exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2013-283

Mandriva Linux Security Advisory 2013-283
Posted Nov 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-283 - Updated glibc packages fix multiple security issues. Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. pt_chown in GNU C Library before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, local
systems | linux, mandriva
advisories | CVE-2012-4412, CVE-2012-4424, CVE-2013-2207, CVE-2013-4237, CVE-2013-4332, CVE-2013-4458, CVE-2013-4788
SHA-256 | 1c82e380a68105a8faa750720b4e2f2251bb1cd7f4dd03f29ae8a02d1b90188b

Mandriva Linux Security Advisory 2013-283

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:283
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : glibc
Date : November 25, 2013
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated glibc packages fixes the following security issues:

Integer overflow in string/strcoll_l.c in the GNU C Library (aka
glibc or libc6) 2.17 and earlier allows context-dependent attackers
to cause a denial of service (crash) or possibly execute arbitrary
code via a long string, which triggers a heap-based buffer overflow
(CVE-2012-4412).

Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library
(aka glibc or libc6) 2.17 and earlier allows context-dependent
attackers to cause a denial of service (crash) or possibly execute
arbitrary code via a long string that triggers a malloc failure and
use of the alloca function (CVE-2012-4424).

pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not
properly check permissions for tty files, which allows local users
to change the permission on the files and obtain access to arbitrary
pseudo-terminals by leveraging a FUSE file system (CVE-2013-2207).
NOTE! This is fixed by removing pt_chown wich may break chroots if
their devpts was not mounted correctly (make sure to mount the devpts
correctly with gid=5).

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6)
2.18 and earlier allows context-dependent attackers to cause a
denial of service (out-of-bounds write and crash) or possibly
execute arbitrary code via a crafted (1) NTFS or (2) CIFS image
(CVE-2013-4237).

Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka
glibc or libc6) 2.18 and earlier allow context-dependent attackers to
cause a denial of service (heap corruption) via a large value to the
(1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5)
aligned_alloc functions (CVE-2013-4332).

A stack (frame) overflow flaw, which led to a denial of service
(application crash), was found in the way glibc's getaddrinfo()
function processed certain requests when called with AF_INET6. A
similar flaw to CVE-2013-1914, this affects AF_INET6 rather than
AF_UNSPEC (CVE-2013-4458).

The PTR_MANGLE implementation in the GNU C Library (aka glibc or
libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not
initialize the random value for the pointer guard, which makes it
easier for context- dependent attackers to control execution flow by
leveraging a buffer-overflow vulnerability in an application and using
the known zero value pointer guard to calculate a pointer address
(CVE-2013-4788).

Other fixes in this update:
- Correct the processing of '\x80' characters in crypt_freesec.c
- fix typo in nscd.service
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788
http://advisories.mageia.org/MGASA-2013-0340.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
55e626f90fc3cf28ab6ec66ab762b12f mbs1/x86_64/glibc-2.14.1-12.2.mbs1.x86_64.rpm
fece70755163abb58742056a4f4e3773 mbs1/x86_64/glibc-devel-2.14.1-12.2.mbs1.x86_64.rpm
a84eb58b428b2413863c8b90af89ac25 mbs1/x86_64/glibc-doc-2.14.1-12.2.mbs1.noarch.rpm
f1630ad8a642250f4d067b207cd86e91 mbs1/x86_64/glibc-doc-pdf-2.14.1-12.2.mbs1.noarch.rpm
80aae07c11abca7d1aef77c8c6bb85d2 mbs1/x86_64/glibc-i18ndata-2.14.1-12.2.mbs1.x86_64.rpm
681d1f18d54f927d1468d01431cdeee4 mbs1/x86_64/glibc-profile-2.14.1-12.2.mbs1.x86_64.rpm
73c26fe8c0598539cbd8600b6ae5426c mbs1/x86_64/glibc-static-devel-2.14.1-12.2.mbs1.x86_64.rpm
6c966f5e50d38d244ed23595035be72d mbs1/x86_64/glibc-utils-2.14.1-12.2.mbs1.x86_64.rpm
d6b26cd43c42324daf59e75eabbc2db1 mbs1/x86_64/nscd-2.14.1-12.2.mbs1.x86_64.rpm
912e1f62eb8aeb0dd8745c83c1c97bb9 mbs1/SRPMS/glibc-2.14.1-12.2.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSk2OPmqjQ0CJFipgRAvzSAKClrxohP1OnDDzsK3svdKfJVt1GIACdF6BM
4x5viyElHwYu41tPVQmK/zg=
=aggK
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close