what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2012-2673

Status Candidate

Overview

Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.

Related Files

Red Hat Security Advisory 2014-0149-01
Posted Feb 10, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0149-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc's implementation of the malloc() and calloc() routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity checks for the malloc() and calloc() routines, a remote attacker could provide specially crafted application-specific input, which, when processed by the application, could lead to an application crash or, potentially, arbitrary code execution with the privileges of the user running the application.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2012-2673
SHA-256 | ab1869eb40905173521dfa2bc8d078041565cdaee5692e209da56b9fa3326e69
Red Hat Security Advisory 2014-0150-01
Posted Feb 10, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0150-01 - Red Hat Satellite Proxy provides a package-caching mechanism that reduces the bandwidth requirements for Red Hat Satellite and enables custom package deployment. Red Hat Satellite Proxy customers are able to cache RPM packages, such as are provided by Errata Updates from Red Hat, or custom RPM packages generated by their organization, on an internal, centrally-located server. gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc's implementation of the malloc() and calloc() routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity checks for the malloc() and calloc() routines, a remote attacker could provide specially crafted application-specific input, which, when processed by the application, could lead to an application crash or, potentially, arbitrary code execution with the privileges of the user running the application.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2012-2673
SHA-256 | 669c9c9c11aecff1cc8081c8a4033c22fd3a1f755e68e73dbf6986a6047a5bbb
Red Hat Security Advisory 2013-1500-01
Posted Nov 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1500-01 - gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc's implementation of the malloc() and calloc() routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity checks for the malloc() and calloc() routines, a remote attacker could provide specially crafted application-specific input, which, when processed by the application, could lead to an application crash or, potentially, arbitrary code execution with the privileges of the user running the application.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2012-2673
SHA-256 | 98163433f0f4fa97f8a768c780a3779f28965a348ea070cf769d1d97cbff3ca1
Mandriva Linux Security Advisory 2012-158
Posted Oct 4, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-158 - Multiple integer overflows in the calloc functions in malloc.c, and the GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. The updated packages have been patched to correct this issue.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2012-2673
SHA-256 | 88b0f00c58533372ad08311ae93c93dc5a627ff295fd192460b3e451c48ae741
Ubuntu Security Notice USN-1546-1
Posted Aug 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1546-1 - It was discovered that multiple integer overflows existed in the malloc and calloc implementations in the Boehm-Demers-Weiser garbage collecting memory allocator (libgc). These could allow an attacker to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-2673
SHA-256 | 58991ae1377d34f2cb65a2637dac82551f96bcf8a96f7a256a0430749a93efad
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close