Vigil@nce - glibc: multiple vulnerabilities of Memory Allocator
September 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of memory allocator
functions of the glibc.
– Impacted products: Slackware, Unix (platform)
– Severity: 2/4
– Creation date: 11/09/2013
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in the glibc.
An attacker can generate an integer overflow in pvalloc(), in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; 15855]
An attacker can generate an integer overflow in valloc(), in order
to trigger a denial of service, and possibly to execute code.
[severity:2/4; 15856]
An attacker can generate an integer overflow in posix_memalign()
et memalign(), in order to trigger a denial of service, and
possibly to execute code. [severity:2/4; 15857]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/glibc-multiple-vulnerabilities-of-Memory-Allocator-13413