PT-2008-6881 · Gnu · Libc6+1

Maksymilian Arciemowicz

·

Published

1970-01-01

·

Updated

2017-08-17

·

CVE-2009-4880

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions glibc (versions 2.10.1 and earlier) libc6 (affected versions not specified) libc6-dev (affected versions not specified) libc6-dev-i386 (affected versions not specified) libc6-dev-sparc64 (affected versions not specified) libc6-dev-mips64 (affected versions not specified) libc6-dev-mipsn32 (affected versions not specified) libc6-dev-ppc64 (affected versions not specified) libc6-dev-s390x (affected versions not specified) libc6-dev-amd64 (affected versions not specified) libc6-dbg (affected versions not specified) libc6-i386 (affected versions not specified) libc6-i686 (affected versions not specified) libc6-mips64 (affected versions not specified) libc6-mipsn32 (affected versions not specified) libc6-pic (affected versions not specified) libc6-ppc64 (affected versions not specified) libc6-s390x (affected versions not specified) libc6-sparc64 (affected versions not specified) libc6-sparcv9b (affected versions not specified) libc6-xen (affected versions not specified) libc6.1 (affected versions not specified) libc6.1-alphaev67 (affected versions not specified) libc6.1-dbg (affected versions not specified) libc6.1-dev (affected versions not specified) libc6.1-pic (affected versions not specified) libc6.1-prof (affected versions not specified) libc6.1-udeb (affected versions not specified) glibc-doc (affected versions not specified) glibc-source (affected versions not specified) libnss-dns-udeb (affected versions not specified) libnss-files-udeb (affected versions not specified) locales (affected versions not specified) locales-all (affected versions not specified) nscd (affected versions not specified)
Description The issue is related to multiple vulnerabilities in the glibc and libc6 packages of the Debian GNU/Linux operating system. These vulnerabilities can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can result in a denial of service, such as memory consumption or application crash, via a crafted format string.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-189

Related Identifiers

BDU:2015-01134
BDU:2015-01135
BDU:2015-01136
BDU:2015-01137
BDU:2015-01138
BDU:2015-01139
BDU:2015-01140
BDU:2015-01141
BDU:2015-01142
BDU:2015-01143
BDU:2015-01144
BDU:2015-01145
BDU:2015-01146
BDU:2015-01147
BDU:2015-01148
BDU:2015-01149
BDU:2015-01150
BDU:2015-01151
BDU:2015-01152
BDU:2015-01153
BDU:2015-01154
BDU:2015-01155
BDU:2015-01156
BDU:2015-01157
BDU:2015-01158
BDU:2015-01159
BDU:2015-01160
BDU:2015-01161
BDU:2015-01162
BDU:2015-01163
BDU:2015-01164
BDU:2015-01165
BDU:2015-01166
BDU:2015-01167
BDU:2015-01168
BDU:2015-01169
BDU:2015-01170
BDU:2015-09412
CVE-2009-4880
DSA-2058-1

Affected Products

Glibc
Libc6