Vulnerabilities > CVE-2012-4412 - Numeric Errors vulnerability in GNU Glibc
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | GNU glibc 'strcoll()' Routine Integer Overflow Vulnerability. CVE-2012-4412. Dos exploit for linux platform |
| id | EDB-ID:37783 |
| last seen | 2016-02-04 |
| modified | 2012-09-07 |
| published | 2012-09-07 |
| reporter | Jan iankko Lieskovsky |
| source | https://www.exploit-db.com/download/37783/ |
| title | GNU glibc 'strcoll' Routine Integer Overflow Vulnerability |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201503-04.NASL description The remote host is affected by the vulnerability described in GLSA-201503-04 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to execute arbitrary code or cause a Denial of Service condition,. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 81689 published 2015-03-09 reporter This script is Copyright (C) 2015-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81689 title GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201503-04. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(81689); script_version("$Revision: 1.22 $"); script_cvs_date("$Date: 2016/05/20 14:03:00 $"); script_cve_id("CVE-2012-3404", "CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480", "CVE-2012-4412", "CVE-2012-4424", "CVE-2012-6656", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-2207", "CVE-2013-4237", "CVE-2013-4332", "CVE-2013-4458", "CVE-2013-4788", "CVE-2014-4043", "CVE-2015-0235"); script_bugtraq_id(54374, 54982, 55462, 55543, 57638, 58839, 61183, 61729, 61960, 62324, 63299, 68006, 69470, 72325); script_xref(name:"GLSA", value:"201503-04"); script_name(english:"GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST)"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201503-04 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to execute arbitrary code or cause a Denial of Service condition,. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201503-04" ); script_set_attribute( attribute:"solution", value: "All glibc users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-libs/glibc-2.19-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:glibc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/08"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"sys-libs/glibc", unaffected:make_list("ge 2.19-r1"), vulnerable:make_list("lt 2.19-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GNU C Library"); }NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2014-296-01.NASL description New glibc packages are available for Slackware 14.1 and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 78656 published 2014-10-24 reporter This script is Copyright (C) 2014-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78656 title Slackware 14.1 / current : glibc (SSA:2014-296-01) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2014-296-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(78656); script_version("$Revision: 1.3 $"); script_cvs_date("$Date: 2015/01/28 19:00:57 $"); script_cve_id("CVE-2012-4412", "CVE-2012-4424", "CVE-2013-4237", "CVE-2013-4458", "CVE-2013-4788", "CVE-2014-0475", "CVE-2014-4043", "CVE-2014-5119", "CVE-2014-6040"); script_xref(name:"SSA", value:"2014-296-01"); script_name(english:"Slackware 14.1 / current : glibc (SSA:2014-296-01)"); script_summary(english:"Checks for updated packages in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New glibc packages are available for Slackware 14.1 and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.647059 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5118ccd5" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-i18n"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-solibs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-zoneinfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"14.1", pkgname:"glibc", pkgver:"2.17", pkgarch:"i486", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", pkgname:"glibc-i18n", pkgver:"2.17", pkgarch:"i486", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", pkgname:"glibc-profile", pkgver:"2.17", pkgarch:"i486", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", pkgname:"glibc-solibs", pkgver:"2.17", pkgarch:"i486", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", pkgname:"glibc-zoneinfo", pkgver:"2014i", pkgarch:"noarch", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc", pkgver:"2.17", pkgarch:"x86_64", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc-i18n", pkgver:"2.17", pkgarch:"x86_64", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc-profile", pkgver:"2.17", pkgarch:"x86_64", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc-solibs", pkgver:"2.17", pkgarch:"x86_64", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc-zoneinfo", pkgver:"2014i", pkgarch:"noarch", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"current", pkgname:"glibc", pkgver:"2.20", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"glibc-i18n", pkgver:"2.20", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"glibc-profile", pkgver:"2.20", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"glibc-solibs", pkgver:"2.20", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"glibc-zoneinfo", pkgver:"2014i", pkgarch:"noarch", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc", pkgver:"2.20", pkgarch:"x86_64", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-i18n", pkgver:"2.20", pkgarch:"x86_64", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-profile", pkgver:"2.20", pkgarch:"x86_64", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-solibs", pkgver:"2.20", pkgarch:"x86_64", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-zoneinfo", pkgver:"2014i", pkgarch:"noarch", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2013-15316.NASL description systemd is now required during build so that installing or updating nscd does not result in any warnings. rtkaio bits are now tested correctly. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-08-28 plugin id 69488 published 2013-08-28 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69488 title Fedora 19 : glibc-2.17-14.fc19 (2013-15316) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-350.NASL description The strxfrm() function is vulnerable to integer overflows when computing memory allocation sizes (similar to CVE-2012-4412). Furthermore since it fallbacks to use alloca() when malloc() fails, it is vulnerable to stack-based buffer overflows (similar to CVE-2012-4424). Those issues have been fixed in Debian 6 Squeeze with eglibc 2.11.3-4+deb6u8. We recommend that you upgrade libc6 and other packages provided by eglibc. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-11-30 plugin id 87071 published 2015-11-30 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87071 title Debian DLA-350-1 : eglibc security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1119-1.NASL description This glibc update fixes a critical privilege escalation problem and the following security and non security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#772242: Replace scope handing with master state - bnc#779320: Fix buffer overflow in strcoll (CVE-2012-4412) - bnc#818630: Fall back to localhost if no nameserver defined - bnc#828235: Fix missing character in IBM-943 charset - bnc#828637: Fix use of alloca in gaih_inet - bnc#834594: Fix readdir_r with long file names (CVE-2013-4237) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83634 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83634 title SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1119-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-283.NASL description Updated glibc packages fixes the following security issues : Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow (CVE-2012-4412). Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function (CVE-2012-4424). pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system (CVE-2013-2207). NOTE! This is fixed by removing pt_chown wich may break chroots if their devpts was not mounted correctly (make sure to mount the devpts correctly with gid=5). sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image (CVE-2013-4237). Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions (CVE-2013-4332). A stack (frame) overflow flaw, which led to a denial of service (application crash), was found in the way glibc last seen 2020-06-01 modified 2020-06-02 plugin id 71092 published 2013-11-26 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71092 title Mandriva Linux Security Advisory : glibc (MDVSA-2013:283) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1128-1.NASL description This glibc update fixes a critical privilege escalation problem and the following security and non-security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) - bnc#860501: Use O_LARGEFILE for utmp file. - bnc#842291: Fix typo in glibc-2.5-dlopen-lookup-race.diff. - bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332) - bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237) - bnc#824639: Drop lock before calling malloc_printerr. - bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242) - bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412) - bnc#894556 / bnc#894553: Fix crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656, bnc#894553, bnc#894556, BZ#17325, BZ#14134) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83638 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83638 title SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1128-1) NASL family SuSE Local Security Checks NASL id SUSE_11_GLIBC-130917.NASL description This update for glibc contains the following fixes : - Fix integer overflows in malloc. (CVE-2013-4332, bnc#839870) - Fix buffer overflow in glob. (bnc#691365) - Fix buffer overflow in strcoll. (CVE-2012-4412, bnc#779320) - Update mount flags in <sys/mount.h>. (bnc#791928) - Fix buffer overrun in regexp matcher. (CVE-2013-0242, bnc#801246) - Fix memory leaks in dlopen. (bnc#811979) - Fix stack overflow in getaddrinfo with many results. (CVE-2013-1914, bnc#813121) - Don last seen 2020-06-05 modified 2013-12-10 plugin id 71308 published 2013-12-10 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71308 title SuSE 11.3 Security Update : glibc (SAT Patch Number 8337) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1552.NASL description According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system.(CVE-2015-5277) - A directory traveral flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application.(CVE-2014-0475) - It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure.(CVE-2015-8776) - The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.(CVE-2017-15670) - The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.(CVE-2013-4788) - An out-of-bounds read flaw was found in the way glibc last seen 2020-06-01 modified 2020-06-02 plugin id 125005 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125005 title EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1552) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-723.NASL description This update fixes the following issues in glibc : - CVE-2012-4412: glibc: buffer overflow in strcoll - CVE-2013-0242: glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters - CVE-2013-1914: glibc: stack overflow in getaddrinfo() sorting - CVE-2013-2207: glibc: pt_chown tricked into granting access to another users pseudo-terminal - CVE-2013-4237: glibc: Buffer overwrite - NAME_MAX not enforced by readdir_r() - bnc#805054: man 1 locale mentions non-existent file - bnc#813306: glibc 2.17 fprintf(stderr, ...) triggers write of undefined values if stderr is closed - bnc#819383: pldd a process multiple times can freeze the process - bnc#819524: nscd segfault - bnc#824046: glibc: blacklist code in bindresvport doesn last seen 2020-06-05 modified 2014-06-13 plugin id 75154 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75154 title openSUSE Security Update : glibc (openSUSE-SU-2013:1510-1) NASL family Fedora Local Security Checks NASL id FEDORA_2013-15053.NASL description glibc security update : CVE-2012-4412 glibc: strcoll() integer overflow leading to buffer overflow CVE-2012-4424 glibc: alloca() stack overflow in the strcoll() interface CVE-2013-1914 glibc: Stack (frame) overflow in getaddrinfo() when processing entry mapping to long list of address structures CVE-2013-2207 glibc (pt_chown): Improper pseudotty ownership and permissions changes when granting access to the slave pseudoterminal CVE-2013-4237 glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters Fix for CVE-2013-2207 may break chroots if their devpts was not mounted correctly. Fix is to mount the devpts correctly with gid=5. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-08-22 plugin id 69436 published 2013-08-22 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69436 title Fedora 19 : glibc-2.17-13.fc19 (2013-15053) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-165.NASL description Several vulnerabilities have been fixed in eglibc, Debian last seen 2020-03-17 modified 2015-03-26 plugin id 82149 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82149 title Debian DLA-165-1 : eglibc security update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1991-1.NASL description It was discovered that the GNU C Library incorrectly handled the strcoll() function. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2012-4412, CVE-2012-4424) It was discovered that the GNU C Library incorrectly handled multibyte characters in the regular expression matcher. An attacker could use this issue to cause a denial of service. (CVE-2013-0242) It was discovered that the GNU C Library incorrectly handled large numbers of domain conversion results in the getaddrinfo() function. An attacker could use this issue to cause a denial of service. (CVE-2013-1914) It was discovered that the GNU C Library readdir_r() function incorrectly handled crafted NTFS or CIFS images. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2013-4237) It was discovered that the GNU C Library incorrectly handled memory allocation. An attacker could use this issue to cause a denial of service. (CVE-2013-4332). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 70538 published 2013-10-22 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70538 title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : eglibc vulnerabilities (USN-1991-1) NASL family SuSE Local Security Checks NASL id SUSE_11_GLIBC-130913.NASL description This update for glibc contains the following fixes : - Fix integer overflows in malloc. (CVE-2013-4332, bnc#839870) - Fix buffer overflow in glob. (bnc#691365) - Fix buffer overflow in strcoll. (CVE-2012-4412, bnc#779320) - Update mount flags in <sys/mount.h>. (bnc#791928) - Fix buffer overrun in regexp matcher. (CVE-2013-0242, bnc#801246) - Fix memory leaks in dlopen. (bnc#811979) - Fix stack overflow in getaddrinfo with many results. (CVE-2013-1914, bnc#813121) - Fix check for XEN build in glibc_post_upgrade that causes missing init re-exec. (bnc#818628) - Don last seen 2020-06-05 modified 2013-12-10 plugin id 71307 published 2013-12-10 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71307 title SuSE 11.2 Security Update : glibc (SAT Patch Number 8335) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0012_GLIBC.NASL description The remote NewStart CGSL host, running version MAIN 5.04, has glibc packages installed that are affected by multiple vulnerabilities: - elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. (CVE-2010-3847) - ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. (CVE-2010-3856) - Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. (CVE-2012-4412) - Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. (CVE-2012-4424) - A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially- crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) - It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker- controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914, CVE-2013-4458) - pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. (CVE-2013-2207) - An out-of-bounds write flaw was found in the way the glibc last seen 2020-06-01 modified 2020-06-02 plugin id 127161 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127161 title NewStart CGSL MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0012) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1122-1.NASL description This glibc update fixes a critical privilege escalation vulnerability and the following security and non-security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#886416: Avoid redundant shift character in iconv output at block boundary. - bnc#883022: Initialize errcode in sysdeps/unix/opendir.c. - bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) - bnc#864081: Take lock in pthread_cond_wait cleanup handler only when needed. - bnc#843735: Don last seen 2020-06-05 modified 2015-05-20 plugin id 83637 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83637 title SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1122-1)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/153278/SA-20190612-0.txt |
| id | PACKETSTORM:153278 |
| last seen | 2019-06-17 |
| published | 2019-06-13 |
| reporter | T. Weber |
| source | https://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html |
| title | WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials |
References
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://seclists.org/fulldisclosure/2019/Jun/18
- http://secunia.com/advisories/55113
- http://sourceware.org/bugzilla/show_bug.cgi?id=14547
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:284
- http://www.openwall.com/lists/oss-security/2012/09/07/9
- http://www.ubuntu.com/usn/USN-1991-1
- https://bugzilla.redhat.com/show_bug.cgi?id=855385
- https://seclists.org/bugtraq/2019/Jun/14
- https://security.gentoo.org/glsa/201503-04