Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1659

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1659
Last Modified 18 Jan 2012 10:57:00
Published 08 Apr 2011 11:17:28
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1659

Summary

Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.

Vulnerable Systems

Application

  • Gnu Glibc 1.00

  • Gnu Glibc 1.01

  • Gnu Glibc 1.02

  • Gnu Glibc 1.03

  • Gnu Glibc 1.04

  • Gnu Glibc 1.05

  • Gnu Glibc 1.06

  • Gnu Glibc 1.07

  • Gnu Glibc 1.08

  • Gnu Glibc 1.09

  • Gnu Glibc 1.09.1

  • Gnu Glibc 2.0

  • Gnu Glibc 2.0.1

  • Gnu Glibc 2.0.2

  • Gnu Glibc 2.0.3

  • Gnu Glibc 2.0.4

  • Gnu Glibc 2.0.5

  • Gnu Glibc 2.0.6

  • Gnu Glibc 2.1

  • Gnu Glibc 2.1.1

  • Gnu Glibc 2.1.1.6

  • Gnu Glibc 2.1.2

  • Gnu Glibc 2.1.3

  • Gnu Glibc 2.1.3.10

  • Gnu Glibc 2.1.9

  • Gnu Glibc 2.10

  • Gnu Glibc 2.10.1

  • Gnu Glibc 2.10.2

  • Gnu Glibc 2.11

  • Gnu Glibc 2.11.1

  • Gnu Glibc 2.11.2

  • Gnu Glibc 2.11.3

  • Gnu Glibc 2.12.0

  • Gnu Glibc 2.12.1

  • Gnu Glibc 2.12.2

  • Gnu Glibc 2.13

  • Gnu Glibc 2.2

  • Gnu Glibc 2.2.1

  • Gnu Glibc 2.2.2

  • Gnu Glibc 2.2.3

  • Gnu Glibc 2.2.4

  • Gnu Glibc 2.2.5

  • Gnu Glibc 2.3

  • Gnu Glibc 2.3.1

  • Gnu Glibc 2.3.10

  • Gnu Glibc 2.3.2

  • Gnu Glibc 2.3.3

  • Gnu Glibc 2.3.4

  • Gnu Glibc 2.3.5

  • Gnu Glibc 2.3.6

  • Gnu Glibc 2.4

  • Gnu Glibc 2.5

  • Gnu Glibc 2.5.1

  • Gnu Glibc 2.6

  • Gnu Glibc 2.6.1

  • Gnu Glibc 2.7

  • Gnu Glibc 2.8

  • Gnu Glibc 2.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=681054

CONFIRM - http://sourceware.org/git/?p=glibc.git;a=commit;h=8126d90480fa3e0c5c5cd0d02cb1c93174b45485

CONFIRM - http://sourceware.org/bugzilla/show_bug.cgi?id=12583

XF - gnuclibrary-fnmatch-dos(66819)

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2011-0012.html

SECTRACK - 1025450

BUGTRAQ - 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console

SECUNIA - 46397

SECUNIA - 44353

MISC - http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html

MISC - http://code.google.com/p/chromium/issues/detail?id=48733

MANDRIVA - MDVSA-2011:179

MANDRIVA - MDVSA-2011:178

Related Patches

Red Hat 2012:0125-01 RHSA Moderate: glibc security and bug fix update for RHEL 4 x86

Red Hat 2012:0125-01 RHSA Moderate: glibc security and bug fix update for RHEL 4 x86_64


Last Updated: 27 May 2016 10:56:26