OSVDB ID: 84710

Title: GNU C Library (glibc) Multiple Function Input String Parsing Multiple Remote Overflow

Info

Disclosure

Aug 12, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

GNU C Library (glibc) is prone to an overflow condition. This issue is triggered by integer overflows in the strtod(), strtof(), strtold(), and strtod_l() functions when parsing input strings, which will result in a buffer overflow. With a specially crafted overly long string, a remote attacker can potentially execute arbitrary code.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Vendor Verified

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Free Software Foundation

GNU C Library (glibc)

2.16

References

Security Tracker: 1027374
CVE ID: 2012-3480 (see also: NVD)
Secunia Advisory ID: 50201 50422 50831 51555 51556 51920
Bugtraq ID: 54982
Packet Storm: http://packetstormsecurity.com/files/121558/Mandriva-Linux-Security-Advisory-2013-162.html
http://packetstormsecurity.org/files/119011/VMware-Security-Advisory-2012-0018.html
Mail List Post: http://seclists.org/bugtraq/2012/Dec/126
http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html
Vendor Specific Advisory URL: http://sourceware.org/bugzilla/show_bug.cgi?id=14459
http://www.vmware.com/security/advisories/VMSA-2012-0018.html
https://downloads.avaya.com/css/P8/documents/100167371
Vendor Specific News/Changelog Entry: http://www.ubuntu.com/usn/usn-1589-1/
https://downloads.avaya.com/css/P8/documents/100167371
RedHat RHSA: RHSA-2012-1207 RHSA-2012-1208

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/84710