Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6089

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-6089
Last Modified 04 Jan 2013 12:00:00
Published 04 Jan 2013 06:52:15
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-6089

Summary

Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.

Vulnerable Systems

Application

  • Swi-prolog 5.10.0

  • Swi-prolog 5.10.1

  • Swi-prolog 5.10.2

  • Swi-prolog 5.10.3

  • Swi-prolog 5.10.4

  • Swi-prolog 5.10.5

  • Swi-prolog 5.6.50

  • Swi-prolog 5.6.51

  • Swi-prolog 5.6.52

  • Swi-prolog 5.6.53

  • Swi-prolog 5.6.54

  • Swi-prolog 5.6.55

  • Swi-prolog 5.6.56

  • Swi-prolog 5.6.57

  • Swi-prolog 5.6.58

  • Swi-prolog 5.6.59

  • Swi-prolog 5.6.61

  • Swi-prolog 5.6.62

  • Swi-prolog 5.6.63

  • Swi-prolog 5.6.64

  • Swi-prolog 5.8.0

  • Swi-prolog 5.8.1

  • Swi-prolog 5.8.2

  • Swi-prolog 5.8.3

  • Swi-prolog 6.0.0

  • Swi-prolog 6.0.1

  • Swi-prolog 6.0.2

  • Swi-prolog 6.2.0

  • Swi-prolog 6.2.1

  • Swi-prolog 6.2.2

  • Swi-prolog 6.2.3

  • Swi-prolog 6.2.4

  • Swi-prolog 6.3.0

  • Swi-prolog 6.3.1

  • Swi-prolog 6.3.2

  • Swi-prolog 6.3.3

  • Swi-prolog 6.3.4

  • Swi-prolog 6.3.5

  • Swi-prolog 6.3.6


References

CONFIRM - http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c

MLIST - [swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=891577

MLIST - [oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X < 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths


Last Updated: 27 May 2016 11:01:34