5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.016 Low
EPSS
Percentile
85.7%
Several vulnerabilities have been discovered in eglibc that
may lead to a privilege escalation or denial of service.
A weakness in the dynamic loader prior has been found. The issue is
that the LD_POINTER_GUARD in the environment is not sanitized
allowing local attackers easily to bypass the pointer guarding
protection on set-user-ID and set-group-ID programs.
When processing certain malformed patterns, fnmatch can skip over the
NUL byte terminating the pattern. This can potentially result in an
application crash if fnmatch hits an unmapped page before
encountering a NUL byte.
A miscalculation in _IO_wstr_overflow could potentially be exploited
to overflow a buffer.
For the oldoldstable distribution (squeeze), these problems have been fixed
in version 2.11.3-4+deb6u7.
We recommend that you update your packages.