what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2013-4458

Status Candidate

Overview

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.

Related Files

Gentoo Linux Security Advisory 201503-04
Posted Mar 9, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201503-4 - Multiple vulnerabilities have been found in GNU C Library, the worst of which allowing a local attacker to execute arbitrary code or cause a Denial of Service. Versions less than 2.19-r1 are affected.

tags | advisory, denial of service, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2012-3404, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480, CVE-2012-4412, CVE-2012-4424, CVE-2012-6656, CVE-2013-0242, CVE-2013-1914, CVE-2013-2207, CVE-2013-4237, CVE-2013-4332, CVE-2013-4458, CVE-2013-4788, CVE-2014-4043, CVE-2015-0235
SHA-256 | 3be887081cfadc048cd5dd2fed5fc98110f1b24cf929e8adeeecd9c308657613
Slackware Security Advisory - glibc Updates
Posted Oct 24, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New glibc packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2012-4412, CVE-2012-4424, CVE-2013-4237, CVE-2013-4458, CVE-2013-4788, CVE-2014-0475, CVE-2014-4043, CVE-2014-5119, CVE-2014-6040
SHA-256 | f465530a54da7d5a528f544b46d30ac71a8e33c13da9a2e12a12020d9888fad7
Red Hat Security Advisory 2014-1391-02
Posted Oct 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1391-02 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds write flaw was found in the way the glibc's readdir_r() function handled file system entries longer than the NAME_MAX character constant. A remote attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdir_r(), would cause that application to crash or, potentially, allow the attacker to execute arbitrary code with the privileges of the user running the application.

tags | advisory, remote, arbitrary
systems | linux, redhat, osx
advisories | CVE-2013-4237, CVE-2013-4458
SHA-256 | b3670bf99e729d8603ae71eacabbc18f59496e8dd9b47853146f872e46fc46ac
Ubuntu Security Notice USN-2306-3
Posted Sep 8, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2306-3 - USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This update fixes the problem. Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. It was discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Stephane Chazelas discovered that the GNU C Library incorrectly handled locale environment variables. An attacker could use this issue to possibly bypass certain restrictions such as the ForceCommand restrictions in OpenSSH. David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C Library incorrectly handled posix_spawn_file_actions_addopen() path arguments. An attacker could use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, memory leak
systems | linux, osx, ubuntu
advisories | CVE-2013-4357, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043
SHA-256 | f2603aa7d9226b9f4831dcb8df5250b85e04ad8455ad6664e7dbbc9ad9a8c435
Ubuntu Security Notice USN-2306-2
Posted Aug 5, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2306-2 - USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the security update cause a regression in certain environments that use the Name Service Caching Daemon (nscd), such as those configured for LDAP or MySQL authentication. In these environments, the nscd daemon may need to be stopped manually for name resolution to resume working so that updates can be downloaded, including environments configured for unattended updates. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-4357, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043
SHA-256 | 85b1f00c2d58351a28e5e5bf4fbb3b0ca4c61a877b00712d9431223f7f23c474
Ubuntu Security Notice USN-2306-1
Posted Aug 4, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2306-1 - Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. It was discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4357, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043
SHA-256 | d3ab72f234d3127e89f898188c884fa871546397dcd29ae63cfb9595750ab3ac
Mandriva Linux Security Advisory 2013-284
Posted Nov 26, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-284 - Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service via a large value to the aligned_alloc functions. A stack overflow flaw, which led to a denial of service (application crash), was found in the way glibc's getaddrinfo() function processed certain requests when called with AF_INET6. A similar flaw to this affects AF_INET6 rather than AF_UNSPEC. The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC does not initialize the random value for the pointer guard, which makes it easier for context- dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-4412, CVE-2012-4424, CVE-2013-4332, CVE-2013-4458, CVE-2013-4788
SHA-256 | 00fea704bf1f1055d112be7b211b292f2d6fed3a9a06d1f22b451064014e9b25
Mandriva Linux Security Advisory 2013-283
Posted Nov 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-283 - Updated glibc packages fix multiple security issues. Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. pt_chown in GNU C Library before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, local
systems | linux, mandriva
advisories | CVE-2012-4412, CVE-2012-4424, CVE-2013-2207, CVE-2013-4237, CVE-2013-4332, CVE-2013-4458, CVE-2013-4788
SHA-256 | 1c82e380a68105a8faa750720b4e2f2251bb1cd7f4dd03f29ae8a02d1b90188b
Page 1 of 1
Back1Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close