Vulnerability identifier: #VU45143

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2011-1659

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Glibc
Universal components / Libraries / Libraries used by multiple products

Vendor: GNU

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Glibc: 1.00 - 2.12.2

---

External links
http://code.google.com/p/chromium/issues/detail?id=48733
http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html
http://secunia.com/advisories/44353
http://secunia.com/advisories/46397
http://sourceware.org/bugzilla/show_bug.cgi?id=12583
http://sourceware.org/git/?p=glibc.git;a=commit;h=8126d90480fa3e0c5c5cd0d02cb1c93174b45485
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
http://www.mandriva.com/security/advisories?name=MDVSA-2011:179
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.securitytracker.com/id?1025450
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://bugzilla.redhat.com/show_bug.cgi?id=681054
http://exchange.xforce.ibmcloud.com/vulnerabilities/66819

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.