Rapid7 Vulnerability & Exploit Database

RHSA-2012:0125: glibc security and bug fix update

Back to Search

RHSA-2012:0125: glibc security and bug fix update

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
06/01/2010
Created
07/25/2018
Added
02/21/2012
Modified
07/04/2017

Description

The glibc packages contain the standard C libraries used by multipleprograms on the system. These packages contain the standard C and thestandard math libraries. Without these two libraries, a Linux system cannotfunction properly.An integer overflow flaw, leading to a heap-based buffer overflow, wasfound in the way the glibc library read timezone files. If acarefully-crafted timezone file was loaded by an application linked againstglibc, it could cause the application to crash or, potentially, executearbitrary code with the privileges of the user running the application.(CVE-2009-5029)A flaw was found in the way the ldd utility identified dynamically linkedlibraries. If an attacker could trick a user into running ldd on amalicious binary, it could result in arbitrary code execution with theprivileges of the user running ldd. (CVE-2009-5064)It was discovered that the glibc addmntent() function, used by variousmount helper utilities, did not sanitize its input properly. A localattacker could possibly use this flaw to inject malformed lines into themtab (mounted file systems table) file via certain setuid mount helpers, ifthe attacker were allowed to mount to an arbitrary directory under theircontrol. (CVE-2010-0296)An integer overflow flaw, leading to a heap-based buffer overflow, wasfound in the way the glibc library loaded ELF (Executable and LinkingFormat) files. If a carefully-crafted ELF file was loaded by anapplication linked against glibc, it could cause the application to crashor, potentially, execute arbitrary code with the privileges of the userrunning the application. (CVE-2010-0830)It was discovered that the glibc fnmatch() function did not properlyrestrict the use of alloca(). If the function was called on sufficientlylarge inputs, it could cause an application using fnmatch() to crash or,possibly, execute arbitrary code with the privileges of the application.(CVE-2011-1071)It was found that the glibc addmntent() function, used by various mounthelper utilities, did not handle certain errors correctly when updating themtab (mounted file systems table) file. If such utilities had the setuidbit set, a local attacker could use this flaw to corrupt the mtab file.(CVE-2011-1089)It was discovered that the locale command did not produce properly escapedoutput as required by the POSIX specification. If an attacker were able toset the locale environment variables in the environment of a script thatperformed shell evaluation on the output of the locale command, and thatscript were run with different privileges than the attacker's, it couldexecute arbitrary code with the privileges of the script. (CVE-2011-1095)An integer overflow flaw was found in the glibc fnmatch() function. If anattacker supplied a long UTF-8 string to an application linked againstglibc, it could cause the application to crash. (CVE-2011-1659)A denial of service flaw was found in the remote procedure call (RPC)implementation in glibc. A remote attacker able to open a large number ofconnections to an RPC service that is using the RPC implementation fromglibc, could use this flaw to make that service use an excessive amount ofCPU time. (CVE-2011-4609)Red Hat would like to thank the Ubuntu Security Team for reportingCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The UbuntuSecurity Team acknowledges Dan Rosenberg as the original reporter ofCVE-2010-0830.This update also fixes the following bug:Users should upgrade to these updated packages, which resolve these issues.

Solution(s)

  • redhat-upgrade-glibc
  • redhat-upgrade-glibc-common
  • redhat-upgrade-glibc-devel
  • redhat-upgrade-glibc-headers
  • redhat-upgrade-glibc-profile
  • redhat-upgrade-glibc-utils
  • redhat-upgrade-nptl-devel
  • redhat-upgrade-nscd

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;