SB2020120610 - Multiple vulnerabilities in Glibc
Published: December 6, 2020 Updated: June 3, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2020-29573)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary within the sysdeps/i386/ldbl2mpn.c in the GNU C Library on x86 systems. A remote attacker can pass specially crafted data to the application that uses the vulnerable version of glibc and crash it.
2) Stack-based buffer overflow (CVE-ID: CVE-2015-8779)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a long catalog name. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Input validation error (CVE-ID: CVE-2015-8776)
The vulnerability allows a remote non-authenticated attacker to read data or crash the application.
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
4) Buffer overflow (CVE-ID: CVE-2015-8778)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
5) Stack-based buffer overflow (CVE-ID: CVE-2014-9761)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a long argument to the (1) nan, (2) nanf, or (3) nanl function. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Security features bypass (CVE-ID: CVE-2015-8777)
The vulnerability allows a local user to manipulate data.
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
Remediation
Install update from vendor's website.
References
- https://security.gentoo.org/glsa/202101-20
- https://security.netapp.com/advisory/ntap-20210122-0004/
- https://sourceware.org/bugzilla/show_bug.cgi?id=26649
- https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://rhn.redhat.com/errata/RHSA-2017-0680.html
- http://seclists.org/fulldisclosure/2019/Sep/7
- http://www.debian.org/security/2016/dsa-3480
- http://www.debian.org/security/2016/dsa-3481
- http://www.openwall.com/lists/oss-security/2016/01/19/11
- http://www.openwall.com/lists/oss-security/2016/01/20/1
- http://www.securityfocus.com/bid/82244
- http://www.ubuntu.com/usn/USN-2985-1
- http://www.ubuntu.com/usn/USN-2985-2
- https://access.redhat.com/errata/RHSA-2017:1916
- https://seclists.org/bugtraq/2019/Sep/7
- https://security.gentoo.org/glsa/201602-02
- https://security.gentoo.org/glsa/201702-11
- https://sourceware.org/bugzilla/show_bug.cgi?id=17905
- https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html
- http://www.securityfocus.com/bid/83277
- https://sourceware.org/bugzilla/show_bug.cgi?id=18985
- http://www.securityfocus.com/bid/83275
- https://sourceware.org/bugzilla/show_bug.cgi?id=18240
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://seclists.org/fulldisclosure/2019/Jun/18
- http://www.securityfocus.com/bid/83306
- https://seclists.org/bugtraq/2019/Jun/14
- https://sourceware.org/bugzilla/show_bug.cgi?id=16962
- http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html
- http://www.securityfocus.com/bid/81469
- http://www.securitytracker.com/id/1034811
- https://sourceware.org/bugzilla/show_bug.cgi?id=18928