ID CVE-2013-7424
Summary The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.
References
Vulnerable Configurations
  • GNU glibc 2.14.1
    cpe:2.3:a:gnu:glibc:2.14.1
CVSS
Base: 5.1 (as of 27-08-2015 - 08:20)
Impact:
Exploitability:
CWE CWE-17
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1627.NASL
    description Updated glibc packages that fix one security issue are now available for Red Hat Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support. (CVE-2013-7424) All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85459
    published 2015-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85459
    title CentOS 5 : glibc (CESA-2015:1627)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150817_GLIBC_ON_SL5_X.NASL
    description An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support. (CVE-2013-7424)
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 85498
    published 2015-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85498
    title Scientific Linux Security Update : glibc on SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1627.NASL
    description Updated glibc packages that fix one security issue are now available for Red Hat Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support. (CVE-2013-7424) All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85442
    published 2015-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85442
    title RHEL 5 : glibc (RHSA-2015:1627)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1627.NASL
    description From Red Hat Security Advisory 2015:1627 : Updated glibc packages that fix one security issue are now available for Red Hat Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support. (CVE-2013-7424) All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 85487
    published 2015-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85487
    title Oracle Linux 5 : glibc (ELSA-2015-1627)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL16472.NASL
    description The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. (CVE-2013-7424)
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 82905
    published 2015-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82905
    title F5 Networks BIG-IP : glibc vulnerability (K16472)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-165.NASL
    description Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library. #553206 CVE-2015-1472 CVE-2015-1473 The scanf family of functions do not properly limit stack allocation, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code. CVE-2012-3405 The printf family of functions do not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service. CVE-2012-3406 The printf family of functions do not properly limit stack allocation, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string. CVE-2012-3480 Multiple integer overflows in the strtod, strtof, strtold, strtod_l, and other related functions allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. CVE-2012-4412 Integer overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. CVE-2012-4424 Stack-based buffer overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. CVE-2013-0242 Buffer overflow in the extend_buffers function in the regular expression matcher allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. CVE-2013-1914 CVE-2013-4458 Stack-based buffer overflow in the getaddrinfo function allows remote attackers to cause a denial of service (crash) via a hostname or IP address that triggers a large number of domain conversion results. CVE-2013-4237 readdir_r allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a malicious NTFS image or CIFS service. CVE-2013-4332 Multiple integer overflows in malloc/malloc.c allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the pvalloc, valloc, posix_memalign, memalign, or aligned_alloc functions. CVE-2013-4357 The getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname, getservbyname_r, getservbyport, getservbyport_r, and glob functions do not properly limit stack allocation, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code. CVE-2013-4788 When the GNU C library is statically linked into an executable, the PTR_MANGLE implementation does not initialize the random value for the pointer guard, so that various hardening mechanisms are not effective. CVE-2013-7423 The send_dg function in resolv/res_send.c does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. CVE-2013-7424 The getaddrinfo function may attempt to free an invalid pointer when handling IDNs (Internationalised Domain Names), which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. CVE-2014-4043 The posix_spawn_file_actions_addopen function does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. For the oldstable distribution (squeeze), these problems have been fixed in version 2.11.3-4+deb6u5. For the stable distribution (wheezy), these problems were fixed in version 2.13-38+deb7u8 or earlier. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 82149
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82149
    title Debian DLA-165-1 : eglibc security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3169.NASL
    description Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library : - CVE-2012-3406 The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not 'properly restrict the use of' the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. - CVE-2013-7424 An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support. - CVE-2014-4043 The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. - CVE-2014-9402 The getnetbyname function in glibc 2.21 or earlier will enter an infinite loop if the DNS backend is activated in the system Name Service Switch configuration, and the DNS resolver receives a positive answer while processing the network name. - CVE-2015-1472 / CVE-2015-1473 Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer. The incorrect use of '__libc_use_alloca (newsize)' caused a different (and weaker) policy to be enforced which could allow a denial of service attack.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 81448
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81448
    title Debian DSA-3169-1 : eglibc - security update
redhat via4
advisories
  • bugzilla
    id 1099025
    title ftime() possibly broken on ppc
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment glibc is earlier than 0:2.12-1.149.el6
          oval oval:com.redhat.rhsa:tst:20141391005
        • comment glibc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872006
      • AND
        • comment glibc-common is earlier than 0:2.12-1.149.el6
          oval oval:com.redhat.rhsa:tst:20141391017
        • comment glibc-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872012
      • AND
        • comment glibc-devel is earlier than 0:2.12-1.149.el6
          oval oval:com.redhat.rhsa:tst:20141391007
        • comment glibc-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872018
      • AND
        • comment glibc-headers is earlier than 0:2.12-1.149.el6
          oval oval:com.redhat.rhsa:tst:20141391015
        • comment glibc-headers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872010
      • AND
        • comment glibc-static is earlier than 0:2.12-1.149.el6
          oval oval:com.redhat.rhsa:tst:20141391011
        • comment glibc-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872008
      • AND
        • comment glibc-utils is earlier than 0:2.12-1.149.el6
          oval oval:com.redhat.rhsa:tst:20141391009
        • comment glibc-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872014
      • AND
        • comment nscd is earlier than 0:2.12-1.149.el6
          oval oval:com.redhat.rhsa:tst:20141391013
        • comment nscd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872016
    rhsa
    id RHSA-2014:1391
    released 2014-10-14
    severity Moderate
    title RHSA-2014:1391: glibc security, bug fix, and enhancement update (Moderate)
  • bugzilla
    id 1186614
    title CVE-2013-7424 glibc: Invalid-free when using getaddrinfo()
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment glibc is earlier than 0:2.5-123.el5_11.3
          oval oval:com.redhat.rhsa:tst:20151627008
        • comment glibc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787003
      • AND
        • comment glibc-common is earlier than 0:2.5-123.el5_11.3
          oval oval:com.redhat.rhsa:tst:20151627002
        • comment glibc-common is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787009
      • AND
        • comment glibc-devel is earlier than 0:2.5-123.el5_11.3
          oval oval:com.redhat.rhsa:tst:20151627006
        • comment glibc-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787007
      • AND
        • comment glibc-headers is earlier than 0:2.5-123.el5_11.3
          oval oval:com.redhat.rhsa:tst:20151627012
        • comment glibc-headers is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787013
      • AND
        • comment glibc-utils is earlier than 0:2.5-123.el5_11.3
          oval oval:com.redhat.rhsa:tst:20151627004
        • comment glibc-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787005
      • AND
        • comment nscd is earlier than 0:2.5-123.el5_11.3
          oval oval:com.redhat.rhsa:tst:20151627010
        • comment nscd is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787011
    rhsa
    id RHSA-2015:1627
    released 2015-08-17
    severity Moderate
    title RHSA-2015:1627: glibc security update (Moderate)
rpms
  • glibc-0:2.12-1.149.el6
  • glibc-common-0:2.12-1.149.el6
  • glibc-devel-0:2.12-1.149.el6
  • glibc-headers-0:2.12-1.149.el6
  • glibc-static-0:2.12-1.149.el6
  • glibc-utils-0:2.12-1.149.el6
  • nscd-0:2.12-1.149.el6
  • glibc-0:2.5-123.el5_11.3
  • glibc-common-0:2.5-123.el5_11.3
  • glibc-devel-0:2.5-123.el5_11.3
  • glibc-headers-0:2.5-123.el5_11.3
  • glibc-utils-0:2.5-123.el5_11.3
  • nscd-0:2.5-123.el5_11.3
refmap via4
bid 72710
confirm
mlist [oss-security] 20150129 Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
Last major update 28-11-2016 - 14:10
Published 26-08-2015 - 15:59
Back to Top