453 matches found
glibc: getaddrinfo() writes DNS queries to random file descriptors under high load
It was discovered that, under certain circumstances, glibc's getaddrinfo function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application...
CVE-2013-7424
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AIIDN flag is used, allows context-dependent attackers to cause a denial of service invalid free and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to pin...
Code injection
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AIIDN flag is used, allows context-dependent attackers to cause a denial of service invalid free and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to pin...
UBUNTU-CVE-2013-7424
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AIIDN flag is used, allows context-dependent attackers to cause a denial of service invalid free and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to pin...
CVE-2013-7424
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AIIDN flag is used, allows context-dependent attackers to cause a denial of service invalid free and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to pin...
DEBIAN-CVE-2013-7424
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AIIDN flag is used, allows context-dependent attackers to cause a denial of service invalid free and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to pin...
CVE-2013-7424
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AIIDN flag is used, allows context-dependent attackers to cause a denial of service invalid free and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to pin...
CVE-2013-7424
CVE-2013-7424 affects the GNU C Library (glibc) getaddrinfo when compiled with libidn and the AI_IDN flag, allowing context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code. Affected product context in connected sources centers on glibc usage wit...
Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20150817)
An invalid free flaw was found in glibc's getaddrinfo function when used with the AIIDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected...
RedHat Update for glibc RHSA-2015:1627-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 5 : glibc (ELSA-2015-1627)
The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-1627 advisory. - Fix invalid-free when using getaddrinfo and AIIDN CVE-2013-7424, Tenable has extracted the preceding description block directly from the Oracle Linux security...
CentOS Update for glibc CESA-2015:1627 centos5
Check the version of glibc SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882247";...
glibc, nscd security update
CentOS Errata and Security Advisory CESA-2015:1627 Updated glibc packages that fix one security issue are now available for Red Hat Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
Moderate: Red Hat Security Advisory: glibc security update
Updated glibc packages that fix one security issue are now available for Red Hat Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the CVE lin...
glibc: Invalid-free when using getaddrinfo()
An invalid free flaw was found in glibc's getaddrinfo function when used with the AIIDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected...
glibc security update
2.5-123.0.1.el511.3 - Switch to use malloc when the input line is too long Orabug 19951108 Jason Luan - Use a /sys/devices/system/cpu/online for SCNPROCESSORSONLN implementation Orabug 17642251 Joe Jin 2.5-123.3 - Fix invalid-free when using getaddrinfo and AIIDN CVE-2013-7424, 2.5-123.1 - Fix...
ISC BIND 9 - TKEY (PoC)
/ PoC for BIND9 TKEY assert Dos CVE-2015-5477 Usage: tkill What it does: - First sends a "version" query to see if the server is up. - Regardless of the version response, it then sends the DoS packet. - Then it waits 5 seconds for a response. If the server crashes, there will be no response. Note...
SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2015:0526-1)
glibc has been updated to fix four security issues. These security issues were fixed : - CVE-2014-7817: The wordexp function in GNU C Library aka glibc 2.21 did not enforce the WRDENOCMD flag, which allowed context-dependent attackers to execute arbitrary commands, as demonstrated by input...
GNU glibc security vulnerabilities
пgethostbynamer buffer overflow, getaddrinfo race conditions...
Mandriva Linux Security Advisory : glibc (MDVSA-2015:218)
Multiple vulnerabilities has been found and corrected in glibc : It was discovered that, under certain circumstances, glibc's getaddrinfo\ function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resultin...