ID CVE-2012-3480
Summary Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
References
Vulnerable Configurations
  • GNU glibc 2.16
    cpe:2.3:a:gnu:glibc:2.16
CVSS
Base: 4.6 (as of 27-08-2012 - 10:51)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description GNU glibc Multiple Local Stack Buffer Overflow Vulnerabilities. CVE-2012-3480. Local exploit for linux platform
id EDB-ID:37631
last seen 2016-02-04
modified 2012-08-13
published 2012-08-13
reporter Joseph S. Myer
source https://www.exploit-db.com/download/37631/
title GNU glibc Multiple Local Stack Buffer Overflow Vulnerabilities
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1325.NASL
    description An updated rhev-hypervisor6 package that fixes multiple security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. (CVE-2012-3515) This flaw did not affect the default use of Red Hat Enterprise Virtualization Hypervisor: it is not possible to add a device that uses a virtual console back-end via Red Hat Enterprise Virtualization Manager. To specify a virtual console back-end for a device and therefore be vulnerable to this issue, the device would have to be created another way, for example, by using a VDSM hook. Note that at this time hooks can only be used on Red Hat Enterprise Linux hosts, not Red Hat Enterprise Virtualization Hypervisor. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) Red Hat would like to thank the Xen project for reporting the CVE-2012-3515 issue. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2012-4244 (bind issue) CVE-2012-3524 (dbus issue) CVE-2012-2313, CVE-2012-2384, CVE-2012-2390, CVE-2012-3430, and CVE-2012-3552 (kernel issues) CVE-2012-3445 (libvirt issue) CVE-2011-3102 and CVE-2012-2807 (libxml2 issues) CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, and CVE-2012-2893 (libxslt issues) This updated Red Hat Enterprise Virtualization Hypervisor package also fixes the following bug : * Previously, the Manager listed all installed Hypervisor ISO images as available even when they did not support the VDSM compatibility version required by the selected host. The rhev-hypervisor6 package now maintains a text file for each installed ISO image. The file lists the VDSM compatibility versions supported by the relevant ISO image. The Manager uses this information to ensure that only those Hypervisor ISO images that are relevant to the selected host are listed. (BZ#856827) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 78935
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78935
    title RHEL 6 : rhev-hypervisor6 (RHSA-2012:1325)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2013-1287-1.NASL
    description This collective update for the GNU C library (glibc) provides the following fixes and enhancements : Security issues fixed : - Fix stack overflow in getaddrinfo with many results. (bnc#813121, CVE-2013-1914) - Fixed another stack overflow in getaddrinfo with many results (bnc#828637) - Fix buffer overflow in glob. (bnc#691365) (CVE-2010-4756) - Fix array overflow in floating point parser [bnc#775690] (CVE-2012-3480) - Fix strtod integer/buffer overflows [bnc#775690] (CVE-2012-3480) Make addmntent return errors also for cached streams. [bnc #676178, CVE-2011-1089] - Fix overflows in vfprintf. [bnc #770891, CVE 2012-3406] - Add vfprintf-nargs.diff for possible format string overflow. [bnc #747768, CVE-2012-0864] - Check values from file header in __tzfile_read. [bnc #735850, CVE-2009-5029] Also several bugs were fixed : - Fix locking in _IO_cleanup. (bnc#796982) - Fix memory leak in execve. (bnc#805899) Fix nscd timestamps in logging (bnc#783196) - Fix perl script error message (bnc#774467) - Fall back to localhost if no nameserver defined (bnc#818630) - Fix incomplete results from nscd. [bnc #753756] - Fix a deadlock in dlsym in case the symbol isn't found, for multithreaded programs. [bnc #760216] - Fix problem with TLS and dlopen. [#732110] - Backported regex fix for skipping of valid EUC-JP matches [bnc#743689] - Fixed false regex match on incomplete chars in EUC-JP [bnc#743689] - Add glibc-pmap-timeout.diff in order to fix useless connection attempts to NFS servers. [bnc #661460] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-31
    plugin id 83597
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83597
    title SUSE SLES10 Security Update : glibc (SUSE-SU-2013:1287-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2012-1667-1.NASL
    description This update for GNU C library (glibc) fixes multiple integer overflows in strtod and related functions. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 83570
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83570
    title SUSE SLED10 / SLES10 Security Update : glibc (SUSE-SU-2012:1667-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-1208.NASL
    description From Red Hat Security Advisory 2012:1208 : Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) All users of glibc are advised to upgrade to these updated packages, which contain a backported patch to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68606
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68606
    title Oracle Linux 6 : glibc (ELSA-2012-1208)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1208.NASL
    description Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) All users of glibc are advised to upgrade to these updated packages, which contain a backported patch to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 61691
    published 2012-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61691
    title RHEL 6 : glibc (RHSA-2012:1208)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1207.NASL
    description Updated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) This update also fixes the following bug : * Previously, logic errors in various mathematical functions, including exp, exp2, expf, exp2f, pow, sin, tan, and rint, caused inconsistent results when the functions were used with the non-default rounding mode. This could also cause applications to crash in some cases. With this update, the functions now give correct results across the four different rounding modes. (BZ#839411) All users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 61690
    published 2012-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61690
    title RHEL 5 : glibc (RHSA-2012:1207)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2013-1251-1.NASL
    description This collective update for the GNU C library (glibc) provides the following fixes and enhancements : Security issues fixed : - Fix stack overflow in getaddrinfo with many results. (bnc#813121, CVE-2013-1914) - Fix a different stack overflow in getaddrinfo with many results. (bnc#828637) - Fix array overflow in floating point parser [bnc#775690] (CVE-2012-3480) - Fix strtod integer/buffer overflows [bnc#775690] (CVE-2012-3480) - Add patches for fix overflows in vfprintf. [bnc #770891, CVE-2012-3405, CVE-2012-3406] - Fix buffer overflow in glob. (bnc#691365) (CVE-2010-4756) - Flush stream in addmntent, to catch errors like reached file size limits. [bnc #676178, CVE-2011-1089] Bugs fixed : - Fix locking in _IO_cleanup. (bnc#796982) - Fix resolver when first query fails, but seconds succeeds. [bnc #767266] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-31
    plugin id 83594
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83594
    title SUSE SLES11 Security Update : glibc (SUSE-SU-2013:1251-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1262.NASL
    description An updated rhev-hypervisor5 package that fixes multiple security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. (CVE-2012-3515) Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) Red Hat would like to thank the Xen project for reporting the CVE-2012-3515 issue. This updated package provides updated components that include various bug fixes, as well as a fix for CVE-2012-3515 in the xen package; however, for this component, it had no security impact on Red Hat Enterprise Virtualization Hypervisor itself. Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 78933
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78933
    title RHEL 5 : rhev-hypervisor5 (RHSA-2012:1262)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2012-0018.NASL
    description a. vCenter Server Appliance directory traversal The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6324 to this issue. b. vCenter Server Appliance arbitrary file download The vCenter Server Appliance (vCSA) contains an XML parsing vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6325 to this issue. c. Update to ESX glibc package The ESX glibc package is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864 CVE-2012-3404, CVE-2012-3405, CVE-2012-3406 and CVE-2012-3480 to these issues. d. vCenter Server and vCSA webservice logging denial of service The vCenter Server and vCenter Server Appliance (vCSA) both contain a vulnerability that allows unauthenticated remote users to create abnormally large log entries. Exploitation of this issue may allow an attacker to fill the system volume of the vCenter host or appliance VM and create a denial-of-service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6326 to this issue.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 63332
    published 2012-12-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63332
    title VMSA-2012-0018 : VMware security updates for vCSA and ESXi
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120827_GLIBC_ON_SL6_X.NASL
    description The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) All users of glibc are advised to upgrade to these updated packages, which contain a backported patch to correct these issues.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61693
    published 2012-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61693
    title Scientific Linux Security Update : glibc on SL6.x i386/x86_64
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_1_BUILD_1063671_REMOTE.NASL
    description The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities : - An integer overflow condition exists in the glibc library in the __tzfile_read() function that allows a denial of service or arbitrary code execution. (CVE-2009-5029) - An error exists in the glibc library related to modified loaders and 'LD_TRACE_LOADED_OBJECTS' checks that allow arbitrary code execution. This issue is disputed by the creators of glibc. (CVE-2009-5064) - An integer signedness error exists in the elf_get_dynamic_info() function in elf/dynamic-link.h that allows arbitrary code execution. (CVE-2010-0830) - An error exists in the glibc library in the addmntent() function that allows a corruption of the '/etc/mtab' file. (CVE-2011-1089) - An error exists in the libxslt library in the xsltGenerateIdFunction() function that allows the disclosure of sensitive information. (CVE-2011-1202) - An off-by-one overflow condition exists in the xmlXPtrEvalXPtrPart() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2011-3102) - An out-of-bounds read error exists in the libxslt library in the xsltCompilePatternInternal() function that allows a denial of service. (CVE-2011-3970) - An error exists in the glibc library in the svc_run() function that allows a denial of service. (CVE-2011-4609) - An overflow error exists in the glibc library in the printf() function related to 'nargs' parsing that allows arbitrary code execution. (CVE-2012-0864) - Multiple integer overflow conditions exist due to improper validation of user-supplied input when handling overly long strings. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-2807) - Multiple type-confusion errors exist in the 'IS_XSLT_ELEM' macro and the xsltApplyTemplates() function that allow a denial of service or the disclosure of sensitive information. (CVE-2012-2825, CVE-2012-2871) - A use-after-free error exists in the libxslt library in the xsltGenerateIdFunction() function that allows a denial of service or arbitrary code execution. (CVE-2012-2870) - Multiple format string error exist in glibc that allow arbitrary code execution. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406) - Multiple overflow errors exist in the glibc functions strtod(), strtof(), strtold(), and strtod_l() that allow arbitrary code execution. (CVE-2012-3480) - A heap-based underflow condition exists in the bundled libxml2 library due to incorrect parsing of strings not containing an expected space. A remote attacker can exploit this, via a specially crafted XML document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-5134) - An arbitrary file modification vulnerability due to improper handling of certain Virtual Machine file descriptors. A local attacker can exploit this to read or modify arbitrary files. (CVE-2013-5973)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 70886
    published 2013-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70886
    title ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-11928.NASL
    description - Fix integer overflow leading to buffer overflow in strto* (#847718) Avoid unbound alloca in vfprintf. (#841318) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 61686
    published 2012-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61686
    title Fedora 16 : glibc-2.14.90-24.fc16.9 (2012-11928)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-11963.NASL
    description - Fix integer overflow leading to buffer overflow in strto* (#847718) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 62130
    published 2012-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62130
    title Fedora 18 : glibc-2.16-8.fc18 (2012-11963)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120827_GLIBC_ON_SL5_X.NASL
    description The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) This update also fixes the following bug : - Previously, logic errors in various mathematical functions, including exp, exp2, expf, exp2f, pow, sin, tan, and rint, caused inconsistent results when the functions were used with the non-default rounding mode. This could also cause applications to crash in some cases. With this update, the functions now give correct results across the four different rounding modes. All users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61692
    published 2012-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61692
    title Scientific Linux Security Update : glibc on SL5.x i386/x86_64
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2012-244-01.NASL
    description New glibc packages are available for Slackware 13.1, 13.37, and -current to fix security issues.
    last seen 2019-01-03
    modified 2019-01-02
    plugin id 61748
    published 2012-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61748
    title Slackware 13.1 / 13.37 / current : glibc (SSA:2012-244-01)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1589-1.NASL
    description It was discovered that positional arguments to the printf() family of functions were not handled properly in the GNU C Library. An attacker could possibly use this to cause a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406) It was discovered that multiple integer overflows existed in the strtod(), strtof() and strtold() functions in the GNU C Library. An attacker could possibly use this to trigger a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. (CVE-2012-3480). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 62388
    published 2012-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62388
    title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : eglibc, glibc vulnerabilities (USN-1589-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1589-2.NASL
    description USN-1589-1 fixed vulnerabilities in the GNU C Library. One of the updates exposed a regression in the floating point parser. This update fixes the problem. We apologize for the inconvenience. It was discovered that positional arguments to the printf() family of functions were not handled properly in the GNU C Library. An attacker could possibly use this to cause a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406) It was discovered that multiple integer overflows existed in the strtod(), strtof() and strtold() functions in the GNU C Library. An attacker could possibly use this to trigger a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. (CVE-2012-3480). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 63285
    published 2012-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63285
    title Ubuntu 8.04 LTS : glibc regression (USN-1589-2)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-120.NASL
    description Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69610
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69610
    title Amazon Linux AMI : glibc (ALAS-2012-120)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-1207.NASL
    description Updated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) This update also fixes the following bug : * Previously, logic errors in various mathematical functions, including exp, exp2, expf, exp2f, pow, sin, tan, and rint, caused inconsistent results when the functions were used with the non-default rounding mode. This could also cause applications to crash in some cases. With this update, the functions now give correct results across the four different rounding modes. (BZ#839411) All users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 61683
    published 2012-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61683
    title CentOS 5 : glibc (CESA-2012:1207)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-1208.NASL
    description Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) All users of glibc are advised to upgrade to these updated packages, which contain a backported patch to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 61720
    published 2012-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61720
    title CentOS 6 : glibc (CESA-2012:1208)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-1207.NASL
    description From Red Hat Security Advisory 2012:1207 : Updated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) This update also fixes the following bug : * Previously, logic errors in various mathematical functions, including exp, exp2, expf, exp2f, pow, sin, tan, and rint, caused inconsistent results when the functions were used with the non-default rounding mode. This could also cause applications to crash in some cases. With this update, the functions now give correct results across the four different rounding modes. (BZ#839411) All users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68605
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68605
    title Oracle Linux 5 : glibc (ELSA-2012-1207)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-11927.NASL
    description - Fix integer overflow leading to buffer overflow in strto* (#847718) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 61584
    published 2012-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61584
    title Fedora 17 : glibc-2.15-56.fc17 (2012-11927)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_GLIBC-121129.NASL
    description This collective update for the GNU C library (glibc) provides the following fixes : - Fix strtod integer/buffer overflows. (bnc#775690, CVE-2012-3480) - Fix vfprintf handling of many format specifiers. (bnc#770891, CVE-2012-3404 / CVE-2012-3405 / CVE-2012-3406) - Fix pthread_cond_timedwait stack unwinding. (bnc#750741, bnc#777233) - Improve fix for dynamic library unloading. (bnc#783060) - Fix resolver when first query fails, but second one succeeds. (bnc#767266)
    last seen 2019-02-21
    modified 2016-02-28
    plugin id 64150
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64150
    title SuSE 11.2 Security Update : glibc (SAT Patch Number 7110)
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_0_BUILD_912577_REMOTE.NASL
    description The remote VMware ESXi 5.0 host is affected by Multiple Vulnerabilities : - An integer overflow condition exists in the __tzfile_read() function in the glibc library. An unauthenticated, remote attacker can exploit this, via a crafted timezone (TZ) file, to cause a denial of service or the execution of arbitrary code. (CVE-2009-5029) - ldd in the glibc library is affected by a privilege escalation vulnerability due to the omission of certain LD_TRACE_LOADED_OBJECTS checks in a crafted executable file. Note that this vulnerability is disputed by the library vendor. (CVE-2009-5064) - A remote code execution vulnerability exists in the glibc library due to an integer signedness error in the elf_get_dynamic_info() function when the '--verify' option is used. A remote attacker can exploit this by using a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. (CVE-2010-0830) - A flaw exists in OpenSSL due to a failure to properly prevent modification of the ciphersuite in the session cache when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled. A remote attacker can exploit this to force a downgrade to an unintended cipher by intercepting the network traffic to discover a session identifier. (CVE-2010-4180) - A flaw exists in OpenSSL due to a failure to properly validate the public parameters in the J-PAKE protocol when J-PAKE is enabled. A remote attacker can exploit this, by sending crafted values in each round of the protocol, to bypass the need for knowledge of the shared secret. (CVE-2010-4252) - A out-of-bounds memory error exists in OpenSSL that allows a remote attacker to cause a denial of service or possibly obtain sensitive information by using a malformed ClientHello handshake message. This is also known as the 'OCSP stapling vulnerability'. (CVE-2011-0014) - A flaw exists in the addmntent() function in the glibc library due to a failure to report the error status for failed attempts to write to the /etc/mtab file. A local attacker can exploit this to corrupt the file by using writes from a process with a small RLIMIT_FSIZE value. (CVE-2011-1089) - A flaw exists in the png_set_text_2() function in the file pngset.c in the libpng library due to a failure to properly allocate memory. An unauthenticated, remote attacker can exploit this, via a crafted text chunk in a PNG image file, to trigger a heap-based buffer overflow, resulting in denial of service or the execution of arbitrary code. (CVE-2011-3048) - A flaw exists in the DTLS implementation in OpenSSL due to performing a MAC check only if certain padding is valid. A remote attacker can exploit this, via a padding oracle attack, to recover the plaintext. (CVE-2011-4108) - A double-free error exists in OpenSSL when the X509_V_FLAG_POLICY_CHECK is enabled. A remote attacker can exploit this by triggering a policy check failure, resulting in an unspecified impact. (CVE-2011-4109) - A flaw exists in OpenSSL in the SSL 3.0 implementation due to improper initialization of data structures used for block cipher padding. A remote attacker can exploit this, by decrypting the padding data sent by an SSL peer, to obtain sensitive information. (CVE-2011-4576) - A denial of service vulnerability exists in OpenSSL when RFC 3779 support is enabled. A remote attacker can exploit this to cause an assertion failure, by using an X.509 certificate containing certificate extension data associated with IP address blocks or Autonomous System (AS) identifiers. (CVE-2011-4577) - A denial of service vulnerability exists in the RPC implementation in the glibc library due to a flaw in the svc_run() function. A remote attacker can exploit this, via large number of RPC connections, to exhaust CPU resources. (CVE-2011-4609) - A denial of service vulnerability exists in the Server Gated Cryptography (SGC) implementation in OpenSSL due to a failure to properly handle handshake restarts. A remote attacker can exploit this, via unspecified vectors, to exhaust CPU resources. (CVE-2011-4619) - A denial of service vulnerability exists in OpenSSL due to improper support of DTLS applications. A remote attacker can exploit this, via unspecified vectors related to an out-of-bounds read error. Note that this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050) - A security bypass vulnerability exists in the glibc library due to an integer overflow condition in the vfprintf() function in file stdio-common/vfprintf.c. An attacker can exploit this, by using a large number of arguments, to bypass the FORTIFY_SOURCE protection mechanism, allowing format string attacks or writing to arbitrary memory. (CVE-2012-0864) - A denial of service vulnerability exists in the glibc library in the vfprintf() function in file stdio-common/vfprintf.c due to a failure to properly calculate a buffer length. An attacker can exploit this, via a format string that uses positional parameters and many format specifiers, to bypass the FORTIFY_SOURCE format-string protection mechanism, thus causing stack corruption and a crash. (CVE-2012-3404) - A denial of service vulnerability exists in the glibc library in the vfprintf() function in file stdio-common/vfprintf.c due to a failure to properly calculate a buffer length. An attacker can exploit this, via a format string with a large number of format specifiers, to bypass the FORTIFY_SOURCE format-string protection mechanism, thus triggering desynchronization within the buffer size handling, resulting in a segmentation fault and crash. (CVE-2012-3405) - A flaw exists in the glibc library in the vfprintf() function in file stdio-common/vfprintf.c due to a failure to properly restrict the use of the alloca() function when allocating the SPECS array. An attacker can exploit this, via a crafted format string using positional parameters and a large number of format specifiers, to bypass the FORTIFY_SOURCE format-string protection mechanism, thus triggering a denial of service or the possible execution of arbitrary code. (CVE-2012-3406) - A flaw exists in the glibc library due to multiple integer overflow conditions in the strtod(), strtof(), strtold(), strtod_l(), and other unspecified related functions. A local attacker can exploit these to trigger a stack-based buffer overflow, resulting in an application crash or the possible execution of arbitrary code. (CVE-2012-3480) - A privilege escalation vulnerability exists in the Virtual Machine Communication Interface (VMCI) due to a failure by control code to properly restrict memory allocation. A local attacker can exploit this, via unspecified vectors, to gain privileges. (CVE-2013-1406) - An error exists in the implementation of the Network File Copy (NFC) protocol. A man-in-the-middle attacker can exploit this, by modifying the client-server data stream, to cause a denial of service or the execution of arbitrary code. (CVE-2013-1659)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 70885
    published 2013-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70885
    title ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-165.NASL
    description Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library. #553206 CVE-2015-1472 CVE-2015-1473 The scanf family of functions do not properly limit stack allocation, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code. CVE-2012-3405 The printf family of functions do not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service. CVE-2012-3406 The printf family of functions do not properly limit stack allocation, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string. CVE-2012-3480 Multiple integer overflows in the strtod, strtof, strtold, strtod_l, and other related functions allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. CVE-2012-4412 Integer overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. CVE-2012-4424 Stack-based buffer overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. CVE-2013-0242 Buffer overflow in the extend_buffers function in the regular expression matcher allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. CVE-2013-1914 CVE-2013-4458 Stack-based buffer overflow in the getaddrinfo function allows remote attackers to cause a denial of service (crash) via a hostname or IP address that triggers a large number of domain conversion results. CVE-2013-4237 readdir_r allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a malicious NTFS image or CIFS service. CVE-2013-4332 Multiple integer overflows in malloc/malloc.c allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the pvalloc, valloc, posix_memalign, memalign, or aligned_alloc functions. CVE-2013-4357 The getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname, getservbyname_r, getservbyport, getservbyport_r, and glob functions do not properly limit stack allocation, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code. CVE-2013-4788 When the GNU C library is statically linked into an executable, the PTR_MANGLE implementation does not initialize the random value for the pointer guard, so that various hardening mechanisms are not effective. CVE-2013-7423 The send_dg function in resolv/res_send.c does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. CVE-2013-7424 The getaddrinfo function may attempt to free an invalid pointer when handling IDNs (Internationalised Domain Names), which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. CVE-2014-4043 The posix_spawn_file_actions_addopen function does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. For the oldstable distribution (squeeze), these problems have been fixed in version 2.11.3-4+deb6u5. For the stable distribution (wheezy), these problems were fixed in version 2.13-38+deb7u8 or earlier. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 82149
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82149
    title Debian DLA-165-1 : eglibc security update
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201503-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-201503-04 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to execute arbitrary code or cause a Denial of Service condition,. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-05-20
    plugin id 81689
    published 2015-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81689
    title GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST)
redhat via4
advisories
  • bugzilla
    id 847715
    title CVE-2012-3480 glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment glibc is earlier than 0:2.5-81.el5_8.7
          oval oval:com.redhat.rhsa:tst:20121207002
        • comment glibc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787003
      • AND
        • comment glibc-common is earlier than 0:2.5-81.el5_8.7
          oval oval:com.redhat.rhsa:tst:20121207008
        • comment glibc-common is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787009
      • AND
        • comment glibc-devel is earlier than 0:2.5-81.el5_8.7
          oval oval:com.redhat.rhsa:tst:20121207006
        • comment glibc-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787007
      • AND
        • comment glibc-headers is earlier than 0:2.5-81.el5_8.7
          oval oval:com.redhat.rhsa:tst:20121207004
        • comment glibc-headers is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787013
      • AND
        • comment glibc-utils is earlier than 0:2.5-81.el5_8.7
          oval oval:com.redhat.rhsa:tst:20121207010
        • comment glibc-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787005
      • AND
        • comment nscd is earlier than 0:2.5-81.el5_8.7
          oval oval:com.redhat.rhsa:tst:20121207012
        • comment nscd is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787011
    rhsa
    id RHSA-2012:1207
    released 2012-08-27
    severity Moderate
    title RHSA-2012:1207: glibc security and bug fix update (Moderate)
  • bugzilla
    id 847715
    title CVE-2012-3480 glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment glibc is earlier than 0:2.12-1.80.el6_3.5
          oval oval:com.redhat.rhsa:tst:20121208005
        • comment glibc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872006
      • AND
        • comment glibc-common is earlier than 0:2.12-1.80.el6_3.5
          oval oval:com.redhat.rhsa:tst:20121208011
        • comment glibc-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872012
      • AND
        • comment glibc-devel is earlier than 0:2.12-1.80.el6_3.5
          oval oval:com.redhat.rhsa:tst:20121208017
        • comment glibc-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872018
      • AND
        • comment glibc-headers is earlier than 0:2.12-1.80.el6_3.5
          oval oval:com.redhat.rhsa:tst:20121208009
        • comment glibc-headers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872010
      • AND
        • comment glibc-static is earlier than 0:2.12-1.80.el6_3.5
          oval oval:com.redhat.rhsa:tst:20121208013
        • comment glibc-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872008
      • AND
        • comment glibc-utils is earlier than 0:2.12-1.80.el6_3.5
          oval oval:com.redhat.rhsa:tst:20121208015
        • comment glibc-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872014
      • AND
        • comment nscd is earlier than 0:2.12-1.80.el6_3.5
          oval oval:com.redhat.rhsa:tst:20121208007
        • comment nscd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872016
    rhsa
    id RHSA-2012:1208
    released 2012-08-27
    severity Moderate
    title RHSA-2012:1208: glibc security update (Moderate)
  • rhsa
    id RHSA-2012:1262
  • rhsa
    id RHSA-2012:1325
rpms
  • glibc-0:2.5-81.el5_8.7
  • glibc-common-0:2.5-81.el5_8.7
  • glibc-devel-0:2.5-81.el5_8.7
  • glibc-headers-0:2.5-81.el5_8.7
  • glibc-utils-0:2.5-81.el5_8.7
  • nscd-0:2.5-81.el5_8.7
  • glibc-0:2.12-1.80.el6_3.5
  • glibc-common-0:2.12-1.80.el6_3.5
  • glibc-devel-0:2.12-1.80.el6_3.5
  • glibc-headers-0:2.12-1.80.el6_3.5
  • glibc-static-0:2.12-1.80.el6_3.5
  • glibc-utils-0:2.12-1.80.el6_3.5
  • nscd-0:2.12-1.80.el6_3.5
refmap via4
bid 54982
fedora FEDORA-2012-11927
gentoo GLSA-201503-04
misc http://sourceware.org/bugzilla/show_bug.cgi?id=14459
mlist
  • [libc-alpha] 20120812 Fix strtod integer/buffer overflow (bug 14459)
  • [oss-security] 20120813 CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines
  • [oss-security] 20120813 Re: CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines
osvdb 84710
sectrack 1027374
secunia
  • 50201
  • 50422
ubuntu USN-1589-1
vmware via4
description The ESX glibc package is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues.
id VMSA-2012-0018
last_updated 2012-12-13T00:00:00
published 2012-12-13T00:00:00
title Update to ESX glibc package
Last major update 20-02-2014 - 23:52
Published 25-08-2012 - 06:29
Last modified 30-06-2017 - 21:29
Back to Top