Code Injection in GNU Glibc

1) Code Injection

EUVDB-ID: #VU110113

Risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2011-2702

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Glibc: 0.1 - 2.12.2

CPE2.3

• cpe:2.3:a:gnu:glibc:0.1:*:*:*:*:*:*:*
• cpe:2.3:a:gnu:glibc:0.4:*:*:*:*:*:*:*
• cpe:2.3:a:gnu:glibc:0.4.1:*:*:*:*:*:*:*

External links

https://seclists.org/oss-sec/2011/q3/153
https://seclists.org/oss-sec/2011/q3/123
https://www.nodefense.org/eglibc.txt
https://xorl.wordpress.com/2011/08/06/cve-2011-2702-eglibc-and-glibc-signedness-issue/
https://www.osvdb.org/80718
https://bugzilla.novell.com/show_bug.cgi?id=706915
https://www.eglibc.org/cgi-bin/viewvc.cgi/trunk/libc/ChangeLog?view=markup&pathrev=10032
https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=a0ac24d98ace90d1ccba6a2f3e7d55600f2fdb6e

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.