[Bug 413278]
Kimolsun2020
413278 at bugs.launchpad.net
Sun Sep 5 07:39:00 UTC 2021
http://www.iu-bloomington.com/
https://komiya-dental.com/
http://steemfilter.space/
http://michielleunens.tech/
http://sleepypoetstuff.website/
http://biciclubvalencia.website/
http://reputation-management.site/
http://pitesti.online/
http://tobuweb.space/
http://ancientmariners.online/
http://betwsycoednet.online
http://kuzin.website
http://kundaliniyoga.tech
http://localpay.tech
http://my-iframe.online
http://getimov.xyz/
http://ooviv.xyz/
http://mirei.xyz
http://toblek.xyz/
http://sevenwonders.store
http://peralga.xyz/
https://texastourgear.live
http://freixenet.site/influencerprogramme/
http://timvanorden.store/
http://rhee.tech/
http://f3group.online/
https://www.hlungomare.store/
https://www.lungomarebikehotel.store
http://www.lvmaimai.xyz/
https://sozdanie.site/
http://www.tabletshop.xyz/
http://steroidslegit.xyz/
http://ruirui.store/
http://www.foamhands.store/
http://www.i-obchody.info/
http://naughtyrobot.digital/
https://www.webb-dev.co.uk/
https://waytowhatsnext.com/
http://troubadourtunes.online/
http://www.babygadgets.xyz/
http://agens128.site/
http://hydra-official.site/
http://www.gardensupplies.xyz/
http://www.learntosurf.xyz/
http://www.handmadecandle.xyz/
http://www.divingcourses.xyz/
http://www.vapingpro.xyz/
http://www.partypieces.xyz/
http://www.cookwareonline.xyz/
http://www.fencesuppliers.xyz/
http://alaskamysterypictures.website/
http://j70sanfranciscobay.website
http://vloerverwarming.xyz/
http://koffieautomaat.xyz/
http://motherlode.store/
http://yamaro-everyfish.store/
http://ipatovo.store/
http://tinguely.site/
http://wasillahomes.website/
http://www-look-4.com/
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/413278
Title:
stack protector guard value does not lead with a NULL byte
Status in GLibC:
Fix Released
Status in eglibc package in Ubuntu:
Fix Released
Status in glibc package in Ubuntu:
Invalid
Status in eglibc source package in Jaunty:
Invalid
Status in glibc source package in Jaunty:
Fix Released
Status in eglibc source package in Karmic:
Fix Released
Status in glibc source package in Karmic:
Invalid
Bug description:
IMPACT: stack protections are weakened due to strcpy function being able to write the stack guard (since it does not start with a zero byte).
ADDRESSED: correctly implement leading zero, as done in Karmic.
DISCUSSION: regression potential is low, since the patch is isolated and well tested.
TEST CASE:
$ bzr branch lp:~ubuntu-bugcontrol/qa-regression-testing/master qa-regression-testing
$ cd qa-regression-testing/scripts
$ ./test-glibc-security.py -v
Build helper tools ... (9.10) ok
glibc heap protection ... ok
sprintf not pre-truncated with -D_FORTIFY_SOURCE=2 ... ok
glibc pointer obfuscation ... ok
Password hashes ... (sha512) ok
Stack guard exists ... ok
Stack guard leads with zero byte ... FAIL
Stack guard is randomized ... ok
======================================================================
FAIL: Stack guard leads with zero byte
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-glibc-security.py", line 170, in test_81_stack_guard_leads_zero
self.assertEqual(one.startswith('00 '), expected, one)
AssertionError: 62 55 59 69 cd 20 39 80
----------------------------------------------------------------------
Ran 8 tests in 0.145s
FAILED (failures=1)
expected outcome: 0 failures.
ProblemType: Bug
Architecture: amd64
Date: Thu Aug 13 13:59:02 2009
Dependencies:
findutils 4.4.2-1
gcc-4.4-base 4.4.1-1ubuntu3
libc6 2.10.1-0ubuntu6
libgcc1 1:4.4.1-1ubuntu3
DistroRelease: Ubuntu 9.10
Package: libc6 2.10.1-0ubuntu6
ProcEnviron:
LANGUAGE=en_US.UTF-8
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-5.24-generic
SourcePackage: eglibc
Uname: Linux 2.6.31-5-generic x86_64
To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/413278/+subscriptions
More information about the foundations-bugs
mailing list