CVE-2009-5029: Integer Overflow
First published: Wed Dec 07 2011(Updated: )
Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU C Library | =2.1.2 | |
| GNU C Library | =2.0.5 | |
| GNU C Library | =2.0.6 | |
| GNU C Library | =2.1.1 | |
| GNU C Library | =2.0.3 | |
| GNU C Library | =2.0 | |
| GNU C Library | =2.13 | |
| GNU C Library | =2.1.1.6 | |
| GNU C Library | =2.1 | |
| GNU C Library | =2.1.9 | |
| GNU C Library | =2.0.1 | |
| GNU C Library | =2.0.4 | |
| GNU C Library | =2.0.2 | |
| GNU C Library | =2.1.3 | |
| GNU C Library | <=2.14 | |
| GNU C Library (glibc) | <=2.14 | |
| GNU C Library (glibc) | =2.0 | |
| GNU C Library (glibc) | =2.0.1 | |
| GNU C Library (glibc) | =2.0.2 | |
| GNU C Library (glibc) | =2.0.3 | |
| GNU C Library (glibc) | =2.0.4 | |
| GNU C Library (glibc) | =2.0.5 | |
| GNU C Library (glibc) | =2.0.6 | |
| GNU C Library (glibc) | =2.1 | |
| GNU C Library (glibc) | =2.1.1 | |
| GNU C Library (glibc) | =2.1.1.6 | |
| GNU C Library (glibc) | =2.1.2 | |
| GNU C Library (glibc) | =2.1.3 | |
| GNU C Library (glibc) | =2.1.9 | |
| GNU C Library (glibc) | =2.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=761245
- http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html
- http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/
- http://sourceware.org/ml/libc-alpha/2011-12/msg00037.html
- http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=97ac2654b2d831acaa18a2b018b0736245903fd2
- http://rcvalle.com/post/14169476482/exploiting-glibc-tzfile-read-integer-overflow-to
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=767696
- http://rcvalle.com/post/14261796328/more-on-exploiting-glibc-tzfile-read-integer-overflow
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=761245#c15
- http://sourceware.org/bugzilla/show_bug.cgi?id=13506
- http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=97ac2654b2d831acaa18a2b018b0736245903fd2
- http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8fa26d571d4b87a1c7a7f19f1365f7e5d2995933
- https://rhn.redhat.com/errata/RHSA-2012-0058.html
- https://rhn.redhat.com/errata/RHSA-2012-0126.html
- https://rhn.redhat.com/errata/RHSA-2012-0125.html
Frequently Asked Questions
What is the severity of CVE-2009-5029?
CVE-2009-5029 has a moderate severity rating as it can lead to denial of service and potentially remote code execution.
How do I fix CVE-2009-5029?
To fix CVE-2009-5029, upgrade glibc to version 2.15 or later.
What causes the vulnerability CVE-2009-5029?
CVE-2009-5029 is caused by an integer overflow in the __tzfile_read function of glibc.
Which versions of glibc are affected by CVE-2009-5029?
CVE-2009-5029 affects glibc versions earlier than 2.15, including various 2.0 to 2.14 versions.
What are the potential impacts of CVE-2009-5029?
The potential impacts of CVE-2009-5029 include application crashes and the risk of executing arbitrary code by attackers.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/references
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-5029
- agent/trending
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- vendor/gnu
- canonical/gnu c library
- version/gnu c library/2.1.2
- version/gnu c library/2.0.5
- version/gnu c library/2.0.6
- version/gnu c library/2.1.1
- version/gnu c library/2.0.3
- version/gnu c library/2.0
- version/gnu c library/2.13
- version/gnu c library/2.1.1.6
- version/gnu c library/2.1
- version/gnu c library/2.1.9
- version/gnu c library/2.0.1
- version/gnu c library/2.0.4
- version/gnu c library/2.0.2
- version/gnu c library/2.1.3
- version/gnu c library/2.14
- canonical/gnu c library (glibc)
- version/gnu c library (glibc)/2.14
- version/gnu c library (glibc)/2.0
- version/gnu c library (glibc)/2.0.1
- version/gnu c library (glibc)/2.0.2
- version/gnu c library (glibc)/2.0.3
- version/gnu c library (glibc)/2.0.4
- version/gnu c library (glibc)/2.0.5
- version/gnu c library (glibc)/2.0.6
- version/gnu c library (glibc)/2.1
- version/gnu c library (glibc)/2.1.1
- version/gnu c library (glibc)/2.1.1.6
- version/gnu c library (glibc)/2.1.2
- version/gnu c library (glibc)/2.1.3
- version/gnu c library (glibc)/2.1.9
- version/gnu c library (glibc)/2.13