Lucene search

K
amazonAmazonALAS-2013-270
HistoryDec 17, 2013 - 9:39 p.m.

Medium: glibc

2013-12-1721:39:00
alas.aws.amazon.com
25

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

8.5

Confidence

High

EPSS

0.16

Percentile

96.0%

Issue Overview:

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc’s memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332)

A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash. (CVE-2013-0242)

It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914)

Affected Packages:

glibc

Issue Correction:
Run yum update glibc to update your system.

New Packages:

i686:  
    glibc-2.12-1.132.45.amzn1.i686  
    glibc-utils-2.12-1.132.45.amzn1.i686  
    glibc-debuginfo-common-2.12-1.132.45.amzn1.i686  
    glibc-common-2.12-1.132.45.amzn1.i686  
    glibc-headers-2.12-1.132.45.amzn1.i686  
    glibc-static-2.12-1.132.45.amzn1.i686  
    glibc-debuginfo-2.12-1.132.45.amzn1.i686  
    nscd-2.12-1.132.45.amzn1.i686  
    glibc-devel-2.12-1.132.45.amzn1.i686  
  
src:  
    glibc-2.12-1.132.45.amzn1.src  
  
x86_64:  
    glibc-2.12-1.132.45.amzn1.x86_64  
    nscd-2.12-1.132.45.amzn1.x86_64  
    glibc-devel-2.12-1.132.45.amzn1.x86_64  
    glibc-common-2.12-1.132.45.amzn1.x86_64  
    glibc-debuginfo-2.12-1.132.45.amzn1.x86_64  
    glibc-headers-2.12-1.132.45.amzn1.x86_64  
    glibc-static-2.12-1.132.45.amzn1.x86_64  
    glibc-debuginfo-common-2.12-1.132.45.amzn1.x86_64  
    glibc-utils-2.12-1.132.45.amzn1.x86_64  

Additional References

Red Hat: CVE-2013-0242, CVE-2013-1914, CVE-2013-4332

Mitre: CVE-2013-0242, CVE-2013-1914, CVE-2013-4332

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

8.5

Confidence

High

EPSS

0.16

Percentile

96.0%