Rapid7 Vulnerability & Exploit Database

CESA-2003:022: glibc security update

Back to Search

CESA-2003:022: glibc security update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
10/11/2002
Created
07/25/2018
Added
03/12/2010
Modified
07/04/2017

Description

Updated glibc packages are available to fix a buffer overflow in the resolver.

The GNU C library package, glibc, contains standard libraries used by multiple programs on the system. A read buffer overflow vulnerability exists in the glibc resolver code in versions of glibc up to and including 2.2.5. The vulnerability is triggered by DNS packets larger than 1024 bytes and can cause applications to crash. In addition to this, several non-security related bugs have been fixed, the majority for the Itanium (IA64) platform. All CentOS Linux Advanced Server users are advised to upgrade to these errata packages which contain a patch to correct this vulnerability.

Solution(s)

  • centos-upgrade-glibc
  • centos-upgrade-glibc-common
  • centos-upgrade-glibc-devel
  • centos-upgrade-glibc-profile
  • centos-upgrade-nscd

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;