Wind River Support Network

HomeDefectsLIN8-357
Fixed

LIN8-357 : Security Advisory - glibc - CVE-2015-1781

Created: May 17, 2015    Updated: Mar 4, 2016
Resolved Date: May 25, 2015
Previous ID: LIN7-3806
Found In Version: unknown
Fix Version: 8.0.0.0.LB06
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Toolchain

Description

Description:

A vulnerability has been discovered in the glibc library on Linux systems. It allows a remote malicious person to conduct harmful actions or to crash an application that uses a vulnerable version of the glibc library.


Technical information :

This vulnerability is due to a buffer overflow in the "gethostbyname_r()" function and other related functions of glibc. It allows a remote attacker, trough a specially crafted input parameter, to crash the application using the vulnerable glibc library, or to execute arbitrary code with the privileges of a user running a vulnerable application.


Links::

http://www.openwall.com/lists/oss-security/2015/04/21/4
https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html
https://sourceware.org/bugzilla/show_bug.cgi?id=18287
https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386

CVEs


Live chat
Online