5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
glibc is vulnerable to arbitrary code execution. It was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application.
bugs.debian.org/615120
code.google.com/p/chromium/issues/detail?id=48733
openwall.com/lists/oss-security/2011/02/26/3
openwall.com/lists/oss-security/2011/02/28/11
openwall.com/lists/oss-security/2011/02/28/15
scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html
seclists.org/fulldisclosure/2011/Feb/635
seclists.org/fulldisclosure/2011/Feb/644
secunia.com/advisories/43492
secunia.com/advisories/43830
secunia.com/advisories/43989
secunia.com/advisories/46397
securityreason.com/securityalert/8175
securitytracker.com/id?1025290
sourceware.org/bugzilla/show_bug.cgi?id=11883
sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=f15ce4d8dc139523fe0c273580b604b2453acba6
sourceware.org/git/?p=glibc.git;a=commit;h=f15ce4d8dc139523fe0c273580b604b2453acba6
www.mandriva.com/security/advisories?name=MDVSA-2011:178
www.redhat.com/support/errata/RHSA-2011-0412.html
www.redhat.com/support/errata/RHSA-2011-0413.html
www.securityfocus.com/archive/1/520102/100/0/threaded
www.securityfocus.com/bid/46563
www.vmware.com/security/advisories/VMSA-2011-0012.html
www.vupen.com/english/advisories/2011/0863
access.redhat.com/errata/RHSA-2011:0412
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=681054
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853