USN-944-1 -- glibc, eglibc vulnerabilitiesID: oval:org.secpod.oval:def:700063 | Date: (C)2011-01-28 (M)2024-04-17 |
Class: PATCH | Family: unix |
Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon function. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service. Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges. Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges
Platform: |
Ubuntu 8.04 |
Ubuntu 10.04 |
Ubuntu 9.10 |
Ubuntu 6.06 |
Ubuntu 9.04 |