Debian Glibc vulnerabilities

CVE-2012-3406 [MEDIUM] CVE-2012-3406: glibc - The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.... The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execu

CVE-2012-4412 [HIGH] CVE-2012-4412: glibc - Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6)... Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 2.17-94) bullseye: resolved (fixed in 2.17-94) forky: resolve

CVE-2012-3404 [MEDIUM] CVE-2012-3404: glibc - The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka g... The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters

CVE-2012-3405 [MEDIUM] CVE-2012-3405: glibc - The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka g... The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format

CVE-2012-4424 [MEDIUM] CVE-2012-4424: glibc - Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glib... Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. Scope: local bookworm: resolved (fixed in 2.17-94) bullseye: resolved (fi

CVE-2011-1089 [HIGH] CVE-2011-1089: glibc - The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlie... The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. Scope: local

CVE-2011-5320 [MEDIUM] CVE-2011-5320: glibc - scanf and related functions in glibc before 2.15 allow local users to cause a de... scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s. Scope: local bookworm: resolved (fixed in 2.15) bullseye: resolved (fixed in 2.15) forky: resolved (fixed in 2.15) sid: resolved (fixed in 2.15) trixie: resolved (fixed in 2.15)

CVE-2011-1659 [MEDIUM] CVE-2011-1659: glibc - Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.... Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. Scope: local bookworm: resolved (fixed in 2.13-8) bullsey

CVE-2011-1095 [MEDIUM] CVE-2011-1095: glibc - locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) bef... locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. Scope: local bookworm: resolved (fixed in 2.13-16) bullseye: resolved (fix

CVE-2011-1071 [MEDIUM] CVE-2011-1071: glibc - The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC)... The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported

CVE-2011-0536 [MEDIUM] CVE-2011-0536: glibc - Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain mod... Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during executio

CVE-2011-2702 [MEDIUM] CVE-2011-2702: glibc - Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using... Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds

CVE-2010-0296 [HIGH] CVE-2010-0296: glibc - The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc... The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. Scope: local

CVE-2010-3856 [HIGH] CVE-2010-3856: glibc - ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before... ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. Scope:

CVE-2010-0830 [MEDIUM] CVE-2010-0830: glibc - Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-lin... Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. Scope: loca

CVE-2010-0015 [HIGH] CVE-2010-0015: glibc - nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded... nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. Scope: local bookworm: resolved (fixed in 2.10.2-4) bullseye: resolved (f

CVE-2010-3847 [MEDIUM] CVE-2010-3847: glibc - elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2,... elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. Scope: local bookworm: resolved (fixed in 2.11.2-8) bullse

CVE-2010-4051 [MEDIUM] CVE-2010-4051: glibc - The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.1... The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in th

CVE-2010-4756 [HIGH] CVE-2010-4756: glibc - The glob implementation in the GNU C Library (aka glibc or libc6) allows remote ... The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. Scope: local bookworm: open bullsey

CVE-2010-4052 [MEDIUM] CVE-2010-4052: glibc - Stack consumption vulnerability in the regcomp implementation in the GNU C Libra... Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.