Lucene search
F5F5:K16364HistoryJul 23, 2015 - 12:00 a.m.
K16364 : GNU C Library (glibc) vulnerability CVE-2012-3406
2015-07-2300:00:00
my.f5.com
6
Security Advisory Description
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not “properly restrict the use of” the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. (CVE-2012-3406)
Impact
An attacker with local access and knowledge of how to make the glibc function trigger an exploit may be able to cause a denial-of-service (DoS) or run arbitrary code.
Related
cve
cve
oraclelinux
oraclelinux
glibc security and bug fix update
2012-07-18 00:00:00
glibc security and bug fix update
2012-07-18 00:00:00
ubuntucve
ubuntucve
prion
prion
nessus
nessus
Amazon Linux AMI : glibc (ALAS-2012-109)
2013-09-04 00:00:00
Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20120718)
2012-08-01 00:00:00
RHEL 6 : glibc (RHSA-2012:1098)
2012-07-19 00:00:00
f5
f5
SOL16364 - GNU C Library (glibc) vulnerability CVE-2012-3406
2015-04-03 00:00:00
amazon
amazon
Medium: glibc
2012-07-25 17:56:00
openvas
openvas
RedHat Update for glibc RHSA-2012:1098-01
2012-07-19 00:00:00
RedHat Update for glibc RHSA-2012:1098-01
2012-07-19 00:00:00
CentOS Update for glibc CESA-2012:1098 centos6
2012-07-30 00:00:00
debiancve
debiancve
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 08:54:39
nvd
nvd
centos
centos
glibc, nscd security update
2012-07-18 18:17:20
glibc, nscd security update
2012-07-18 17:40:39
redhat
redhat
(RHSA-2012:1098) Moderate: glibc security and bug fix update
2012-07-18 00:00:00
(RHSA-2012:1097) Moderate: glibc security and bug fix update
2012-07-18 00:00:00
(RHSA-2012:1200) Moderate: rhev-hypervisor6 security and bug fix update
2012-08-23 00:00:00
cvelist
cvelist
fedora
fedora
[SECURITY] Fedora 17 Update: glibc-2.15-54.fc17
2012-08-15 22:54:00
ubuntu
ubuntu
GNU C Library vulnerabilities
2012-10-02 00:00:00
GNU C Library regression
2012-12-17 00:00:00
osv
osv
eglibc - security update
2015-02-23 00:00:00
eglibc - security update
2015-03-06 00:00:00
debian
debian
[SECURITY] [DSA 3169-1] eglibc security update
2015-02-23 06:08:58
[SECURITY] [DLA 165-1] eglibc security update
2015-03-06 15:39:53
securityvulns
securityvulns
[SECURITY] [DSA 3169-1] eglibc security update
2015-03-07 00:00:00
VMSA-2012-0018 VMware security updates for vCSA and ESXi
2013-01-02 00:00:00
GNU glibc multiple security vulnerabilities
2015-03-07 00:00:00
mageia
mageia
Updated glibc packages fix security vulnerabilities
2015-01-08 15:24:22
archlinux
archlinux
glibc: arbitrary code execution
2014-12-18 00:00:00
vmware
vmware
VMware security updates for vCSA, vCenter Server, and ESXi
2012-12-20 00:00:00
VMware security updates for vCSA, vCenter Server, and ESXi
2012-12-20 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2015-03-08 00:00:00