Lucene search

K
osvGoogleOSV:DSA-2058-1
HistoryJun 10, 2010 - 12:00 a.m.

glibc - several vulnerabilities

2010-06-1000:00:00
Google
osv.dev
16

EPSS

0.094

Percentile

94.7%

Several vulnerabilities have been discovered in the GNU C Library (aka
glibc) and its derivatives. The Common Vulnerabilities and Exposures
project identifies the following problems:

  • CVE-2008-1391, CVE-2009-4880, CVE-2009-4881
    Maksymilian Arciemowicz discovered that the GNU C library did not
    correctly handle integer overflows in the strfmon family of
    functions. If a user or automated system were tricked into
    processing a specially crafted format string, a remote attacker
    could crash applications, leading to a denial of service.
  • CVE-2010-0296
    Jeff Layton and Dan Rosenberg discovered that the GNU C library did
    not correctly handle newlines in the mntent family of functions. If
    a local attacker were able to inject newlines into a mount entry
    through other vulnerable mount helpers, they could disrupt the
    system or possibly gain root privileges.
  • CVE-2010-0830
    Dan Rosenberg discovered that the GNU C library did not correctly
    validate certain ELF program headers. If a user or automated system
    were tricked into verifying a specially crafted ELF program, a
    remote attacker could execute arbitrary code with user privileges.

For the stable distribution (lenny), these problems have been fixed in
version 2.7-18lenny4 of the glibc package.

For the testing distribution (squeeze), these problems will be fixed soon.

For the unstable distribution (sid), these problems has been fixed in
version 2.1.11-1 of the eglibc package.

We recommend that you upgrade your glibc or eglibc packages.