The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html
http://seclists.org/fulldisclosure/2019/Jun/18
http://seclists.org/fulldisclosure/2019/Sep/7
http://www.mandriva.com/security/advisories?name=MDVSA-2014:152
http://www.securityfocus.com/bid/68006
https://bugzilla.redhat.com/show_bug.cgi?id=1109263
https://exchange.xforce.ibmcloud.com/vulnerabilities/93784
https://seclists.org/bugtraq/2019/Jun/14
https://seclists.org/bugtraq/2019/Sep/7
https://security.gentoo.org/glsa/201503-04
https://sourceware.org/bugzilla/show_bug.cgi?id=17048
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362
OR
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* versions up to 2.19 (inclusive)
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
129223 | EulerOS 2.0 SP3 : glibc (EulerOS-SA-2019-2030) | Nessus | Huawei Local Security Checks | high |
126849 | EulerOS 2.0 SP2 : glibc (EulerOS-SA-2019-1721) | Nessus | Huawei Local Security Checks | high |
126294 | EulerOS 2.0 SP5 : glibc (EulerOS-SA-2019-1667) | Nessus | Huawei Local Security Checks | high |
85433 | openSUSE Security Update : glibc (openSUSE-2015-544) | Nessus | SuSE Local Security Checks | high |
83675 | SUSE SLES10 Security Update : glibc (SUSE-SU-2015:0170-1) | Nessus | SuSE Local Security Checks | high |
83674 | SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0167-1) | Nessus | SuSE Local Security Checks | high |
83638 | SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1128-1) | Nessus | SuSE Local Security Checks | high |
83637 | SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1122-1) | Nessus | SuSE Local Security Checks | high |
82421 | Mandriva Linux Security Advisory : glibc (MDVSA-2015:168) | Nessus | Mandriva Local Security Checks | high |
82149 | Debian DLA-165-1 : eglibc security update | Nessus | Debian Local Security Checks | high |
81689 | GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST) | Nessus | Gentoo Local Security Checks | high |
81448 | Debian DSA-3169-1 : eglibc - security update | Nessus | Debian Local Security Checks | high |
78656 | Slackware 14.1 / current : glibc (SSA:2014-296-01) | Nessus | Slackware Local Security Checks | high |
77568 | Ubuntu 10.04 LTS : eglibc regression (USN-2306-3) | Nessus | Ubuntu Local Security Checks | high |
77040 | Mandriva Linux Security Advisory : glibc (MDVSA-2014:152) | Nessus | Mandriva Local Security Checks | high |
77019 | Ubuntu 10.04 LTS : eglibc regression (USN-2306-2) | Nessus | Ubuntu Local Security Checks | high |
76999 | Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : eglibc vulnerabilities (USN-2306-1) | Nessus | Ubuntu Local Security Checks | high |
76604 | SuSE 11.3 Security Update : glibc (SAT Patch Number 9477) | Nessus | SuSE Local Security Checks | high |