Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5667

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2012-5667
Last Modified 07 Jan 2013 12:00:00
Published 03 Jan 2013 06:54:25
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5667

Summary

Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.

Vulnerable Systems

Application

  • Gnu Grep 2.10

  • Gnu Grep 2.11

  • Gnu Grep 2.2

  • Gnu Grep 2.3

  • Gnu Grep 2.4

  • Gnu Grep 2.4.1

  • Gnu Grep 2.4.2

  • Gnu Grep 2.5

  • Gnu Grep 2.5.1

  • Gnu Grep 2.5.3

  • Gnu Grep 2.5.4

  • Gnu Grep 2.6

  • Gnu Grep 2.6.1

  • Gnu Grep 2.6.2

  • Gnu Grep 2.6.3

  • Gnu Grep 2.7

  • Gnu Grep 2.8

  • Gnu Grep 2.9


References

CONFIRM - http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189

CONFIRM - http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=889935

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473

MLIST - [oss-security] 20121221 Re: CVE Request: grep

MLIST - [bug-grep] 20121217 Re: Exploit in grep..

CONFIRM - http://git.sv.gnu.org/gitweb/?p=grep.git;a=shortlog;h=v2.11

Related Patches

SUN149067-01 Solaris 10 SPARC: SunFreeware GNU grep (Rev 2)

SUN149068-01 Solaris 10 x86: SunFreeware GNU grep (Rev 2)

SUN149069-01 Solaris 9 SPARC: ggrep patch


Last Updated: 27 May 2016 11:01:31