GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
BID:52201
Info
GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
| Bugtraq ID: | 52201 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2012-0864 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 28 2012 12:00AM |
| Updated: | Apr 13 2015 10:06PM |
| Credit: | Stefan Cornelius of Red Hat Security Response Team |
| Vulnerable: |
VMWare ESXi 5.1 Patch ESXi510-201212101 VMWare ESXi 5.0 Patch ESXi500-201212101-SG VMWare ESXi 4.1 VMWare ESXi 4.0 VMWare ESXi 3.5 VMWare ESX 4.1 VMWare ESX 4.0 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Redhat Enterprise Virtualization Hypervisor for RHEL 6 0 Redhat Enterprise Virtualization Hypervisor for RHEL 5 0 Redhat Enterprise Linux Workstation Optional 6 Redhat Enterprise Linux Workstation 6 Redhat Enterprise Linux Server Optional 6 Redhat Enterprise Linux Server 6 Redhat Enterprise Linux HPC Node Optional 6 Redhat Enterprise Linux HPC Node 6 Redhat Enterprise Linux Desktop Optional 6 Redhat Enterprise Linux Desktop 6 Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux 5 Server Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 GNU glibc 0 Gentoo Linux Avaya Voice Portal 5.1.2 Avaya Voice Portal 5.1.1 Avaya Voice Portal 5.1 SP1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.0 SP2 Avaya Voice Portal 5.0 SP1 Avaya Voice Portal 5.0 Avaya Proactive Contact 5.0 Avaya IQ 5.2 Avaya IQ 5.1.1 Avaya IQ 5.1 Avaya IQ 5 Avaya IP Office Application Server 8.0 Avaya IP Office Application Server 7.0 Avaya IP Office Application Server 6.1 Avaya IP Office Application Server 6.0 Avaya Communication Server 1000M Signaling Server 7.5 Avaya Communication Server 1000M Signaling Server 7.0 Avaya Communication Server 1000M Signaling Server 6.0 Avaya Communication Server 1000M 7.5 Avaya Communication Server 1000M 7.0 Avaya Communication Server 1000M 6.0 Avaya Communication Server 1000E Signaling Server 7.5 Avaya Communication Server 1000E Signaling Server 7.0 Avaya Communication Server 1000E Signaling Server 6.0 Avaya Communication Server 1000E 7.5 Avaya Communication Server 1000E 7.0 Avaya Communication Server 1000E 6.0 Avaya Aura System Platform 6.0.2 Avaya Aura System Platform 6.0.1 Avaya Aura System Platform 6.0 SP3 Avaya Aura System Platform 6.0 SP2 Avaya Aura System Platform 6.0 Avaya Aura System Platform 1.0 Avaya Aura System Manager 6.2.3 Avaya Aura System Manager 6.2 Avaya Aura System Manager 6.1.3 Avaya Aura System Manager 6.1.2 Avaya Aura System Manager 6.1.1 Avaya Aura System Manager 6.1 SP2 Avaya Aura System Manager 6.1 Sp1 Avaya Aura System Manager 6.1 Avaya Aura System Manager 6.0 SP1 Avaya Aura System Manager 6.0 Avaya Aura System Manager 5.2 Avaya Aura Session Manager 6.2.1 Avaya Aura Session Manager 6.1.3 Avaya Aura Session Manager 6.1.2 Avaya Aura Session Manager 6.1.1 Avaya Aura Session Manager 6.2.2 Avaya Aura Session Manager 6.2 Avaya Aura Session Manager 6.1 SP2 Avaya Aura Session Manager 6.1 Sp1 Avaya Aura Session Manager 6.1 Avaya Aura Session Manager 6.0 SP1 Avaya Aura Session Manager 6.0 Avaya Aura Session Manager 5.2 SP2 Avaya Aura Session Manager 5.2 SP1 Avaya Aura Session Manager 5.2 Avaya Aura Session Manager 1.1 Avaya Aura Session Manager 1.0 Avaya Aura Presence Services 6.1.1 Avaya Aura Presence Services 6.1 Avaya Aura Presence Services 6.0 Avaya Aura Messaging 6.1 Avaya Aura Messaging 6.0.1 Avaya Aura Messaging 6.0 Avaya Aura Experience Portal 6.0 Avaya Aura Conferencing 6.0 Standard Avaya Aura Communication Manager Utility Services 6.2 Avaya Aura Communication Manager Utility Services 6.1 Avaya Aura Communication Manager Utility Services 6.0 Avaya Aura Communication Manager 6.0.1 Avaya Aura Communication Manager 6.0 Avaya Aura Application Server 5300 SIP Core 2.1 Avaya Aura Application Server 5300 SIP Core 2.0 PB25 Avaya Aura Application Server 5300 SIP Core 2.0 Avaya Aura Application Enablement Services 5.2.1 Avaya Aura Application Enablement Services 6.1.1 Avaya Aura Application Enablement Services 6.1 Avaya Aura Application Enablement Services 5.2.3 Avaya Aura Application Enablement Services 5.2.2 Avaya Aura Application Enablement Services 5.2 |
| Not Vulnerable: |
Avaya Voice Portal 5.1.3 Avaya Aura System Platform 6.2.1 Avaya Aura System Platform 6.0.3.9.3 Avaya Aura System Platform 6.0.3.0.3 Avaya Aura System Manager 6.3.2 Avaya Aura System Manager 6.3.1 Avaya Aura System Manager 6.3 Avaya Aura Session Manager 6.2.3 Avaya Aura Communication Manager Utility Services 6.2.5.0.15 Avaya Aura Application Server 5300 SIP Core 2.0 PB26 |
Discussion
GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
GNU glibc is prone to a security-bypass vulnerability.
Successful exploits will allow attackers to bypass certain security restrictions and gain unauthorized access to the application. This may aid in further attacks.
GNU glibc is prone to a security-bypass vulnerability.
Successful exploits will allow attackers to bypass certain security restrictions and gain unauthorized access to the application. This may aid in further attacks.
Exploit / POC
GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
To exploit this issue, an attacker can use readily available tools.
The following exploit is available:
To exploit this issue, an attacker can use readily available tools.
The following exploit is available:
Solution / Fix
GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
Solution:
Updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5
Solution:
Updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5
-
Mandriva glibc-2.8-1.20080520.5.9mnb2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva glibc-devel-2.8-1.20080520.5.9mnb2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva glibc-doc-2.8-1.20080520.5.9mnb2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva glibc-doc-pdf-2.8-1.20080520.5.9mnb2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva glibc-i18ndata-2.8-1.20080520.5.9mnb2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva glibc-profile-2.8-1.20080520.5.9mnb2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva glibc-static-devel-2.8-1.20080520.5.9mnb2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva glibc-utils-2.8-1.20080520.5.9mnb2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva nscd-2.8-1.20080520.5.9mnb2.i586.rpm
http://www.mandriva.com/en/downloads/
References
GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
References:
References:
- CVE-2012-0864 glibc: F_S format string protection bypass via "nargs" integer ove (Red Hat)
- GNU C Library Homepage (GNU)
- ASA-2012-116 glibc security and bug fix update (RHSA-2012-0393) (Avaya)
- ASA-2012-166 glibc security update (RHSA-2012-0397) (Avaya)
- VMSA-2012-0013 (VMWare)
- VMSA-2012-0018 (Alexander Minozhenko)