GNU libc regcomp buffer overflow / resources exhaustion

Resources exhaustion and buffer overflow on regular expressions like ".10,10,10,10,10,"...

Juniper Networks Junos OS GNU libc GLOB_LIMIT DoS Vulnerability

Remote authenticated users can cause a partial denial of service via crafted glob expressions. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

GNU libc buffer overflow

Buffer overflow in strtod, strtof, strtold, and strtodl string functions...

glibc: ldd unexpected code execution issue

ldd in the GNU C Library aka glibc or libc6 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LDTRACELOADEDOBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion...

glibc: svc_run() produces high cpu usage when accept() fails with EMFILE error

The svcrun function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service CPU consumption via a large number of RPC connections...

glibc: Suid mount helpers fail to anticipate RLIMIT_FSIZE

The addmntent function in the GNU C Library aka glibc or libc6 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small...

0day Exploit Released : Adobe, HP, Sun, Microsoft Interix & many more Vendors FTP hackable !

0day Exploit Released : Adobe, HP, Sun, Microsoft Interix & many more Vendors FTP hackable ! Topic : Multiple Vendors libc/glob3 resource exhaustion +0day remote ftpd-anon CVE : CVE-2010-2632 CWE : CWE-NOMAPPING SecurityRisk : Medium About Remote Exploit : Yes Local Exploit : Yes Victim interacti...

glibc: fix causes linker to search CWD when running privileged program with $ORIGIN in R*PATH

Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library aka glibc or libc6, including glibc-2.5-49.el55.6 and glibc-2.12-1.7.el60.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object DSO...

GNU libc/regcomp(3) Multiple Vulnerabilities

Exploit for linux platform in category dos / poc -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GNU libc/regcomp3 Multiple Vulnerabilities Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 01.10.2010 - - Pub.: 07.01.2011 CERT: VU912279 CVE: CVE-2010-4051...

GNU libc/regcomp(3) Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GNU libc/regcomp3 Multiple Vulnerabilities Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 01.10.2010 - - Pub.: 07.01.2011 CERT: VU912279 CVE: CVE-2010-4051 CVE-2010-4052 Affected tested: - - Ubuntu 10.10 - ...

GNU libcregcomp(3) - Multiple Vulnerabilities

GNU libcregcomp3 - Multiple Vulnerabilities // source: http://securityreason.com/securityalert/8003 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GNU libc/regcomp3 Multiple Vulnerabilities Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 01.10.2010 - -...

GNU libc/regcomp(3) - Multiple Vulnerabilities

// source: http://securityreason.com/securityalert/8003 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GNU libc/regcomp3 Multiple Vulnerabilities Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 01.10.2010 - - Pub.: 07.01.2011 CERT: VU912279 CVE:...

GNU libc regcomp() stack exhaustion denial of service

Overview The regcomp function of GNU libc is susceptible to stack exhaustion which may result in a denial of service. Description It is possible to trigger deep recursion which results in stack exhaustion. An example trigger is: grep -E ".10,10,10,10,10," --- Impact An attacker may be able to...

UBUNTU-CVE-2010-3192

Certain run-time memory protection mechanisms in the GNU C Library aka glibc or libc6 print argv0 and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program tha...

Multiple Vendors libc/glob(3) Resource Exhaustion

Source: http://securityreason.com/securityalert/7822 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vendors libc/glob3 resource exhaustion +0day remote ftpd-anon Author: Maksymilian Arciemowicz http://netbsd.org/donations/ http://securityreason.com/ http://cxib.net/ Date: - - Dis.:...

FTP Flaw Could Disable Wide Range of Servers

FTP Flaw Could Disable Wide Range of Servers An easily exploitable flaw exists that could enable an anonymous hacker to cause a denial of service on many common FTP server platforms , including some public FTP servers run by software giants Adobe and HP, according to a report published by...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

DSA-1605-1 glibc - DNS cache poisoning

Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS spoofing and cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. At this time, it is not possible to implement the recommended...

inet_network() off-by-one buffer overflow

Overview The inetnetwork resolver function contains an off-by-one buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The inetnetwork function takes a character string representation for an internet address and returns...

Debian Security Advisory DSA 039-1 (glibc)

The remote host is missing an update to glibc announced via advisory DSA 039-1. OpenVAS Vulnerability Test $Id: deb0391.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 039-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...