Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux SE 1.5
Astra Linux SE 1.6
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:14640
[Rus]
Version
7
Class
patch
ALTXid
144558
Language
English
Severity
Critical
Title
USN-2985-2 -- GNU C Library regression
Description
USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for
CVE-2014-9761 introduced a regression which affected applications that
use the libm library but were not fully restarted after the upgrade.
This update removes the fix for CVE-2014-9761 and a future update
will be provided to address this issue.
Family
unix
Platform
Linux Mint 17
Ubuntu 12.04
Ubuntu 14.04
Ubuntu 15.10
Product
eglibc
glibc
Reference
VENDOR: USN-2985-2
VENDOR: USN-2985-2
Id:
USN-2985-2
Reference:
http://www.ubuntu.com/usn/usn-2985-2/
CVE: CVE-2014-9761
CVE: CVE-2014-9761
Id:
CVE-2014-9761
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9761
Comment
: Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
openSUSE-SU-2016:0510 (SUSE)
SUSE-SU-2016:0471 (SUSE)
SUSE-SU-2016:0472 (SUSE)
SUSE-SU-2016:0473 (SUSE)
[oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23 (MLIST)
[libc-alpha] 20160219 The GNU C Library version 2.23 is now available (MLIST)
[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23 (MLIST)
SUSE-SU-2016:0470 (SUSE)
https://sourceware.org/bugzilla/show_bug.cgi?id=16962 (CONFIRM)
USN-2985-2 (UBUNTU)
USN-2985-1 (UBUNTU)
FEDORA-2016-68abc0be35 (FEDORA)
83306 (BID)
GLSA-201702-11 (GENTOO)
RHSA-2017:1916 (REDHAT)
RHSA-2017:0680 (REDHAT)
20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (FULLDISC)
20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (BUGTRAQ)
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html (MISC)
20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (FULLDISC)
20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (BUGTRAQ)
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html (MISC)
CVE: CVE-2013-2207
CVE: CVE-2013-2207
Id:
CVE-2013-2207
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2207
Comment
: pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
CVSSv2 Score:
2.6
Access vector:
LOCAL
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:H/Au:N/C:P/I:P/A:N
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
[libc-alpha] 20130812 The GNU C Library version 2.18 is now available (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=976408 (CONFIRM)
https://sourceware.org/bugzilla/show_bug.cgi?id=15755 (CONFIRM)
55113 (SECUNIA)
MDVSA-2013:283 (MANDRIVA)
SUSE-SU-2015:1424 (SUSE)
SUSE-SU-2016:0470 (SUSE)
USN-2985-2 (UBUNTU)
USN-2985-1 (UBUNTU)
GLSA-201503-04 (GENTOO)
CVE: CVE-2016-2856
CVE: CVE-2016-2856
Id:
CVE-2016-2856
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2856
Comment
: pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
8.4
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403 (CONFIRM)
[oss-security] 20160223 Access to /dev/pts devices via pt_chown and user namespaces (MLIST)
http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/ (MISC)
[oss-security] 20160306 Re: Access to /dev/pts devices via pt_chown and user namespaces (MLIST)
http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958 (CONFIRM)
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2856.html (CONFIRM)
USN-2985-2 (UBUNTU)
USN-2985-1 (UBUNTU)
84601 (BID)
CVE: CVE-2014-8121
CVE: CVE-2014-8121
Id:
CVE-2014-8121
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8121
Comment
: DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
17 (Code)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1165192 (CONFIRM)
RHSA-2015:0327 (REDHAT)
[libc-alpha] 20150223 [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007] (MLIST)
SUSE-SU-2015:1424 (SUSE)
SUSE-SU-2016:0470 (SUSE)
USN-2985-2 (UBUNTU)
USN-2985-1 (UBUNTU)
GLSA-201602-02 (GENTOO)
73038 (BID)
DSA-3480 (DEBIAN)
CVE: CVE-2015-1781
CVE: CVE-2015-1781
Id:
CVE-2015-1781
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1781
Comment
: Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://sourceware.org/bugzilla/show_bug.cgi?id=18287 (CONFIRM)
[libc-alpha] 20150814 The GNU C Library version 2.22 is now available (MLIST)
SUSE-SU-2015:1424 (SUSE)
RHSA-2015:0863 (REDHAT)
74255 (BID)
SUSE-SU-2016:0470 (SUSE)
USN-2985-2 (UBUNTU)
USN-2985-1 (UBUNTU)
GLSA-201602-02 (GENTOO)
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html (CONFIRM)
1032178 (SECTRACK)
DSA-3480 (DEBIAN)
FEDORA-2016-0480defc94 (FEDORA)
https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=2959eda9272a03386 (MISC)
CVE: CVE-2015-5277
CVE: CVE-2015-5277
Id:
CVE-2015-5277
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5277
Comment
: The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1262914 (CONFIRM)
https://sourceware.org/bugzilla/show_bug.cgi?id=17079 (CONFIRM)
1034196 (SECTRACK)
RHSA-2015:2172 (REDHAT)
[libc-alpha] 20140909 The GNU C Library version 2.20 is now available (MLIST)
USN-2985-2 (UBUNTU)
USN-2985-1 (UBUNTU)
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html (CONFIRM)
78092 (BID)
GLSA-201702-11 (GENTOO)
20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (FULLDISC)
20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (BUGTRAQ)
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html (MISC)
CVE: CVE-2015-8776
CVE: CVE-2015-8776
Id:
CVE-2015-8776
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8776
Comment
: The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
CVSSv2 Score:
6.4
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSSv3 Score:
9.1
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE:
189 (Numeric Errors)
References:
FEDORA-2016-68abc0be35 (FEDORA)
SUSE-SU-2016:0470 (SUSE)
SUSE-SU-2016:0471 (SUSE)
SUSE-SU-2016:0472 (SUSE)
SUSE-SU-2016:0473 (SUSE)
openSUSE-SU-2016:0510 (SUSE)
RHSA-2017:0680 (REDHAT)
DSA-3480 (DEBIAN)
DSA-3481 (DEBIAN)
[oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23 (MLIST)
[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23 (MLIST)
83277 (BID)
USN-2985-1 (UBUNTU)
USN-2985-2 (UBUNTU)
RHSA-2017:1916 (REDHAT)
GLSA-201602-02 (GENTOO)
GLSA-201702-11 (GENTOO)
https://sourceware.org/bugzilla/show_bug.cgi?id=18985 (CONFIRM)
[libc-alpha] 20160219 The GNU C Library version 2.23 is now available (MLIST)
CVE: CVE-2015-8777
CVE: CVE-2015-8777
Id:
CVE-2015-8777
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8777
Comment
: The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:N
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE:
254 (Security Features)
References:
http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html (MISC)
FEDORA-2016-0480defc94 (FEDORA)
SUSE-SU-2016:0470 (SUSE)
SUSE-SU-2016:0471 (SUSE)
SUSE-SU-2016:0472 (SUSE)
SUSE-SU-2016:0473 (SUSE)
DSA-3480 (DEBIAN)
[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23 (MLIST)
81469 (BID)
1034811 (SECTRACK)
USN-2985-1 (UBUNTU)
USN-2985-2 (UBUNTU)
RHSA-2017:1916 (REDHAT)
GLSA-201702-11 (GENTOO)
https://sourceware.org/bugzilla/show_bug.cgi?id=18928 (CONFIRM)
CVE: CVE-2015-8778
CVE: CVE-2015-8778
Id:
CVE-2015-8778
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8778
Comment
: Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
FEDORA-2016-68abc0be35 (FEDORA)
SUSE-SU-2016:0470 (SUSE)
SUSE-SU-2016:0471 (SUSE)
SUSE-SU-2016:0472 (SUSE)
SUSE-SU-2016:0473 (SUSE)
openSUSE-SU-2016:0510 (SUSE)
RHSA-2017:0680 (REDHAT)
DSA-3480 (DEBIAN)
DSA-3481 (DEBIAN)
[oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23 (MLIST)
[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23 (MLIST)
83275 (BID)
USN-2985-1 (UBUNTU)
USN-2985-2 (UBUNTU)
RHSA-2017:1916 (REDHAT)
GLSA-201602-02 (GENTOO)
GLSA-201702-11 (GENTOO)
https://sourceware.org/bugzilla/show_bug.cgi?id=18240 (CONFIRM)
[libc-alpha] 20160219 The GNU C Library version 2.23 is now available (MLIST)
CVE: CVE-2015-8779
CVE: CVE-2015-8779
Id:
CVE-2015-8779
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8779
Comment
: Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
FEDORA-2016-68abc0be35 (FEDORA)
SUSE-SU-2016:0470 (SUSE)
SUSE-SU-2016:0471 (SUSE)
SUSE-SU-2016:0472 (SUSE)
SUSE-SU-2016:0473 (SUSE)
openSUSE-SU-2016:0510 (SUSE)
RHSA-2017:0680 (REDHAT)
DSA-3480 (DEBIAN)
DSA-3481 (DEBIAN)
[oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23 (MLIST)
[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23 (MLIST)
82244 (BID)
USN-2985-1 (UBUNTU)
USN-2985-2 (UBUNTU)
RHSA-2017:1916 (REDHAT)
GLSA-201602-02 (GENTOO)
GLSA-201702-11 (GENTOO)
https://sourceware.org/bugzilla/show_bug.cgi?id=17905 (CONFIRM)
[libc-alpha] 20160219 The GNU C Library version 2.23 is now available (MLIST)
CVE: CVE-2016-3075
CVE: CVE-2016-3075
Id:
CVE-2016-3075
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3075
Comment
: Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
USN-2985-1 (UBUNTU)
https://sourceware.org/bugzilla/show_bug.cgi?id=19879 (CONFIRM)
FEDORA-2016-68abc0be35 (FEDORA)
openSUSE-SU-2016:1527 (SUSE)
85732 (BID)
openSUSE-SU-2016:1779 (SUSE)
GLSA-201702-11 (GENTOO)
RHSA-2016:2573 (REDHAT)
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=317b199b4aff8cfa27f2302ab404d2bb5032b9a4 ()
Content available only for registered users!
ovaldb@altx-soft.com