Package: libc6 Version: 2.11.2-10 Severity: normal
http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/ Running the example program results in a crash. Note that this can be leveraged to exploit multiple ftp daemons (as disclosed earlier today): http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html (I ran the test on a different machine than I am reporting from on because the machine I am reporting from is using grsecurity. I can provide further information if requested). -- System Information: Debian Release: 6.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (x86_64) Kernel: Linux 3.0.8-1-grsec (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libc6 depends on: ii libc-bin 2.11.2-10 Embedded GNU C Library: Binaries ii libgcc1 1:4.4.5-8 GCC support library Versions of packages libc6 recommends: ii libc6-i686 2.11.2-10 Embedded GNU C Library: Shared lib Versions of packages libc6 suggests: ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii glibc-doc 2.11.2-10 Embedded GNU C Library: Documentat ii locales 2.11.2-10 Embedded GNU C Library: National L -- debconf information: glibc/upgrade: true glibc/disable-screensaver: glibc/restart-failed: * glibc/restart-services: postfix openbsd-inetd mysql cron -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
