REDHAT-BUG-681054: Integer Overflow
First published: Mon Feb 28 2011(Updated: )
It was reported [1] that glibc had a bug where it would use alloca() for the length of a user-supplied UTF8 string, times four (with additional integer overflow in the times four). This could lead to an application crash, because alloca() extends the stack. This was reported upstream [2] and subsequently fixed upstream [3]. References: [1] <a href="http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html">http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html</a> [2] <a href="http://sourceware.org/bugzilla/show_bug.cgi?id=11883">http://sourceware.org/bugzilla/show_bug.cgi?id=11883</a> [3] <a href="http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f15ce4d8dc139523fe0c273580b604b2453acba6">http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f15ce4d8dc139523fe0c273580b604b2453acba6</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU C Library (glibc) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html
- http://sourceware.org/bugzilla/show_bug.cgi?id=11883
- http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f15ce4d8dc139523fe0c273580b604b2453acba6
- http://seclists.org/fulldisclosure/2011/Feb/644
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=681054#c2
- http://sourceware.org/bugzilla/show_bug.cgi?id=12583
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=681054#c5
- http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8126d90480fa
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=692259
- https://rhn.redhat.com/errata/RHSA-2011-0412.html
- https://rhn.redhat.com/errata/RHSA-2011-0413.html
- https://access.redhat.com/security/cve/CVE-2011-1659
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1659
- http://code.google.com/p/chromium/issues/detail?id=48733
- http://sourceware.org/git/?p=glibc.git;a=commit;h=8126d90480fa3e0c5c5cd0d02cb1c93174b45485
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=681054
- https://access.redhat.com/security/cve/CVE-2011-1071
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=681054#c7
- https://rhn.redhat.com/errata/RHSA-2012-0125.html
- https://bugzilla.redhat.com/show_bug.cgi?id=681054
Frequently Asked Questions
What is the severity of REDHAT-BUG-681054?
The severity of REDHAT-BUG-681054 is high, as it can lead to application crashes and potentially allow for code execution.
How do I fix REDHAT-BUG-681054?
To fix REDHAT-BUG-681054, update to the patched version of the GNU C Library (glibc) that addresses the vulnerability.
What systems are affected by REDHAT-BUG-681054?
Systems running vulnerable versions of the GNU C Library (glibc) are affected by REDHAT-BUG-681054.
What is the nature of the vulnerability in REDHAT-BUG-681054?
The vulnerability in REDHAT-BUG-681054 is caused by improper handling of user-supplied UTF8 strings leading to stack overflow.
Is there a known exploit for REDHAT-BUG-681054?
As of now, there are no public exploits specifically targeting REDHAT-BUG-681054, but the nature of the vulnerability may encourage future exploit development.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-1071
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gnu
- canonical/gnu c library (glibc)