CVE-2012-0864

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.

References

http://rhn.redhat.com/errata/RHSA-2012-0393.html

http://rhn.redhat.com/errata/RHSA-2012-0397.html

http://rhn.redhat.com/errata/RHSA-2012-0488.html

http://rhn.redhat.com/errata/RHSA-2012-0531.html

http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6e

http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html

http://www.phrack.org/issues.html?issue=67&id=9#article

http://www.securityfocus.com/bid/52201

https://bugzilla.redhat.com/show_bug.cgi?id=794766

Details

Source: MITRE

Published: 2013-05-02

Updated: 2013-05-03

Type: CWE-189

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
89038VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)NessusMisc.
high
83597SUSE SLES10 Security Update : glibc (SUSE-SU-2013:1287-1)NessusSuSE Local Security Checks
medium
79286RHEL 5 : rhev-hypervisor5 (RHSA-2012:0488)NessusRed Hat Local Security Checks
medium
78922RHEL 6 : rhev-hypervisor6 (RHSA-2012:0531)NessusRed Hat Local Security Checks
high
71167GLSA-201312-01 : GNU C Library: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
70886ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check)NessusMisc.
medium
70885ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check)NessusMisc.
high
69664Amazon Linux AMI : glibc (ALAS-2012-57)NessusAmazon Linux Local Security Checks
medium
68498Oracle Linux 5 : glibc (ELSA-2012-0397)NessusOracle Linux Local Security Checks
medium
68497Oracle Linux 6 : glibc (ELSA-2012-0393)NessusOracle Linux Local Security Checks
medium
63332VMSA-2012-0018 : VMware security updates for vCSA and ESXiNessusVMware ESX Local Security Checks
high
61747VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party librariesNessusVMware ESX Local Security Checks
critical
61285Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20120319)NessusScientific Linux Local Security Checks
medium
61284Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20120315)NessusScientific Linux Local Security Checks
medium
58403CentOS 5 : glibc (CESA-2012:0397)NessusCentOS Local Security Checks
medium
58394RHEL 5 : glibc (RHSA-2012:0397)NessusRed Hat Local Security Checks
medium
58390CentOS 6 : glibc (CESA-2012:0393)NessusCentOS Local Security Checks
medium
58361RHEL 6 : glibc (RHSA-2012:0393)NessusRed Hat Local Security Checks
medium
58318Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : eglibc, glibc vulnerabilities (USN-1396-1)NessusUbuntu Local Security Checks
high
58278Fedora 15 : glibc-2.14.1-6 (2012-2144)NessusFedora Local Security Checks
medium
58157Fedora 17 : glibc-2.15-23.fc17 (2012-2123)NessusFedora Local Security Checks
medium
58124Fedora 16 : glibc-2.14.90-24.fc16.6 (2012-2162)NessusFedora Local Security Checks
medium