Security Bulletin: Netezza Host Management is vulnerable to a GNU C Library (glibc) attack (CVE-2013-7424)

Summary

The GNU C Library (glibc) could allow a remote attacker to execute arbitrary code on the system, caused by an invalid free error in the getaddrinfo() function when used with the AI_IDN flag. An attacker able to make an application call this function could exploit this vulnerability to execute arbitrary code on the system.

Vulnerability Details

CVEID:CVE-2013_-7424__ _

DESCRIPTION:

The GNU C Library (glibc) could allow a remote attacker to execute arbitrary code on the system, caused by an invalid free error in the getaddrinfo() function when used with the AI_IDN flag. An attacker able to make an application call this function could exploit this vulnerability to execute arbitrary code on the system.

CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101073 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P)

Affected Products and Versions

IBM Netezza Host Management 5.4.0.0 and prior releases.

Remediation/Fixes

IBM Netezza Host Management

| 5.4.1.0| Link to Fix Central
—|—|—

Workarounds and Mitigations

None