Vigil@nce - glibc: buffer overflow of scanf
March 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a buffer overflow in scanf() functions of
the glibc, in order to trigger a denial of service, and possibly
to execute code.
– Impacted products: Unix (platform)
– Severity: 2/4
– Creation date: 26/02/2015
DESCRIPTION OF THE VULNERABILITY
Functions in the scanf() family analyze a string to store it in
variables. For example, to decode an integer:
scanf("%i", &integer);
However, if the size of data is greater than the size of the
storage array, an overflow occurs in the _IO_vfscanf_internal()
function.
An attacker can therefore generate a buffer overflow in scanf()
functions of the glibc, in order to trigger a denial of service,
and possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/glibc-buffer-overflow-of-scanf-16271