Wind River Support Network

HomeDefectsLIN7-3685
Fixed

LIN7-3685 : Security Advisory - glibc - CVE-2015-1781

Created: May 4, 2015    Updated: Sep 8, 2018
Resolved Date: May 6, 2015
Found In Version: 7.0.0.3
Fix Version: 7.0.0.6
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Toolchain

Description

Description:

A vulnerability has been discovered in the glibc library on Linux systems. It allows a remote malicious person to conduct harmful actions or to crash an application that uses a vulnerable version of the glibc library.


Technical information :

This vulnerability is due to a buffer overflow in the "gethostbyname_r()" function and other related functions of glibc. It allows a remote attacker, trough a specially crafted input parameter, to crash the application using the vulnerable glibc library, or to execute arbitrary code with the privileges of a user running a vulnerable application.


Links::

http://www.openwall.com/lists/oss-security/2015/04/21/4
https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html
https://sourceware.org/bugzilla/show_bug.cgi?id=18287
https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386

Other Downloads


CVEs


Live chat
Online