Multiple vulnerabilities in GNU Glibc
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2011-1089 CVE-2011-1658 CVE-2011-1659 CVE-2010-4051 CVE-2010-4052 |
| CWE-ID | CWE-16 CWE-264 CWE-20 CWE-399 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. |
| Vulnerable software |
Glibc Universal components / Libraries / Libraries used by multiple products |
| Vendor | GNU |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Configuration
EUVDB-ID: #VU45136
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-1089
CWE-ID:
CWE-16 - Configuration
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.
MitigationInstall update from vendor's website.
Vulnerable software versionsGlibc: 1.00 - 2.12.2
CPE2.3- cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*
https://openwall.com/lists/oss-security/2011/03/04/10
https://openwall.com/lists/oss-security/2011/03/04/11
https://openwall.com/lists/oss-security/2011/03/04/12
https://openwall.com/lists/oss-security/2011/03/04/9
https://openwall.com/lists/oss-security/2011/03/05/3
https://openwall.com/lists/oss-security/2011/03/05/7
https://openwall.com/lists/oss-security/2011/03/07/9
https://openwall.com/lists/oss-security/2011/03/14/16
https://openwall.com/lists/oss-security/2011/03/14/5
https://openwall.com/lists/oss-security/2011/03/14/7
https://openwall.com/lists/oss-security/2011/03/15/6
https://openwall.com/lists/oss-security/2011/03/22/4
https://openwall.com/lists/oss-security/2011/03/22/6
https://openwall.com/lists/oss-security/2011/03/31/3
https://openwall.com/lists/oss-security/2011/03/31/4
https://openwall.com/lists/oss-security/2011/04/01/2
https://sourceware.org/bugzilla/show_bug.cgi?id=12625
https://www.mandriva.com/security/advisories?name=MDVSA-2011:178
https://www.mandriva.com/security/advisories?name=MDVSA-2011:179
https://www.redhat.com/support/errata/RHSA-2011-1526.html
https://www.securityfocus.com/bid/46740
https://bugzilla.redhat.com/show_bug.cgi?id=688980
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU45142
Risk: Medium
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-1658
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program.
MitigationInstall update from vendor's website.
Vulnerable software versionsGlibc: 1.00 - 2.12.2
CPE2.3- cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*
https://secunia.com/advisories/46397
https://sourceware.org/bugzilla/show_bug.cgi?id=12393
https://www.securityfocus.com/archive/1/520102/100/0/threaded
https://www.vmware.com/security/advisories/VMSA-2011-0012.html
https://bugzilla.redhat.com/show_bug.cgi?id=667974
https://exchange.xforce.ibmcloud.com/vulnerabilities/66820
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU45143
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-1659
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.
MitigationInstall update from vendor's website.
Vulnerable software versionsGlibc: 1.00 - 2.12.2
CPE2.3- cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=48733
https://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html
https://secunia.com/advisories/44353
https://secunia.com/advisories/46397
https://sourceware.org/bugzilla/show_bug.cgi?id=12583
https://sourceware.org/git/?p=glibc.git;a=commit;h=8126d90480fa3e0c5c5cd0d02cb1c93174b45485
https://www.mandriva.com/security/advisories?name=MDVSA-2011:178
https://www.mandriva.com/security/advisories?name=MDVSA-2011:179
https://www.securityfocus.com/archive/1/520102/100/0/threaded
https://www.securitytracker.com/id?1025450
https://www.vmware.com/security/advisories/VMSA-2011-0012.html
https://bugzilla.redhat.com/show_bug.cgi?id=681054
https://exchange.xforce.ibmcloud.com/vulnerabilities/66819
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU45457
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2010-4051
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
MitigationInstall update from vendor's website.
Vulnerable software versionsGlibc: 1.00 - 2.12.2
CPE2.3- cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*
https://cxib.net/stuff/proftpd.gnu.c
https://seclists.org/fulldisclosure/2011/Jan/78
https://secunia.com/advisories/42547
https://securityreason.com/achievement_securityalert/93
https://securityreason.com/securityalert/8003
https://securitytracker.com/id?1024832
https://www.exploit-db.com/exploits/15935
https://www.kb.cert.org/vuls/id/912279
https://www.securityfocus.com/archive/1/515589/100/0/threaded
https://www.securityfocus.com/bid/45233
https://bugzilla.redhat.com/show_bug.cgi?id=645859
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Resource management error
EUVDB-ID: #VU45458
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2010-4052
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
MitigationInstall update from vendor's website.
Vulnerable software versionsGlibc: 1.00 - 2.12.2
CPE2.3- cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*
https://cxib.net/stuff/proftpd.gnu.c
https://seclists.org/fulldisclosure/2011/Jan/78
https://secunia.com/advisories/42547
https://securityreason.com/achievement_securityalert/93
https://securityreason.com/securityalert/8003
https://securitytracker.com/id?1024832
https://www.exploit-db.com/exploits/15935
https://www.kb.cert.org/vuls/id/912279
https://www.securityfocus.com/archive/1/515589/100/0/threaded
https://www.securityfocus.com/bid/45233
https://bugzilla.redhat.com/show_bug.cgi?id=645859
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
