CVE-2015-5277: Buffer Overflow
First published: Mon Sep 14 2015(Updated: )
It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents), potentially resulting in arbitrary code execution.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Hpc Node | =7.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| GNU glibc | <=2.19 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =15.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://sourceware.org/bugzilla/show_bug.cgi?id=17079
- https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ac60763eac3d43b7234dd21286ad3ec3f17957fc
- https://rhn.redhat.com/errata/RHSA-2015-2172.html
- https://rhn.redhat.com/errata/RHSA-2015-2589.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1262914
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://rhn.redhat.com/errata/RHSA-2015-2172.html
- http://seclists.org/fulldisclosure/2019/Sep/7
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/78092
- http://www.securitytracker.com/id/1034196
- http://www.ubuntu.com/usn/USN-2985-1
- http://www.ubuntu.com/usn/USN-2985-2
- https://seclists.org/bugtraq/2019/Sep/7
- https://security.gentoo.org/glsa/201702-11
- https://sourceware.org/ml/libc-alpha/2014-09/msg00088.html
- collector/nvd-index
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/type
- agent/event
- agent/description
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-5277
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux hpc node
- version/redhat enterprise linux hpc node/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- vendor/gnu
- canonical/gnu glibc
- version/gnu glibc/2.19
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/15.10