CVE-2011-1071

GNU Eglibc < 2.12.1 - Resource Management Error

Title source: rule

Description

The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.

Exploits (1)

exploitdb WORKING POC

by Simon Berry-Byrne · cdosmultiple

https://www.exploit-db.com/exploits/17120

View Code ZIP pw:eip

References (25)

[Exploit] http://bugs.debian.org/615120

[Exploit] http://code.google.com/p/chromium/issues/detail?id=48733

[Exploit] http://openwall.com/lists/oss-security/2011/02/28/11

[Exploit] http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html

[Exploit] http://seclists.org/fulldisclosure/2011/Feb/635

[Patch] http://seclists.org/fulldisclosure/2011/Feb/644

[Vendor Advisory] http://secunia.com/advisories/43492

[Vendor Advisory] http://secunia.com/advisories/43830

[Vendor Advisory] http://secunia.com/advisories/43989

[Vendor Advisory] http://secunia.com/advisories/46397

[Third Party Advisory] http://securityreason.com/securityalert/8175

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1025290

[Exploit] http://sourceware.org/bugzilla/show_bug.cgi?id=11883

[Patch] http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=f15ce4d8dc139523fe0c273580b604b2453acba6

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2011:178

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2011-0412.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2011-0413.html

[Exploit] http://www.securityfocus.com/bid/46563

[Vendor Advisory] http://www.vupen.com/english/advisories/2011/0863

[Exploit, Patch] https://bugzilla.redhat.com/show_bug.cgi?id=681054

... and 5 more

Scores

EPSS 0.0523

EPSS Percentile 90.0%

Details

CWE

CWE-399

Status published

Products (50)

gnu/eglibc

gnu/glibc 1.00

gnu/glibc 1.01

gnu/glibc 1.02

gnu/glibc 1.03

gnu/glibc 1.04

gnu/glibc 1.05

gnu/glibc 1.06

gnu/glibc 1.07

gnu/glibc 1.08

... and 40 more

Published Apr 08, 2011

Tracked Since Feb 18, 2026