Debian Glibc vulnerabilities

CVE-2009-5155 [HIGH] CVE-2009-5155: glibc - In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/re... In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. Scope: local bookworm: resolved (fixed in 2.28-1) bullseye: resolved (fixed in 2.28-1) forky:

CVE-2009-5064 [MEDIUM] CVE-2009-5064: glibc - ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local user... ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary bina

CVE-2009-5029 [MEDIUM] CVE-2009-5029: glibc - Integer overflow in the __tzfile_read function in glibc before 2.15 allows conte... Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd. Scope: local bookworm: resolved (fixed in 2.13-24) bullseye: resolved (fixed in 2.13-24) forky: resolved (fixed in 2.13-24) sid: r

CVE-2009-4880 [HIGH] CVE-2009-4880: glibc - Multiple integer overflows in the strfmon implementation in the GNU C Library (a... Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391. Scope

CVE-2009-0537 [MEDIUM] CVE-2009-0537: glibc - Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 a... Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (

CVE-2009-4881 [HIGH] CVE-2009-4881: glibc - Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfm... Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391. Scope: local book

CVE-2008-1367 [HIGH] CVE-2008-1367: glibc - gcc 4.3.x does not generate a cld instruction while compiling functions used for... gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attac

CVE-2008-1391 [HIGH] CVE-2008-1391: glibc - Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and proba... Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, relat

CVE-2008-0122 [CRITICAL] CVE-2008-0122: bind9 - Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and e... Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. Scope: local bookworm: resolved bullseye: resolved forky: resolved

CVE-2007-4840 [MEDIUM] CVE-2007-4840: glibc - PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of se... PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web serve

CVE-2007-3508 [HIGH] CVE-2007-3508: glibc - Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2... Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution Scope: local bookworm: resolved (fixed in 2.6-2) bullseye: resolved (fix

CVE-2006-7254 [MEDIUM] CVE-2006-7254: glibc - The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close i... The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. Scope: local bookworm: resolved (fixed in 2.5-1) bullseye: resolved (fixed in 2.5-1) forky: resolved (fixed in 2.5-1) sid: resolved (fixed in 2.5-1) t

CVE-2005-3590 [CRITICAL] CVE-2005-3590: glibc - The getgrouplist function in the GNU C library (glibc) before version 2.3.5, whe... The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory. Scope: local bookworm: resolved (fixed in 2.3.5-3) bullseye: resolved (fixed in 2.3.5-3) forky: resolv

CVE-2005-0403 [HIGH] CVE-2005-0403: glibc - init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux... init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure. Scope: local bookworm: resolved bullsey

CVE-2004-1453 [LOW] CVE-2004-1453: glibc - GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 be... GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program. Scope: local bookworm: resolved (fixed in 2.3.5) bullseye: resolved (fixed in 2.3.5) forky: resolved (fixed in 2.

CVE-2004-1382 [LOW] CVE-2004-1382: glibc - The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite a... The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968. Scope: local bookworm: resolved (fixed in 2.3.2.ds1-19) bullseye: resolved (fixed in 2.3.2.ds1-19) forky: resolved (fixed in 2.3.2.ds1-19) sid: resolved (fixed in 2.3.2.ds1-19) trixie: resolv

CVE-2004-0968 [LOW] CVE-2004-0968: glibc - The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite ... The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files. Scope: local bookworm: resolved (fixed in 2.3.2.ds1-19) bullseye: resolved (fixed in 2.3.2.ds1-19) forky: resolved (fixed in 2.3.2.ds1-19) sid: resolved (fixed in 2.3.2.ds1-19) trixie: resolved (fixed in 2.3.2.ds1-19)

CVE-2003-0028 [CRITICAL] CVE-2003-0028: dietlibc - Integer overflow in the xdrmem_getbytes() function, and possibly other functions... Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. Scope: local bookworm: resol

CVE-2003-0689 [HIGH] CVE-2003-0689: glibc - The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers... The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow. Scope: local bookworm: resolved (fixed in 2.2.5) bullseye: resolved (fixed in 2.2.5) forky: resolved (fixed in 2.2.5) sid: res

CVE-2002-0391 [CRITICAL] CVE-2002-0391: acm - Integer overflow in xdr_array function in RPC servers for operating systems that... Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. Scope: local bookworm: resolved (fixed in 5.0-10) bullseye: resolved (