5.1

CVE-2011-1071

Exploit
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuEglibc
GnuGlibc Version <= 2.12.1
GnuGlibc Version1.00
GnuGlibc Version1.01
GnuGlibc Version1.02
GnuGlibc Version1.03
GnuGlibc Version1.04
GnuGlibc Version1.05
GnuGlibc Version1.06
GnuGlibc Version1.07
GnuGlibc Version1.08
GnuGlibc Version1.09
GnuGlibc Version1.09.1
GnuGlibc Version2.0
GnuGlibc Version2.0.1
GnuGlibc Version2.0.2
GnuGlibc Version2.0.3
GnuGlibc Version2.0.4
GnuGlibc Version2.0.5
GnuGlibc Version2.0.6
GnuGlibc Version2.1
GnuGlibc Version2.1.1
GnuGlibc Version2.1.1.6
GnuGlibc Version2.1.2
GnuGlibc Version2.1.3
GnuGlibc Version2.1.3.10
GnuGlibc Version2.1.9
GnuGlibc Version2.2
GnuGlibc Version2.2.1
GnuGlibc Version2.2.2
GnuGlibc Version2.2.3
GnuGlibc Version2.2.4
GnuGlibc Version2.2.5
GnuGlibc Version2.3
GnuGlibc Version2.3.1
GnuGlibc Version2.3.2
GnuGlibc Version2.3.3
GnuGlibc Version2.3.4
GnuGlibc Version2.3.5
GnuGlibc Version2.3.6
GnuGlibc Version2.3.10
GnuGlibc Version2.4
GnuGlibc Version2.5
GnuGlibc Version2.5.1
GnuGlibc Version2.6
GnuGlibc Version2.6.1
GnuGlibc Version2.7
GnuGlibc Version2.8
GnuGlibc Version2.9
GnuGlibc Version2.10
GnuGlibc Version2.10.1
GnuGlibc Version2.10.2
GnuGlibc Version2.11
GnuGlibc Version2.11.1
GnuGlibc Version2.11.2
GnuGlibc Version2.11.3
GnuGlibc Version2.12.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.32% 0.961
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/46397
Vendor Advisory
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://secunia.com/advisories/43830
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0412.html
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0863
Vendor Advisory
http://code.google.com/p/chromium/issues/detail?id=48733
Exploit
http://secunia.com/advisories/43989
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
http://www.redhat.com/support/errata/RHSA-2011-0413.html
Vendor Advisory
http://bugs.debian.org/615120
Exploit
http://openwall.com/lists/oss-security/2011/02/26/3
http://openwall.com/lists/oss-security/2011/02/28/11
Exploit
http://openwall.com/lists/oss-security/2011/02/28/15
http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html
Exploit
http://seclists.org/fulldisclosure/2011/Feb/635
Exploit
http://seclists.org/fulldisclosure/2011/Feb/644
Patch
http://secunia.com/advisories/43492
Vendor Advisory
http://securityreason.com/securityalert/8175
http://securitytracker.com/id?1025290
http://sourceware.org/bugzilla/show_bug.cgi?id=11883
Exploit
http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=f15ce4d8dc139523fe0c273580b604b2453acba6
http://www.securityfocus.com/bid/46563
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=681054
Patch
Exploit
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853