Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2012-120
HistorySep 04, 2012 - 10:23 a.m.

Medium: glibc

2012-09-0410:23:00
alas.aws.amazon.com
14

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.1%

JSON

Issue Overview:

Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc’s functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480)

Affected Packages:

glibc

Issue Correction:
Run yum update glibc to update your system.

New Packages:

i686:  
    glibc-static-2.12-1.80.42.amzn1.i686  
    glibc-2.12-1.80.42.amzn1.i686  
    glibc-common-2.12-1.80.42.amzn1.i686  
    glibc-utils-2.12-1.80.42.amzn1.i686  
    glibc-devel-2.12-1.80.42.amzn1.i686  
    glibc-debuginfo-2.12-1.80.42.amzn1.i686  
    glibc-headers-2.12-1.80.42.amzn1.i686  
    nscd-2.12-1.80.42.amzn1.i686  
    glibc-debuginfo-common-2.12-1.80.42.amzn1.i686  
  
src:  
    glibc-2.12-1.80.42.amzn1.src  
  
x86_64:  
    glibc-utils-2.12-1.80.42.amzn1.x86_64  
    nscd-2.12-1.80.42.amzn1.x86_64  
    glibc-debuginfo-2.12-1.80.42.amzn1.x86_64  
    glibc-common-2.12-1.80.42.amzn1.x86_64  
    glibc-static-2.12-1.80.42.amzn1.x86_64  
    glibc-2.12-1.80.42.amzn1.x86_64  
    glibc-debuginfo-common-2.12-1.80.42.amzn1.x86_64  
    glibc-devel-2.12-1.80.42.amzn1.x86_64  
    glibc-headers-2.12-1.80.42.amzn1.x86_64

Additional References

Red Hat: CVE-2012-3480

Mitre: CVE-2012-3480

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686glibc-static< 2.12-1.80.42.amzn1glibc-static-2.12-1.80.42.amzn1.i686.rpm
Amazon Linux1i686glibc< 2.12-1.80.42.amzn1glibc-2.12-1.80.42.amzn1.i686.rpm
Amazon Linux1i686glibc-common< 2.12-1.80.42.amzn1glibc-common-2.12-1.80.42.amzn1.i686.rpm
Amazon Linux1i686glibc-utils< 2.12-1.80.42.amzn1glibc-utils-2.12-1.80.42.amzn1.i686.rpm
Amazon Linux1i686glibc-devel< 2.12-1.80.42.amzn1glibc-devel-2.12-1.80.42.amzn1.i686.rpm
Amazon Linux1i686glibc-debuginfo< 2.12-1.80.42.amzn1glibc-debuginfo-2.12-1.80.42.amzn1.i686.rpm
Amazon Linux1i686glibc-headers< 2.12-1.80.42.amzn1glibc-headers-2.12-1.80.42.amzn1.i686.rpm
Amazon Linux1i686nscd< 2.12-1.80.42.amzn1nscd-2.12-1.80.42.amzn1.i686.rpm
Amazon Linux1i686glibc-debuginfo-common< 2.12-1.80.42.amzn1glibc-debuginfo-common-2.12-1.80.42.amzn1.i686.rpm
Amazon Linux1x86_64glibc-utils< 2.12-1.80.42.amzn1glibc-utils-2.12-1.80.42.amzn1.x86_64.rpm
Rows per page:
1-10 of 181

Related

nessus 27
redhat 4
oraclelinux 2
prion 1
openvas 29
centos 2
fedora 3
securityvulns 3
debiancve 1
veracode 1
cve 1
ubuntucve 1
slackware 1
ubuntu 2
vmware 2
gentoo 1
debian 1
osv 1
nessus
nessus
Fedora 17 : glibc-2.15-56.fc17 (2012-11927)
2012-08-20 00:00:00
RHEL 6 : glibc (RHSA-2012:1208)
2012-08-28 00:00:00
RHEL 5 : glibc (RHSA-2012:1207)
2012-08-28 00:00:00
redhat
redhat
(RHSA-2012:1208) Moderate: glibc security update
2012-08-27 00:00:00
(RHSA-2012:1207) Moderate: glibc security and bug fix update
2012-08-27 00:00:00
(RHSA-2012:1262) Important: rhev-hypervisor5 security and bug fix update
2012-09-13 00:00:00
oraclelinux
oraclelinux
glibc security and bug fix update
2012-08-27 00:00:00
glibc security update
2012-08-27 00:00:00
prion
prion
Integer overflow
2012-08-25 10:29:00
openvas
openvas
RedHat Update for glibc RHSA-2012:1207-01
2012-08-28 00:00:00
Oracle: Security Advisory (ELSA-2012-1207)
2015-10-06 00:00:00
Amazon Linux: Security Advisory (ALAS-2012-120)
2015-09-08 00:00:00
centos
centos
glibc, nscd security update
2012-08-27 16:45:54
glibc, nscd security update
2012-08-27 19:18:45
fedora
fedora
[SECURITY] Fedora 18 Update: glibc-2.16-8.fc18
2012-09-17 23:50:57
[SECURITY] Fedora 17 Update: glibc-2.15-56.fc17
2012-08-18 01:30:04
[SECURITY] Fedora 16 Update: glibc-2.14.90-24.fc16.9
2012-08-27 22:59:56
securityvulns
securityvulns
[slackware-security] glibc &#40;SSA:2012-244-01&#41;
2012-09-04 00:00:00
GNU libc buffer overflow
2012-09-04 00:00:00
VMSA-2012-0018 VMware security updates for vCSA and ESXi
2013-01-02 00:00:00
debiancve
debiancve
CVE-2012-3480
2012-08-25 10:29:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 08:56:24
cve
cve
CVE-2012-3480
2012-08-25 10:29:00
ubuntucve
ubuntucve
CVE-2012-3480
2012-08-25 00:00:00
slackware
slackware
[slackware-security] glibc
2012-08-31 18:37:01
ubuntu
ubuntu
GNU C Library regression
2012-12-17 00:00:00
GNU C Library vulnerabilities
2012-10-02 00:00:00
vmware
vmware
VMware security updates for vCSA, vCenter Server, and ESXi
2012-12-20 00:00:00
VMware security updates for vCSA, vCenter Server, and ESXi
2012-12-20 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2015-03-08 00:00:00
debian
debian
[SECURITY] [DLA 165-1] eglibc security update
2015-03-06 15:39:53
osv
osv
eglibc - security update
2015-03-06 00:00:00

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.1%

JSON
Related for ALAS-2012-120
nessus27redhat4oraclelinux2prion1openvas29centos2fedora3securityvulns3debiancve1veracode1cve1ubuntucve1slackware1ubuntu2vmware2gentoo1debian1osv1