Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-4237

Опубликовано: 11 авг. 2013
Источник: redhat
CVSS2: 6.8
EPSS Низкий

Описание

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.

An out-of-bounds write flaw was found in the way the glibc's readdir_r() function handled file system entries longer than the NAME_MAX character constant. A remote attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdir_r(), would cause that application to crash or, potentially, allow the attacker to execute arbitrary code with the privileges of the user running the application.

Отчет

This issue affects the versions of glibc as shipped with Red Hat Enterprise Linux 5. This issue is not planned to be fixed in Red Hat Enterprise Linux 5 as it is now in Production 3 Phase of the support and maintenance life cycle, https://access.redhat.com/support/policy/updates/errata/

Меры по смягчению последствий

Do not open untrusted filesystem image files on production systems.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5glibcWill not fix
Red Hat Enterprise Linux 7glibcNot affected
Red Hat Enterprise Linux 6glibcFixedRHSA-2014:139113.10.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=995839glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters

EPSS

Процентиль: 80%
0.01422
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-4237

ubuntu
почти 12 лет назад

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.

nvd логотип

CVE-2013-4237

nvd
почти 12 лет назад

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.

debian логотип

CVE-2013-4237

debian
почти 12 лет назад

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2. ...

github логотип

GHSA-2w2q-5vg5-jx48

github
больше 3 лет назад

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.

oracle-oval логотип

ELSA-2014-1391

oracle-oval
почти 11 лет назад

ELSA-2014-1391: glibc security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 80%
0.01422
Низкий

6.8 Medium

CVSS2