Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

Debian 5.0 DSA-2058-1 Critical: Glibc Remote Code Execution

debian
Calendar Grey June 10, 2010
Debian Logo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------
Several vulnerabilities have been discovered in the GNU C Library (aka glibc) and its derivatives

Summary

Several vulnerabilities have been discovered in the GNU C Library (aka
glibc) and its derivatives. The Common Vulnerabilities and Exposures
project identifies the following problems:


CVE-2008-1391, CVE-2009-4880, CVE-2009-4881

Maksymilian Arciemowicz discovered that the GNU C library did not
correctly handle integer overflows in the strfmon family of
functions. If a user or automated system were tricked into
processing a specially crafted format string, a remote attacker
could crash applications, leading to a denial of service.


CVE-2010-0296

Jeff Layton and Dan Rosenberg discovered that the GNU C library did
not correctly handle newlines in the mntent family of functions. If
a local attacker were able to inject newlines into a mount entry
through other vulnerable mount helpers, they could disrupt the
system or possibly gain root privileges.


CVE-2010-0830

Dan Rosenberg discovered that the GNU C library did not correctly
validate certain ELF program headers. If a user or automated system
were tr...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: glibc, eglibc

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.