exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2013-4332

Status Candidate

Overview

Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.

Related Files

Gentoo Linux Security Advisory 201503-04
Posted Mar 9, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201503-4 - Multiple vulnerabilities have been found in GNU C Library, the worst of which allowing a local attacker to execute arbitrary code or cause a Denial of Service. Versions less than 2.19-r1 are affected.

tags | advisory, denial of service, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2012-3404, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480, CVE-2012-4412, CVE-2012-4424, CVE-2012-6656, CVE-2013-0242, CVE-2013-1914, CVE-2013-2207, CVE-2013-4237, CVE-2013-4332, CVE-2013-4458, CVE-2013-4788, CVE-2014-4043, CVE-2015-0235
SHA-256 | 3be887081cfadc048cd5dd2fed5fc98110f1b24cf929e8adeeecd9c308657613
VMware Security Advisory 2014-0002
Posted Mar 12, 2014
Authored by VMware | Site vmware.com

VMware Security Advisory 2014-0002 - VMware has updated vSphere third party libraries.

tags | advisory
advisories | CVE-2013-4332, CVE-2013-5211
SHA-256 | f68785a86cf03bdcb6949e31e03b46c73a1eada57e4d11d2ee15b03dcb905f3f
Mandriva Linux Security Advisory 2013-284
Posted Nov 26, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-284 - Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service via a large value to the aligned_alloc functions. A stack overflow flaw, which led to a denial of service (application crash), was found in the way glibc's getaddrinfo() function processed certain requests when called with AF_INET6. A similar flaw to this affects AF_INET6 rather than AF_UNSPEC. The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC does not initialize the random value for the pointer guard, which makes it easier for context- dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-4412, CVE-2012-4424, CVE-2013-4332, CVE-2013-4458, CVE-2013-4788
SHA-256 | 00fea704bf1f1055d112be7b211b292f2d6fed3a9a06d1f22b451064014e9b25
Mandriva Linux Security Advisory 2013-283
Posted Nov 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-283 - Updated glibc packages fix multiple security issues. Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. pt_chown in GNU C Library before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, local
systems | linux, mandriva
advisories | CVE-2012-4412, CVE-2012-4424, CVE-2013-2207, CVE-2013-4237, CVE-2013-4332, CVE-2013-4458, CVE-2013-4788
SHA-256 | 1c82e380a68105a8faa750720b4e2f2251bb1cd7f4dd03f29ae8a02d1b90188b
Red Hat Security Advisory 2013-1605-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1605-02 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions. If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat, osx
advisories | CVE-2013-0242, CVE-2013-1914, CVE-2013-4332
SHA-256 | daf7b810ca339f4203738b3d995a41e50c8f3237d997d559ea32ef846fec988d
Ubuntu Security Notice USN-1991-1
Posted Oct 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1991-1 - It was discovered that the GNU C Library incorrectly handled the strcoll() function. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. It was discovered that the GNU C Library incorrectly handled multibyte characters in the regular expression matcher. An attacker could use this issue to cause a denial of service. It was discovered that the GNU C Library incorrectly handled large numbers of domain conversion results in the getaddrinfo() function. An attacker could use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-0242, CVE-2013-1914, CVE-2013-4237, CVE-2013-4332, CVE-2012-4412, CVE-2012-4424, CVE-2013-0242, CVE-2013-1914, CVE-2013-4237, CVE-2013-4332
SHA-256 | 9a3faf4d014c0ecc32760724cade9dbcc4a41d949e21274c41bba46d64866b9f
Red Hat Security Advisory 2013-1411-01
Posted Oct 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1411-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions. If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat, osx
advisories | CVE-2013-4332
SHA-256 | 9c1b6ecde67c864702835dfa3c866327c6d8572763bc1bdbc5ddd0e3ce9ab320
Slackware Security Advisory - glibc Updates
Posted Sep 19, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4332
SHA-256 | 4be24f840f572fb691ede47d78c81bed25a1b4f21cd556207faf96e20152327f
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close