Glibc Gets Patched For Three Year Old Security Vulnerability

Written by Michael Larabel in GNU on 21 January 2019 at 06:08 PM EST. 7 Comments
GNU
CVE-2016-10739 has been around since April 2016 as implied by the number and finally today this security issue has been fixed in the Git development code for the upcoming Glibc 2.29 GNU C Library.

The CVE-2016-10739 vulnerability is that getaddrinfo() parses IPv4 addresses followed by whitespace and any arbitrary characters. With allowing applications to think a string is a valid IP address when in fact there can be additional text, including new lines -- particularly if it was rogue HTTP header strings appended to that IP or other dangerous text -- it could end up being used for say connecting to say a malicious server.

By itself the vulnerability isn't too dangerous unless exploited with an application calling that function and not carrying out any additional checks. This Red Hat bug report details how this flaw could be paired with Python's httplib to cause an HTTP connection to a malicious server.

This issue is further outlined via this SourceWare bug tracker.

As of this evening, the CVE is addressed by this commit for the upcoming Glibc 2.29 release.
The IPv4 address parser in the getaddrinfo function is changed so that it does not ignore trailing whitespace and all characters after it. For backwards compatibility, the getaddrinfo function still recognizes legacy name syntax, such as 192.000.002.010 interpreted as 192.0.2.8 (octal).

This commit does not change the behavior of inet_addr and inet_aton. gethostbyname already had additional sanity checks (but is switched over to the new __inet_aton_exact function for completeness as well).
7 Comments
Related News
Glibc 2.41 Adds C23's sinpi / cospi / tanpi Functions
GCC 15 Ends Support For Altera Nios II Embedded Processors
GNU Linux-libre 6.12-gnu Continues Dealing With More Blobs In The Kernel
GCC 15 Compiler Development Shifts From Features To Bug Fixing
GCC 15 Moves C Default Language Version To C23
GCC 15 Adds Option For Arm Guarded Control Stack "GCS" Code Generation
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features