Vulnerability Details : CVE-2011-1071
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.
Vulnerability category: Execute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2011-1071
Probability of exploitation activity in the next 30 days: 1.91%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-1071
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
CWE ids for CVE-2011-1071
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1071
-
http://code.google.com/p/chromium/issues/detail?id=48733
48733 - Crash in third_party xdg_mime library when unable to handle long file paths - chromium - MonorailExploit
-
http://www.redhat.com/support/errata/RHSA-2011-0412.html
SupportVendor Advisory
-
http://seclists.org/fulldisclosure/2011/Feb/635
Full Disclosure: glibc and alloca()Exploit
-
http://openwall.com/lists/oss-security/2011/02/28/11
oss-security - Re: cve request: eglibc memory corruptionExploit
-
http://openwall.com/lists/oss-security/2011/02/26/3
oss-security - cve request: eglibc memory corruption
-
http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=f15ce4d8dc139523fe0c273580b604b2453acba6
sourceware.org Git
-
http://www.vupen.com/english/advisories/2011/0863
Webmail | OVH- OVHVendor Advisory
-
http://openwall.com/lists/oss-security/2011/02/28/15
oss-security - Re: cve request: eglibc memory corruption
-
http://securitytracker.com/id?1025290
Glibc Memory Corruption Flaw in fnmatch() May Let Remote Users Execute Arbitrary Code - SecurityTracker
-
http://bugs.debian.org/615120
#615120 - eglibc: alloca memory corruption - Debian Bug report logsExploit
-
http://www.securityfocus.com/archive/1/520102/100/0/threaded
SecurityFocus
-
http://www.securityfocus.com/bid/46563
GNU glibc 'fnmatch()' Function Stack Corruption VulnerabilityExploit
-
http://www.redhat.com/support/errata/RHSA-2011-0413.html
SupportVendor Advisory
-
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
VMSA-2011-0012.3
-
http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html
Security: I got accidental code execution via glibc?!Exploit
-
http://securityreason.com/securityalert/8175
GNU glibc < 2.12.2 alloca() Stack Corruption Vulnerability - CXSecurity.com
-
https://bugzilla.redhat.com/show_bug.cgi?id=681054
681054 – (CVE-2011-1071, CVE-2011-1659) CVE-2011-1071 CVE-2011-1659 glibc: fnmatch() alloca()-based memory corruption flawExploit;Patch
-
http://seclists.org/fulldisclosure/2011/Feb/644
Full Disclosure: Re: glibc and alloca()Patch
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
mandriva.com
-
http://sourceware.org/bugzilla/show_bug.cgi?id=11883
11883 – (CVE-2011-1071) fnmatch() alloca() abuse, with security consequence (CVE-2011-1071)Exploit
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853
Repository / Oval Repository
Products affected by CVE-2011-1071
- cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:eglibc:*:*:*:*:*:*:*:*