Computer Security
[EN] securityvulns.ru no-pyccku


glibc multiple security vulnerabilities
Published:10.03.2012
Source:
SecurityVulns ID:12241
Type:library
Threat Level:
6/10
Description:memcpy() integer overflow, RPC DoS, vfprintf() integer overflow.
Affected:GNU : glibc 2.13
CVE:CVE-2012-0864 (Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.)
 CVE-2011-4609 (The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.)
 CVE-2011-2702 (Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.)
Original documentdocumentUBUNTU, [USN-1396-1] GNU C Library vulnerabilities (10.03.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod