[Bug 1926379] Re: stack smashing attack detected in bash host tab completion
Balint Reczey
1926379 at bugs.launchpad.net
Wed Apr 28 13:33:59 UTC 2021
Thank you for the bug report.
The update has been reverted, please downgrade glibc binary packges to
2.31-0ubuntu9.2 until the new update becomes available.
The problem seems to be caused by the fix for LP: #1914044.
** Tags added: regression-update
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1926379
Title:
stack smashing attack detected in bash host tab completion
Status in glibc package in Ubuntu:
New
Bug description:
Hello, this is a speculative bug report at best.
In some long-lived bash terminals, tab completion of hostnames on ping
or ssh commands is printing the glibc stack smashing attempt error
message:
$ ping goog*** stack smashing detected ***: terminated
^C
$ ssh local*** stack smashing detected ***: terminated
host ^C
I installed the glibc update 2.31-0ubuntu9.3
https://lists.ubuntu.com/archives/focal-changes/2021-April/024256.html
earlier today. Shells started *after* this update work fine. Shells
started before this update show this behaviour.
$ cat /proc/$$/maps
55f1986be000-55f1986eb000 r--p 00000000 00:1c 337406 /usr/bin/bash
55f1986eb000-55f19879c000 r-xp 0002d000 00:1c 337406 /usr/bin/bash
55f19879c000-55f1987d3000 r--p 000de000 00:1c 337406 /usr/bin/bash
55f1987d3000-55f1987d7000 r--p 00114000 00:1c 337406 /usr/bin/bash
55f1987d7000-55f1987e0000 rw-p 00118000 00:1c 337406 /usr/bin/bash
55f1987e0000-55f1987ea000 rw-p 00000000 00:00 0
55f19a673000-55f19b057000 rw-p 00000000 00:00 0 [heap]
7f29171e9000-7f29171ec000 r--p 00000000 00:1c 811498 /usr/lib/x86_64-linux-gnu/libnss_files-2.31.so (deleted)
7f29171ec000-7f29171f3000 r-xp 00003000 00:1c 811498 /usr/lib/x86_64-linux-gnu/libnss_files-2.31.so (deleted)
7f29171f3000-7f29171f5000 r--p 0000a000 00:1c 811498 /usr/lib/x86_64-linux-gnu/libnss_files-2.31.so (deleted)
7f29171f5000-7f29171f6000 r--p 0000b000 00:1c 811498 /usr/lib/x86_64-linux-gnu/libnss_files-2.31.so (deleted)
7f29171f6000-7f29171f7000 rw-p 0000c000 00:1c 811498 /usr/lib/x86_64-linux-gnu/libnss_files-2.31.so (deleted)
7f29171f7000-7f29171fd000 rw-p 00000000 00:00 0
7f2917210000-7f2917553000 r--p 00000000 00:1c 813840 /usr/lib/locale/locale-archive (deleted)
7f2917553000-7f2917556000 rw-p 00000000 00:00 0
7f2917556000-7f291757b000 r--p 00000000 00:1c 811482 /usr/lib/x86_64-linux-gnu/libc-2.31.so (deleted)
7f291757b000-7f29176f3000 r-xp 00025000 00:1c 811482 /usr/lib/x86_64-linux-gnu/libc-2.31.so (deleted)
7f29176f3000-7f291773d000 r--p 0019d000 00:1c 811482 /usr/lib/x86_64-linux-gnu/libc-2.31.so (deleted)
7f291773d000-7f291773e000 ---p 001e7000 00:1c 811482 /usr/lib/x86_64-linux-gnu/libc-2.31.so (deleted)
7f291773e000-7f2917741000 r--p 001e7000 00:1c 811482 /usr/lib/x86_64-linux-gnu/libc-2.31.so (deleted)
7f2917741000-7f2917744000 rw-p 001ea000 00:1c 811482 /usr/lib/x86_64-linux-gnu/libc-2.31.so (deleted)
7f2917744000-7f2917748000 rw-p 00000000 00:00 0
7f2917748000-7f2917749000 r--p 00000000 00:1c 811484 /usr/lib/x86_64-linux-gnu/libdl-2.31.so (deleted)
7f2917749000-7f291774b000 r-xp 00001000 00:1c 811484 /usr/lib/x86_64-linux-gnu/libdl-2.31.so (deleted)
7f291774b000-7f291774c000 r--p 00003000 00:1c 811484 /usr/lib/x86_64-linux-gnu/libdl-2.31.so (deleted)
7f291774c000-7f291774d000 r--p 00003000 00:1c 811484 /usr/lib/x86_64-linux-gnu/libdl-2.31.so (deleted)
7f291774d000-7f291774e000 rw-p 00004000 00:1c 811484 /usr/lib/x86_64-linux-gnu/libdl-2.31.so (deleted)
7f291774e000-7f291775c000 r--p 00000000 00:1c 659440 /usr/lib/x86_64-linux-gnu/libtinfo.so.6.2
7f291775c000-7f291776b000 r-xp 0000e000 00:1c 659440 /usr/lib/x86_64-linux-gnu/libtinfo.so.6.2
7f291776b000-7f2917779000 r--p 0001d000 00:1c 659440 /usr/lib/x86_64-linux-gnu/libtinfo.so.6.2
7f2917779000-7f291777d000 r--p 0002a000 00:1c 659440 /usr/lib/x86_64-linux-gnu/libtinfo.so.6.2
7f291777d000-7f291777e000 rw-p 0002e000 00:1c 659440 /usr/lib/x86_64-linux-gnu/libtinfo.so.6.2
7f291777e000-7f2917780000 rw-p 00000000 00:00 0
7f291778c000-7f2917793000 r--s 00000000 00:1c 813296 /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache (deleted)
7f2917793000-7f2917794000 r--p 00000000 00:1c 811474 /usr/lib/x86_64-linux-gnu/ld-2.31.so (deleted)
7f2917794000-7f29177b7000 r-xp 00001000 00:1c 811474 /usr/lib/x86_64-linux-gnu/ld-2.31.so (deleted)
7f29177b7000-7f29177bf000 r--p 00024000 00:1c 811474 /usr/lib/x86_64-linux-gnu/ld-2.31.so (deleted)
7f29177c0000-7f29177c1000 r--p 0002c000 00:1c 811474 /usr/lib/x86_64-linux-gnu/ld-2.31.so (deleted)
7f29177c1000-7f29177c2000 rw-p 0002d000 00:1c 811474 /usr/lib/x86_64-linux-gnu/ld-2.31.so (deleted)
7f29177c2000-7f29177c3000 rw-p 00000000 00:00 0
7ffd864bb000-7ffd864dc000 rw-p 00000000 00:00 0 [stack]
7ffd865b4000-7ffd865b7000 r--p 00000000 00:00 0 [vvar]
7ffd865b7000-7ffd865b8000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0 [vsyscall]
$
Thanks
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: libc6 2.31-0ubuntu9.3
ProcVersionSignature: Ubuntu 5.4.0-71.79-generic 5.4.101
Uname: Linux 5.4.0-71-generic x86_64
NonfreeKernelModules: lkp_Ubuntu_5_4_0_71_79_generic_76 zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu27.16
Architecture: amd64
CasperMD5CheckResult: skip
Date: Tue Apr 27 23:30:08 2021
ProcEnviron:
TERM=rxvt-unicode-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: glibc
UpgradeStatus: Upgraded to focal on 2020-01-24 (459 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1926379/+subscriptions
More information about the foundations-bugs
mailing list