[Bug 370261] Re: nvram-wakeup buffer overflow detected
Kees Cook
kees at ubuntu.com
Sun May 17 16:29:05 UTC 2009
(While intrepid's version technically works, if it were recompiled for
another SRU, it would fail. For now, in the interests of minimal
changes and no regressions, intrepid can be skipped.)
** Changed in: nvram-wakeup (Ubuntu Jaunty)
Status: Triaged => In Progress
** Changed in: nvram-wakeup (Ubuntu Intrepid)
Status: Triaged => In Progress
** Description changed:
Binary package hint: nvram-wakeup
nvram-wakeup 0.97-14lenny1 triggers buffer overflow protection (fortify?):
+ SRU STATEMENT: Package does not function at all on Intrepid and Jaunty, fixing the overflow solves this.
+ ADDRESSED: buffer overflow was identified and fixed.
+ REPRODUCE: sudo nvram-wakeup -A -C /etc/nvram-wakeup.conf --settime 1441154840
+ REGRESSION POTENTIAL: none -- the package does not work at all currently.
+
+
/usr/sbin/nvram-wakeup -A -C /etc/nvram-wakeup.conf --settime
1241154840
*** buffer overflow detected ***: /usr/sbin/nvram-wakeup terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7f24da8]
/lib/tls/i686/cmov/libc.so.6[0xb7f22eb0]
/lib/tls/i686/cmov/libc.so.6[0xb7f225a8]
/lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0xc8)[0xb7e94bb8]
/lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0x6f3)[0xb7e66f23]
/lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xa4)[0xb7f22654]
/lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0xb7f2259d]
/usr/sbin/nvram-wakeup[0x80522b9]
/usr/sbin/nvram-wakeup[0x80499ab]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7e3d775]
/usr/sbin/nvram-wakeup[0x8048d71]
======= Memory map: ========
08048000-0805f000 r-xp 00000000 08:02 783832 /usr/sbin/nvram-wakeup
0805f000-08060000 r--p 00016000 08:02 783832 /usr/sbin/nvram-wakeup
08060000-08061000 rw-p 00017000 08:02 783832 /usr/sbin/nvram-wakeup
08966000-08987000 rw-p 08966000 00:00 0 [heap]
b7e17000-b7e24000 r-xp 00000000 08:02 589901 /lib/libgcc_s.so.1
b7e24000-b7e25000 r--p 0000c000 08:02 589901 /lib/libgcc_s.so.1
b7e25000-b7e26000 rw-p 0000d000 08:02 589901 /lib/libgcc_s.so.1
b7e26000-b7e27000 rw-p b7e26000 00:00 0
b7e27000-b7f83000 r-xp 00000000 08:02 598956 /lib/tls/i686/cmov/libc-2.9.so
b7f83000-b7f84000 ---p 0015c000 08:02 598956 /lib/tls/i686/cmov/libc-2.9.so
b7f84000-b7f86000 r--p 0015c000 08:02 598956 /lib/tls/i686/cmov/libc-2.9.so
b7f86000-b7f87000 rw-p 0015e000 08:02 598956 /lib/tls/i686/cmov/libc-2.9.so
b7f87000-b7f8a000 rw-p b7f87000 00:00 0
b7f9d000-b7f9f000 rw-p b7f9d000 00:00 0
b7f9f000-b7fa0000 r-xp b7f9f000 00:00 0 [vdso]
b7fa0000-b7fbc000 r-xp 00000000 08:02 589858 /lib/ld-2.9.so
b7fbc000-b7fbd000 r--p 0001b000 08:02 589858 /lib/ld-2.9.so
b7fbd000-b7fbe000 rw-p 0001c000 08:02 589858 /lib/ld-2.9.so
bfca9000-bfcbe000 rw-p bffeb000 00:00 0 [stack]
Aborted
temporary workaround: compile with -D_FORTIFY_SOURCE=0 -fno-stack-
protector
** Changed in: nvram-wakeup (Ubuntu Intrepid)
Assignee: (unassigned) => Kees Cook (kees)
** Changed in: nvram-wakeup (Ubuntu Jaunty)
Assignee: (unassigned) => Kees Cook (kees)
** Description changed:
Binary package hint: nvram-wakeup
nvram-wakeup 0.97-14lenny1 triggers buffer overflow protection (fortify?):
SRU STATEMENT: Package does not function at all on Intrepid and Jaunty, fixing the overflow solves this.
ADDRESSED: buffer overflow was identified and fixed.
- REPRODUCE: sudo nvram-wakeup -A -C /etc/nvram-wakeup.conf --settime 1441154840
+ TEST CASE: sudo nvram-wakeup -A -C /etc/nvram-wakeup.conf --settime 1441154840
REGRESSION POTENTIAL: none -- the package does not work at all currently.
/usr/sbin/nvram-wakeup -A -C /etc/nvram-wakeup.conf --settime
1241154840
*** buffer overflow detected ***: /usr/sbin/nvram-wakeup terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7f24da8]
/lib/tls/i686/cmov/libc.so.6[0xb7f22eb0]
/lib/tls/i686/cmov/libc.so.6[0xb7f225a8]
/lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0xc8)[0xb7e94bb8]
/lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0x6f3)[0xb7e66f23]
/lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xa4)[0xb7f22654]
/lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0xb7f2259d]
/usr/sbin/nvram-wakeup[0x80522b9]
/usr/sbin/nvram-wakeup[0x80499ab]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7e3d775]
/usr/sbin/nvram-wakeup[0x8048d71]
======= Memory map: ========
08048000-0805f000 r-xp 00000000 08:02 783832 /usr/sbin/nvram-wakeup
0805f000-08060000 r--p 00016000 08:02 783832 /usr/sbin/nvram-wakeup
08060000-08061000 rw-p 00017000 08:02 783832 /usr/sbin/nvram-wakeup
08966000-08987000 rw-p 08966000 00:00 0 [heap]
b7e17000-b7e24000 r-xp 00000000 08:02 589901 /lib/libgcc_s.so.1
b7e24000-b7e25000 r--p 0000c000 08:02 589901 /lib/libgcc_s.so.1
b7e25000-b7e26000 rw-p 0000d000 08:02 589901 /lib/libgcc_s.so.1
b7e26000-b7e27000 rw-p b7e26000 00:00 0
b7e27000-b7f83000 r-xp 00000000 08:02 598956 /lib/tls/i686/cmov/libc-2.9.so
b7f83000-b7f84000 ---p 0015c000 08:02 598956 /lib/tls/i686/cmov/libc-2.9.so
b7f84000-b7f86000 r--p 0015c000 08:02 598956 /lib/tls/i686/cmov/libc-2.9.so
b7f86000-b7f87000 rw-p 0015e000 08:02 598956 /lib/tls/i686/cmov/libc-2.9.so
b7f87000-b7f8a000 rw-p b7f87000 00:00 0
b7f9d000-b7f9f000 rw-p b7f9d000 00:00 0
b7f9f000-b7fa0000 r-xp b7f9f000 00:00 0 [vdso]
b7fa0000-b7fbc000 r-xp 00000000 08:02 589858 /lib/ld-2.9.so
b7fbc000-b7fbd000 r--p 0001b000 08:02 589858 /lib/ld-2.9.so
b7fbd000-b7fbe000 rw-p 0001c000 08:02 589858 /lib/ld-2.9.so
bfca9000-bfcbe000 rw-p bffeb000 00:00 0 [stack]
Aborted
temporary workaround: compile with -D_FORTIFY_SOURCE=0 -fno-stack-
protector
** Changed in: nvram-wakeup (Ubuntu Intrepid)
Status: In Progress => Invalid
** Description changed:
Binary package hint: nvram-wakeup
nvram-wakeup 0.97-14lenny1 triggers buffer overflow protection (fortify?):
- SRU STATEMENT: Package does not function at all on Intrepid and Jaunty, fixing the overflow solves this.
+ SRU STATEMENT: Package does not function at all on Jaunty, fixing the overflow solves this.
ADDRESSED: buffer overflow was identified and fixed.
TEST CASE: sudo nvram-wakeup -A -C /etc/nvram-wakeup.conf --settime 1441154840
REGRESSION POTENTIAL: none -- the package does not work at all currently.
/usr/sbin/nvram-wakeup -A -C /etc/nvram-wakeup.conf --settime
1241154840
*** buffer overflow detected ***: /usr/sbin/nvram-wakeup terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7f24da8]
/lib/tls/i686/cmov/libc.so.6[0xb7f22eb0]
/lib/tls/i686/cmov/libc.so.6[0xb7f225a8]
/lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0xc8)[0xb7e94bb8]
/lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0x6f3)[0xb7e66f23]
/lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xa4)[0xb7f22654]
/lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0xb7f2259d]
/usr/sbin/nvram-wakeup[0x80522b9]
/usr/sbin/nvram-wakeup[0x80499ab]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7e3d775]
/usr/sbin/nvram-wakeup[0x8048d71]
======= Memory map: ========
08048000-0805f000 r-xp 00000000 08:02 783832 /usr/sbin/nvram-wakeup
0805f000-08060000 r--p 00016000 08:02 783832 /usr/sbin/nvram-wakeup
08060000-08061000 rw-p 00017000 08:02 783832 /usr/sbin/nvram-wakeup
08966000-08987000 rw-p 08966000 00:00 0 [heap]
b7e17000-b7e24000 r-xp 00000000 08:02 589901 /lib/libgcc_s.so.1
b7e24000-b7e25000 r--p 0000c000 08:02 589901 /lib/libgcc_s.so.1
b7e25000-b7e26000 rw-p 0000d000 08:02 589901 /lib/libgcc_s.so.1
b7e26000-b7e27000 rw-p b7e26000 00:00 0
b7e27000-b7f83000 r-xp 00000000 08:02 598956 /lib/tls/i686/cmov/libc-2.9.so
b7f83000-b7f84000 ---p 0015c000 08:02 598956 /lib/tls/i686/cmov/libc-2.9.so
b7f84000-b7f86000 r--p 0015c000 08:02 598956 /lib/tls/i686/cmov/libc-2.9.so
b7f86000-b7f87000 rw-p 0015e000 08:02 598956 /lib/tls/i686/cmov/libc-2.9.so
b7f87000-b7f8a000 rw-p b7f87000 00:00 0
b7f9d000-b7f9f000 rw-p b7f9d000 00:00 0
b7f9f000-b7fa0000 r-xp b7f9f000 00:00 0 [vdso]
b7fa0000-b7fbc000 r-xp 00000000 08:02 589858 /lib/ld-2.9.so
b7fbc000-b7fbd000 r--p 0001b000 08:02 589858 /lib/ld-2.9.so
b7fbd000-b7fbe000 rw-p 0001c000 08:02 589858 /lib/ld-2.9.so
bfca9000-bfcbe000 rw-p bffeb000 00:00 0 [stack]
Aborted
temporary workaround: compile with -D_FORTIFY_SOURCE=0 -fno-stack-
protector
--
nvram-wakeup buffer overflow detected
https://bugs.launchpad.net/bugs/370261
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list