Actu
Vigil@nce: glibc, infinite loop via svc_run
January 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can open numerous files, in order to create an
infinite loop in applications using the svc_run() function of the
glibc.
– Severity: 1/4
– Creation date: 17/01/2012
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The svc_run() function of the glibc processes RPC queries, and
calls the requested procedure. This function is a loop which never
exits, and calls the poll() function to wait for an event.
When the process reached its limit of the maximal number of open
files, the accept() function returns the errno EMFILE ("too many
open files") error. However, svc_run() does not manage this case,
and a tight loop starts.
An attacker can therefore open numerous files, in order to create
an infinite loop in applications using the svc_run() function of
the glibc.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/glibc-infinite-loop-via-svc-run-11292
