CVE-2011-2702

Related Files

eGlibc Signedness Code Execution

Posted Aug 1, 2012

Authored by c0ntex

A patch introduced a signedness bug causing any program compiled against the vulnerable version of eglibc and using optimized functions such as memcpy_ssse3 and memcpy-ssse3-back to be potentially vulnerable to unexpected code execution.

tags | exploit, code execution

advisories | CVE-2011-2702

SHA-256 | 25b911fe8b4f2b91e78c752029493fa3f38d85cdc1a956089b72d784bc277137

Download | Favorite | View

Ubuntu Security Notice USN-1396-1

Posted Mar 10, 2012

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1396-1 - It was discovered that the GNU C Library did not properly handle integer overflows in the timezone handling code. An attacker could use this to possibly execute arbitrary code by convincing an application to load a maliciously constructed tzfile. It was discovered that the GNU C Library did not properly handle passwd.adjunct.byname map entries in the Network Information Service (NIS) code in the name service caching daemon (nscd). An attacker could use this to obtain the encrypted passwords of NIS accounts. This issue only affected Ubuntu 8.04 LTS. Various other issues were also addressed.

tags | advisory, overflow, arbitrary

systems | linux, ubuntu

advisories | CVE-2009-5029, CVE-2010-0015, CVE-2011-1071, CVE-2011-1659, CVE-2011-1089, CVE-2011-1095, CVE-2011-1658, CVE-2011-2702, CVE-2011-4609, CVE-2012-0864, CVE-2009-5029, CVE-2010-0015, CVE-2011-1071, CVE-2011-1089, CVE-2011-1095, CVE-2011-1658, CVE-2011-1659, CVE-2011-2702, CVE-2011-4609, CVE-2012-0864

SHA-256 | 6e37a6e7af6dadd5caece2f389fd20999a42067305f2184d676361f4c1b51ea0

Download | Favorite | View