-19 10:04:32 UTC
Update released for: glibc, glibc-devel, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-profile, nscd, timezone
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)
Comment 19 Swamp Workflow Management 2013-12-19 11:04:43 UTC
Update released for: glibc, glibc-32bit, glibc-dceext, glibc-dceext-32bit, glibc-dceext-devel, glibc-debuginfo, glibc-devel, glibc-devel-32bit, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-32bit, glibc-obsolete, glibc-profile, glibc-profile-32bit, nscd
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 20 Swamp Workflow Management 2013-12-19 11:05:53 UTC
Update released for: glibc, glibc-32bit, glibc-debuginfo, glibc-debugsource, glibc-devel, glibc-devel-32bit, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-32bit, glibc-obsolete, glibc-profile, glibc-profile-32bit, nscd
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 21 Marcus Meissner 2014-01-07 15:17:57 UTC
all released
Comment 22 Swamp Workflow Management 2014-09-12 04:04:55 UTC
SUSE-SU-2014:1122-1: An update that solves 7 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 750741,779320,801246,830268,834594,836746,839870,843735,864081,882600,883022,886416,892073
CVE References: CVE-2012-4412,CVE-2013-0242,CVE-2013-4237,CVE-2013-4332,CVE-2013-4788,CVE-2014-4043,CVE-2014-5119
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    glibc-2.11.1-0.58.1
Comment 23 Swamp Workflow Management 2014-09-15 17:04:40 UTC
SUSE-SU-2014:1128-1: An update that solves 6 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 779320,801246,824639,834594,839870,842291,860501,882600,892073,894553,894556
CVE References: CVE-2012-4412,CVE-2013-0242,CVE-2013-4237,CVE-2013-4332,CVE-2014-4043,CVE-2014-5119
Sources used:
SUSE Linux Enterprise Server 10 SP3 LTSS (src):    glibc-2.4-31.77.112.1