Debian Security Advisory DSA 2058-1 (glibc, eglibc)

Published: 2010-06-10 19:49:43
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Recommendations:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202058-1

Technical Details:
Several vulnerabilities have been discovered in the GNU C Library (aka glibc) and its derivatives. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1391, CVE-2009-4880, CVE-2009-4881 Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon family of functions. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service. CVE-2010-0296 Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges. CVE-2010-0830 Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges. For the stable distribution (lenny), these problems have been fixed in version 2.7-18lenny4 of the glibc Linux Distribution Package. For the testing distribution (squeeze), these problems will be fixed soon. For the unstable distribution (sid), these problems has been fixed in version 2.1.11-1 of the eglibc Linux Distribution Package. We recommend that you upgrade your glibc or eglibc Linux Distribution Packages.

Summary:
The remote host is missing an update to glibc, eglibc announced via advisory DSA 2058-1.

Detection Type:
Linux Distribution Package

Solution Type:
Vendor Patch

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2008-1391
https://nvd.nist.gov/vuln/detail/CVE-2009-4880
https://nvd.nist.gov/vuln/detail/CVE-2009-4881
https://nvd.nist.gov/vuln/detail/CVE-2010-0296
https://nvd.nist.gov/vuln/detail/CVE-2010-0830

Search
Severity
High
CVSS Score
7.5

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.