exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2011-179

Mandriva Linux Security Advisory 2011-179
Posted Nov 27, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-179 - The addmntent function in the GNU C Library 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, overflow, local
systems | linux, osx, mandriva
advisories | CVE-2011-1089, CVE-2011-1659, CVE-2011-2483
SHA-256 | 28900655297d1ea4816e5de8820317856a37994a5877afdb6697329afc3ec425

Mandriva Linux Security Advisory 2011-179

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:179
http://www.mandriva.com/security/
_______________________________________________________________________

Package : glibc
Date : November 25, 2011
Affected: 2011.
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities was discovered and fixed in glibc:

The addmntent function in the GNU C Library (aka glibc or libc6) 2.13
and earlier does not report an error status for failed attempts to
write to the /etc/mtab file, which makes it easier for local users
to trigger corruption of this file, as demonstrated by writes from
a process with a small RLIMIT_FSIZE value, a different vulnerability
than CVE-2010-0296 (CVE-2011-1089).

Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or
libc6) 2.13 and earlier allows context-dependent attackers to cause a
denial of service (application crash) via a long UTF8 string that is
used in an fnmatch call with a crafted pattern argument, a different
vulnerability than CVE-2011-1071 (CVE-2011-1659).

crypt_blowfish before 1.1, as used in glibc on certain platforms,
does not properly handle 8-bit characters, which makes it easier
for context-dependent attackers to determine a cleartext password by
leveraging knowledge of a password hash (CVE-2011-2483).

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2011:
dfd50f461cb6f307b28861853146961e 2011/i586/glibc-2.13-6.1-mdv2011.0.i586.rpm
3128b74aaff36aea023ab2b7f04944fe 2011/i586/glibc-devel-2.13-6.1-mdv2011.0.i586.rpm
dac62d6c3020180ace287b4e68af8d41 2011/i586/glibc-doc-2.13-6.1-mdv2011.0.i586.rpm
b33f3c4f60b2f7e83c73bcdfae621298 2011/i586/glibc-doc-pdf-2.13-6.1-mdv2011.0.i586.rpm
bb7ebd801da9537b5a6294178b84d529 2011/i586/glibc-i18ndata-2.13-6.1-mdv2011.0.i586.rpm
d4af688906832f6fe7ce0318327ec7d9 2011/i586/glibc-profile-2.13-6.1-mdv2011.0.i586.rpm
a36cac92c1d95a917722f3efc47d913d 2011/i586/glibc-static-devel-2.13-6.1-mdv2011.0.i586.rpm
5cf50586154cfc0e644ad884f94ee0b3 2011/i586/glibc-utils-2.13-6.1-mdv2011.0.i586.rpm
3c2e20f956724c1d68bd760ddd1bcd9d 2011/i586/nscd-2.13-6.1-mdv2011.0.i586.rpm
b1081b829cb6b3794ba6670768123e96 2011/SRPMS/glibc-2.13-6.1.src.rpm

Mandriva Linux 2011/X86_64:
391fd990fbb899254466dced21383889 2011/x86_64/glibc-2.13-6.1-mdv2011.0.x86_64.rpm
9f9c7f42f7b47e8e3bd64fd3bb16ffce 2011/x86_64/glibc-devel-2.13-6.1-mdv2011.0.x86_64.rpm
c304129f1ddec2b85b598f1c5b1011f1 2011/x86_64/glibc-doc-2.13-6.1-mdv2011.0.x86_64.rpm
99ac80802daaa951f3b29b6f35e52bdc 2011/x86_64/glibc-doc-pdf-2.13-6.1-mdv2011.0.x86_64.rpm
e86e515f66a0a1c516c996640d5a9b63 2011/x86_64/glibc-i18ndata-2.13-6.1-mdv2011.0.x86_64.rpm
75c612f1044a58d3c6ab2321eb24edc5 2011/x86_64/glibc-profile-2.13-6.1-mdv2011.0.x86_64.rpm
885fa15b61932bfdd931ff1e65ff96bd 2011/x86_64/glibc-static-devel-2.13-6.1-mdv2011.0.x86_64.rpm
1c2e24d5e0dc77afb47ed0a9ad1ae75c 2011/x86_64/glibc-utils-2.13-6.1-mdv2011.0.x86_64.rpm
3c8ba07ade4bccefb17f4baa7420e67d 2011/x86_64/nscd-2.13-6.1-mdv2011.0.x86_64.rpm
b1081b829cb6b3794ba6670768123e96 2011/SRPMS/glibc-2.13-6.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOz+LumqjQ0CJFipgRAqAEAKDPmW5r3DzMVa5vtZiAtJ6vWjIuwACdE2Ux
9+IHfi5eLNhDOmrfpK4A8V8=
=BypT
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close