169 matches found
Debian DLA-707-1 : sudo security update
It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system, popen or wordexp C library functions with a user-supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw...
sudo -- Potential bypass of sudo_noexec.so via wordexp()
Todd C. Miller reports: A flaw exists in sudo's noexec functionality that may allow a user with sudo privileges to run additional commands even when the NOEXEC tag has been applied to a command that uses the wordexp function...
CVE-2016-7076
It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute...
SUSE SLES10 Security Update : glibc (SUSE-SU-2015:0550-1)
glibc has been updated to fix four security issues : - CVE-2014-0475: Directory traversal in locale environment handling bnc887022 - CVE-2014-7817: wordexp failed to honour WRDENOCMD bsc906371 - CVE-2014-9402: Avoid infinite loop in nssdns getnetbyname bsc910599 - CVE-2015-1472: Fixed buffer...
Debian DLA-97-1 : eglibc security update
CVE-2012-6656 Fix validation check when converting from ibm930 to utf. When converting IBM930 code with iconv, if IBM930 code which includes invalid multibyte character '0xffff' is specified, then iconv segfaults. CVE-2014-6040 Crashes on invalid input in IBM gconv modules BZ 17325 These changes...
Oracle Linux 7 : glibc (ELSA-2015-0327)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0327 advisory. - Fix parsing of numeric hosts in gethostbynamer CVE-2015-0235, 1183545. - Prevent NSS-based file backend from entering infinite loop when different AP...
SuSE 11.3 Security Update : glibc (SAT Patch Number 10357)
glibc has ben updated to fix three security issues : - wordexp failed to honour WRDENOCMD bsc906371. CVE-2014-7817 - Fixed invalid file descriptor reuse while sending DNS query bsc915526. CVE-2013-7423 - Fixed buffer overflow in wscanf bsc916222 These non-security issues have been fixed:...
RedHat Update for glibc RHSA-2015:0016-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 6 : glibc (CESA-2015:0016)
Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
Medium: glibc
Issue Overview: An out-of-bounds read flaw was found in the way glibc's iconv function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv function with a specially crafted argument could use this flaw to crash that application. CVE-2014-6040 It was fou...
glibc, nscd security update
CentOS Errata and Security Advisory CESA-2015:0016 Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...
glibc: command execution in wordexp() with WRDE_NOCMD specified
It was found that the wordexp function would perform command substitution even when the WRDENOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp function, and not sanitizing the input correctly, could potentially use this flaw to execut...
glibc security and bug fix update
2.12-1.149.4 - Fix recursive dlopen 1173469. 2.12-1.149.3 - Fix typo in ressend and resquery rh1172023. 2.12-1.149.2 - Fix crashes on invalid input in IBM gconv modules CVE-2014-6040, 1139571. 2.12-1.149.1 - Fix wordexp to honour WRDENOCMD CVE-2014-7817, 1170121...
glibc: command execution in wordexp() with WRDE_NOCMD specified
It was found that the wordexp function would perform command substitution even when the WRDENOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp function, and not sanitizing the input correctly, could potentially use this flaw to execut...
glibc security and bug fix update
2.17-55.0.4.el70.3 - Remove strstr and strcasestr implementations using sse4.2 instructions. - Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported. Jose E. Marchesi 2.17-55.3 - Fix wordexp to honour WRDENOCMD CVE-2014-7817, 1170118...
Ubuntu 14.04 LTS : GNU C Library vulnerabilities (USN-2432-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2432-1 advisory. Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could...
USN-2432-1 eglibc, glibc vulnerabilities
Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12....
GNU glibc code execution
wordexp function code execution...
[SECURITY] [DLA 97-1] eglibc security update
Package : eglibc Version : 2.11.3-4+deb6u2 CVE ID : CVE-2012-6656 CVE-2014-6040 CVE-2014-7817 CVE-2012-6656 Fix validation check when converting from ibm930 to utf. When converting IBM930 code with iconv, if IBM930 code which includes invalid multibyte character "0xffff" is specified, then iconv...
DLA-97-1 eglibc - security update
Bulletin has no description...