Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3480

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2012-3480
Last Modified 20 Feb 2014 11:52:42
Published 25 Aug 2012 06:29:51
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-3480

Summary

Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.

Vulnerable Systems

Application

  • Gnu Glibc 2.16


References

BID - 54982

MLIST - [oss-security] 20120813 Re: CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines

MLIST - [oss-security] 20120813 CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines

MLIST - [libc-alpha] 20120812 Fix strtod integer/buffer overflow (bug 14459)

MISC - http://sourceware.org/bugzilla/show_bug.cgi?id=14459

SECUNIA - 50201

OSVDB - 84710

FEDORA - FEDORA-2012-11927

REDHAT - RHSA-2012:1208

REDHAT - RHSA-2012:1207

REDHAT - RHSA-2012:1325

REDHAT - RHSA-2012:1262

SECUNIA - 50422

SECTRACK - 1027374

UBUNTU - USN-1589-1

Related Patches

Red Hat 2012:1207-01 RHSA Moderate: glibc security and bug fix update for RHEL 5 x86

Novell SUSE 2012:7110 glibc security update for SLE 11 SP2 i586

Novell SUSE 2012:7110 glibc security update for SLE 11 SP2 x86_64

Novell SUSE 2012:8387 glibc security update for SLE 10 SP4 i586

Novell SUSE 2012:8387 glibc security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 11:00:19