MiracleLinux 7 : glibc-2.17-222.el7 (AXSA:2018-2926:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2926:01 advisory. glibc: realpath buffer underflow when getcwd returns relative path allows privilege escalation CVE-2018-1000001 glibc: Buffer overflow in glob with...

MiracleLinux 7 : glibc-2.17-157.el7 (AXSA:2016-1114:05)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-1114:05 advisory. The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make...

SUSE CVE-2002-0029

Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the 1 getnetbyname, or 2 getnetbyaddr functions, a...

SUSE CVE-2014-9402

The nssdns implementation of getnetbyname in GNU C Library aka glibc before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service infinite loop by sending a positive answer while a network name is being process...

SUSE CVE-2016-3075

Stack-based buffer overflow in the nssdns implementation of the getnetbyname function in GNU C Library aka glibc before 2.24 allows context-dependent attackers to cause a denial of service stack consumption and application crash via a long name...

glibc security, bug fix, and enhancement update

2.17-222 - Restore internal GLIBCPRIVATE symbols for use during upgrades 1523119 2.17-221 - CVE-2018-1000001: Fix realpath buffer underflow 1534635 - i386: Fix unwinding for 32-bit C++ application 1529982 - Reduce thread and dynamic loader stack usage 1527904 - x86-64: Use XSAVE/XSAVEC more often...

glibc: denial of service in getnetbyname function

The nssdns implementation of getnetbyname in GNU C Library aka glibc before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service infinite loop by sending a positive answer while a network name is being process...

glibc: Stack overflow in nss_dns_getnetbyname_r

A stack overflow vulnerability was found in nssdnsgetnetbynamer. On systems with nsswitch configured to include "networks: dns" with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name,...

lib32-glibc: denial of service

CVE-2016-3075 denial of service The getnetbyname implementation in nssdns contains a potentially unbounded alloca call in the form of a call to strdupa, leading to a stack overflow stack exhaustion and a crash if getnetbyname is invoked on a very long name. - CVE-2016-5417 denial of service The...

glibc: denial of service

CVE-2016-3075 denial of service The getnetbyname implementation in nssdns contains a potentially unbounded alloca call in the form of a call to strdupa, leading to a stack overflow stack exhaustion and a crash if getnetbyname is invoked on a very long name. - CVE-2016-5417 denial of service The...

DEBIAN-CVE-2016-3075

Stack-based buffer overflow in the nssdns implementation of the getnetbyname function in GNU C Library aka glibc before 2.24 allows context-dependent attackers to cause a denial of service stack consumption and application crash via a long name...

Stack overflow

Stack-based buffer overflow in the nssdns implementation of the getnetbyname function in GNU C Library aka glibc before 2.24 allows context-dependent attackers to cause a denial of service stack consumption and application crash via a long name...

CVE-2016-3075

Stack-based buffer overflow in the nssdns implementation of the getnetbyname function in GNU C Library aka glibc before 2.24 allows context-dependent attackers to cause a denial of service stack consumption and application crash via a long name...

USN-2985-2: GNU C Library regression

USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for CVE-2014-9761 and a future update will be provided to...

Ubuntu 14.04 LTS : GNU C Library vulnerabilities (USN-2985-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2985-1 advisory. Martin Carpenter discovered that ptchown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain...

USN-2985-1: GNU C Library vulnerabilities

Martin Carpenter discovered that ptchown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information. CVE-2013-2207, CVE-2016-2856 Robin Hack discovered that the Name Service Switch NSS...

CVE-2016-3075

Stack-based buffer overflow in the nssdns implementation of the getnetbyname function in GNU C Library aka glibc before 2.24 allows context-dependent attackers to cause a denial of service stack consumption and application crash via a long name...

UBUNTU-CVE-2016-3075

Stack-based buffer overflow in the nssdns implementation of the getnetbyname function in GNU C Library aka glibc before 2.24 allows context-dependent attackers to cause a denial of service stack consumption and application crash via a long name...

RHEL 5 / 6 / 7 : glibc (CVE-2014-9402)

The remote Red Hat Enterprise Linux host has a version of glibc installed that is similar in patching level to version 2.21 of the official glibc library. It is, therefore, potentially affected by a denial of service vulnerability due to improper handling of alias names supplied to the getnetbyna...

Debian DLA-122-1 : eglibc security update

Avoid infinite loop in nssdns getnetbyname BZ 17630 NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...