Ubuntu Security Notice (C) 2010-2013 Canonical, Inc. / NASL script (C) 2010-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
Maksymilian Arciemowicz discovered that the GNU C library did not
correctly handle integer overflows in the strfmon function. If a user
or automated system were tricked into processing a specially crafted
format string, a remote attacker could crash applications, leading to
a denial of service. (Ubuntu 10.04 was not affected.) (CVE-2008-1391)
Jeff Layton and Dan Rosenberg discovered that the GNU C library did
not correctly handle newlines in the mntent family of functions. If a
local attacker were able to inject newlines into a mount entry through
other vulnerable mount helpers, they could disrupt the system or
possibly gain root privileges. (CVE-2010-0296)
Dan Rosenberg discovered that the GNU C library did not correctly
validate certain ELF program headers. If a user or automated system
were tricked into verifying a specially crafted ELF program, a remote
attacker could execute arbitrary code with user privileges.
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.9
Public Exploit Available : true