Lucene search
AmazonALAS-2012-057HistoryMar 23, 2012 - 2:15 p.m.
Medium: glibc
2012-03-2314:15:00
alas.aws.amazon.com
14
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.7%
Issue Overview:
An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864)
Affected Packages:
glibc
Issue Correction:
Run yum update glibc to update your system.
New Packages:
i686:
glibc-static-2.12-1.47.37.amzn1.i686
glibc-debuginfo-common-2.12-1.47.37.amzn1.i686
glibc-utils-2.12-1.47.37.amzn1.i686
glibc-devel-2.12-1.47.37.amzn1.i686
glibc-2.12-1.47.37.amzn1.i686
glibc-common-2.12-1.47.37.amzn1.i686
glibc-headers-2.12-1.47.37.amzn1.i686
glibc-debuginfo-2.12-1.47.37.amzn1.i686
nscd-2.12-1.47.37.amzn1.i686
src:
glibc-2.12-1.47.37.amzn1.src
x86_64:
nscd-2.12-1.47.37.amzn1.x86_64
glibc-devel-2.12-1.47.37.amzn1.x86_64
glibc-debuginfo-common-2.12-1.47.37.amzn1.x86_64
glibc-2.12-1.47.37.amzn1.x86_64
glibc-headers-2.12-1.47.37.amzn1.x86_64
glibc-debuginfo-2.12-1.47.37.amzn1.x86_64
glibc-static-2.12-1.47.37.amzn1.x86_64
glibc-utils-2.12-1.47.37.amzn1.x86_64
glibc-common-2.12-1.47.37.amzn1.x86_64
Additional References
Red Hat: CVE-2012-0864
Mitre: CVE-2012-0864
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | glibc-static | < 2.12-1.47.37.amzn1 | glibc-static-2.12-1.47.37.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | glibc-debuginfo-common | < 2.12-1.47.37.amzn1 | glibc-debuginfo-common-2.12-1.47.37.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | glibc-utils | < 2.12-1.47.37.amzn1 | glibc-utils-2.12-1.47.37.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | glibc-devel | < 2.12-1.47.37.amzn1 | glibc-devel-2.12-1.47.37.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | glibc | < 2.12-1.47.37.amzn1 | glibc-2.12-1.47.37.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | glibc-common | < 2.12-1.47.37.amzn1 | glibc-common-2.12-1.47.37.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | glibc-headers | < 2.12-1.47.37.amzn1 | glibc-headers-2.12-1.47.37.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | glibc-debuginfo | < 2.12-1.47.37.amzn1 | glibc-debuginfo-2.12-1.47.37.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | nscd | < 2.12-1.47.37.amzn1 | nscd-2.12-1.47.37.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | nscd | < 2.12-1.47.37.amzn1 | nscd-2.12-1.47.37.amzn1.x86_64.rpm |
Related
openvas
openvas
RedHat Update for glibc RHSA-2012:0397-01
2012-03-22 00:00:00
CentOS Update for glibc CESA-2012:0393 centos6
2012-07-30 00:00:00
CentOS Update for glibc CESA-2012:0397 centos5
2012-07-30 00:00:00
redhat
redhat
(RHSA-2012:0397) Moderate: glibc security update
2012-03-19 00:00:00
(RHSA-2012:0393) Moderate: glibc security and bug fix update
2012-03-15 00:00:00
(RHSA-2012:0488) Important: rhev-hypervisor5 security and bug fix update
2012-04-17 00:00:00
nessus
nessus
CentOS 5 : glibc (CESA-2012:0397)
2012-03-21 00:00:00
Fedora 16 : glibc-2.14.90-24.fc16.6 (2012-2162)
2012-02-27 00:00:00
Oracle Linux 5 : glibc (ELSA-2012-0397)
2013-07-12 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: glibc-2.14.1-6
2012-03-08 03:55:46
[SECURITY] Fedora 15 Update: glibc-2.14.1-6
2012-03-08 05:00:09
[SECURITY] Fedora 16 Update: glibc-2.14.90-24.fc16.6
2012-02-25 08:36:01
centos
centos
glibc, nscd security update
2012-03-20 02:12:41
glibc, nscd security update
2012-03-15 22:58:20
oraclelinux
oraclelinux
glibc security and bug fix update
2012-03-15 00:00:00
glibc security update
2012-03-19 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:11:22
ubuntucve
ubuntucve
CVE-2012-0864
2012-02-23 00:00:00
CVE-2012-2118
2012-05-18 00:00:00
cve
cve
CVE-2012-0864
2013-05-02 14:55:00
prion
prion
Integer overflow
2013-05-02 14:55:00
zdt
zdt
Sudo v1.8.0-1.8.3p1 (sudo_debug) - Root Exploit
2013-05-01 00:00:00
seebug
seebug
sudo 1.8.0-1.8.3p1 (sudo_debug) - Root Exploit + glibc FORTIFY_SOURCE Bypass
2014-07-01 00:00:00
exploitpack
exploitpack
exploitdb
exploitdb
securityvulns
securityvulns
glibc multiple security vulnerabilities
2012-03-10 00:00:00
[USN-1396-1] GNU C Library vulnerabilities
2012-03-10 00:00:00
VMSA-2012-0018 VMware security updates for vCSA and ESXi
2013-01-02 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2013-12-03 00:00:00
ubuntu
ubuntu
GNU C Library vulnerabilities
2012-03-09 00:00:00
vmware
vmware
VMware security updates for vCSA, vCenter Server, and ESXi
2012-12-20 00:00:00
VMware security updates for vCSA, vCenter Server, and ESXi
2012-12-20 00:00:00
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.7%
Related for ALAS-2012-057