Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.703012 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian Security Advisory DSA 3012-1 (eglibc - security update) |
Zusammenfassung: | Tavis Ormandy discovered a heap-based buffer overflow in the;transliteration module loading code in eglibc, Debian's version of the;GNU C Library. As a result, an attacker who can supply a crafted;destination character set argument to iconv-related character;conversation functions could achieve arbitrary code execution.;;This update removes support of loadable gconv transliteration modules.;Besides the security vulnerability, the module loading code had;functionality defects which prevented it from working for the intended;purpose. |
Beschreibung: | Summary: Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution. This update removes support of loadable gconv transliteration modules. Besides the security vulnerability, the module loading code had functionality defects which prevented it from working for the intended purpose. Affected Software/OS: eglibc on Debian Linux Solution: For the stable distribution (wheezy), this problem has been fixed in version 2.13-38+deb7u4. We recommend that you upgrade your eglibc packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-5119 BugTraq ID: 68983 http://www.securityfocus.com/bid/68983 BugTraq ID: 69738 http://www.securityfocus.com/bid/69738 Cisco Security Advisory: 20140910 Cisco Unified Communications Manager glibc Arbitrary Code Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119 Debian Security Information: DSA-3012 (Google Search) http://www.debian.org/security/2014/dsa-3012 http://seclists.org/fulldisclosure/2014/Aug/69 https://security.gentoo.org/glsa/201602-02 http://www.mandriva.com/security/advisories?name=MDVSA-2014:175 http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html https://code.google.com/p/google-security-research/issues/detail?id=96 http://www.openwall.com/lists/oss-security/2014/08/13/5 http://www.openwall.com/lists/oss-security/2014/07/14/1 RedHat Security Advisories: RHSA-2014:1110 https://rhn.redhat.com/errata/RHSA-2014-1110.html RedHat Security Advisories: RHSA-2014:1118 http://rhn.redhat.com/errata/RHSA-2014-1118.html http://secunia.com/advisories/60345 http://secunia.com/advisories/60358 http://secunia.com/advisories/60441 http://secunia.com/advisories/61074 http://secunia.com/advisories/61093 SuSE Security Announcement: SUSE-SU-2014:1125 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html |
Copyright | Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |