製品・ソフトウェアに関する情報

JVN脆弱性詳細

GNU C Library および Embedded GLIBC における任意のコードを実行される脆弱性

Title	GNU C Library および Embedded GLIBC における任意のコードを実行される脆弱性
Summary	GNU C Library (aka glibc or libc6) および Embedded GLIBC (EGLIBC) には、任意のコードを実行される、またはサービス運用妨害 (メモリの破損) 状態となる脆弱性が存在します。本脆弱性は、CVE-2010-2898 と関連する脆弱性です。
Possible impacts	攻撃者により、fnmatch コールに使用される過度に長い UTF8 文字列を介して、任意のコードを実行される、またはサービス運用妨害 (メモリの破損) 状態にされる可能性があります。
Solution	ベンダ情報及び参考情報を参照して適切な対策を実施してください。
Publication Date	April 4, 2011, midnight
Registration Date	April 28, 2011, 3:15 p.m.
Last Update	Dec. 18, 2012, 5:10 p.m.

CVSS2.0 : 警告
Score	5.1
Vector	AV:N/AC:H/Au:N/C:P/I:P/A:P

Affected System

レッドハット

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux Desktop 6

Red Hat Enterprise Linux HPC Node 6

Red Hat Enterprise Linux Long Life (v. 5.6 server)

Red Hat Enterprise Linux Server 6

Red Hat Enterprise Linux Workstation 6

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

GNU Project

Embedded GLIBC

GNU C Library 2.11.2 およびそれ以前

VMware

VMware ESX 3.5

VMware ESX 4.0

VMware ESX 4.1

VMware ESX 3.0.3

VMware ESXi 3.5

VMware ESXi 4.0

VMware ESXi 4.1

VMware ESXi 5.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-1071	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1071
National Vulnerability Database (NVD)
2	CVE-2011-1071	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1071

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-399	https://jvndb.jvn.jp/ja/cwe/CWE-399.html

ベンダー情報

No	Name	URL
Asianux Technical Support Network
1	glibc-2.5-58.2.0.1.AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1400
EGLIBC
2	Top Page	http://www.eglibc.org/home
GNU C Library
3	Top Page	http://www.gnu.org/software/libc/libc.html
Red Hat Security Advisory
4	RHSA-2011:0412	http://rhn.redhat.com/errata/RHSA-2011-0412.html
5	RHSA-2011:0413	http://rhn.redhat.com/errata/RHSA-2011-0413.html
VMware Security Advisories
6	VMSA-2011-0010	http://www.vmware.com/security/advisories/VMSA-2011-0010.html
7	VMSA-2011-0012	http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2011-0012.html

その他

No	Name	URL
Secunia Advisory
1	SA43492	http://secunia.com/advisories/43492
2	SA43830	http://secunia.com/advisories/43830
3	SA43989	http://secunia.com/advisories/43989
SecurityFocus
4	46563	http://www.securityfocus.com/bid/46563
SecurityTracker
5	1025290	http://www.securitytracker.com/id?1025290
VUPEN Security
6	VUPEN/ADV-2011-0863	http://www.vupen.com/english/advisories/2011/0863

Change Log

No	Changed Details	Date of change
0	[2011年04月28日] 掲載 [2011年08月11日] 影響を受けるシステム：VMware (VMSA-2011-0010) の情報を追加ベンダ情報：VMware (VMSA-2011-0010) を追加 [2012年12月18日] 影響を受けるシステム：VMware (VMSA-2011-0012) の情報を追加ベンダ情報：VMware (VMSA-2011-0012) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2011-1071

Summary	The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.
Publication Date	April 9, 2011, 12:17 a.m.
Registration Date	Jan. 28, 2021, 4:38 p.m.
Last Update	Nov. 21, 2024, 10:25 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:gnu:glibc:2.2.2:::::::*
cpe:2.3:a:gnu:glibc:2.9:::::::*
cpe:2.3:a:gnu:glibc:2.7:::::::*
cpe:2.3:a:gnu:glibc:2.1.2:::::::*
cpe:2.3:a:gnu:glibc:2.11:::::::*
cpe:2.3:a:gnu:glibc:2.0.5:::::::*
cpe:2.3:a:gnu:glibc:2.2.5:::::::*
cpe:2.3:a:gnu:glibc:2.0.6:::::::*
cpe:2.3:a:gnu:glibc:2.10.1:::::::*
cpe:2.3:a:gnu:glibc:1.00:::::::*
cpe:2.3:a:gnu:glibc:1.06:::::::*
cpe:2.3:a:gnu:glibc:2.1.1:::::::*
cpe:2.3:a:gnu:glibc:1.02:::::::*
cpe:2.3:a:gnu:glibc:2.0.3:::::::*
cpe:2.3:a:gnu:glibc:1.07:::::::*
cpe:2.3:a:gnu:glibc:2.3.1:::::::*
cpe:2.3:a:gnu:glibc:2.3:::::::*
cpe:2.3:a:gnu:glibc:2.12.0:::::::*
cpe:2.3:a:gnu:glibc:2.0:::::::*
cpe:2.3:a:gnu:glibc:2.1.1.6:::::::*
cpe:2.3:a:gnu:glibc:1.04:::::::*
cpe:2.3:a:gnu:glibc:1.01:::::::*
cpe:2.3:a:gnu:glibc:2.3.10:::::::*
cpe:2.3:a:gnu:glibc:2.4:::::::*
cpe:2.3:a:gnu:glibc:2.1:::::::*
cpe:2.3:a:gnu:glibc:2.3.4:::::::*
cpe:2.3:a:gnu:glibc:1.09.1:::::::*
cpe:2.3:a:gnu:glibc:2.1.9:::::::*
cpe:2.3:a:gnu:glibc::::::::		2.12.1
cpe:2.3:a:gnu:glibc:2.3.3:::::::*
cpe:2.3:a:gnu:glibc:2.6.1:::::::*
cpe:2.3:a:gnu:glibc:2.0.1:::::::*
cpe:2.3:a:gnu:glibc:1.09:::::::*
cpe:2.3:a:gnu:glibc:2.10:::::::*
cpe:2.3:a:gnu:glibc:2.11.2:::::::*
cpe:2.3:a:gnu:glibc:2.5.1:::::::*
cpe:2.3:a:gnu:glibc:2.6:::::::*
cpe:2.3:a:gnu:glibc:2.0.4:::::::*
cpe:2.3:a:gnu:glibc:2.0.2:::::::*
cpe:2.3:a:gnu:glibc:2.2.1:::::::*
cpe:2.3:a:gnu:glibc:2.3.2:::::::*
cpe:2.3:a:gnu:glibc:1.03:::::::*
cpe:2.3:a:gnu:glibc:2.1.3.10:::::::*
cpe:2.3:a:gnu:glibc:2.3.6:::::::*
cpe:2.3:a:gnu:glibc:2.2.3:::::::*
cpe:2.3:a:gnu:glibc:2.5:::::::*
cpe:2.3:a:gnu:eglibc::::::::
cpe:2.3:a:gnu:glibc:2.11.3:::::::*
cpe:2.3:a:gnu:glibc:1.08:::::::*
cpe:2.3:a:gnu:glibc:2.3.5:::::::*
cpe:2.3:a:gnu:glibc:2.8:::::::*
cpe:2.3:a:gnu:glibc:2.11.1:::::::*
cpe:2.3:a:gnu:glibc:2.2.4:::::::*
cpe:2.3:a:gnu:glibc:2.1.3:::::::*
cpe:2.3:a:gnu:glibc:1.05:::::::*
cpe:2.3:a:gnu:glibc:2.2:::::::*
cpe:2.3:a:gnu:glibc:2.10.2:::::::*

Related information, measures and tools

No	URL	タグ
1	http://bugs.debian.org/615120	Exploit
2	http://code.google.com/p/chromium/issues/detail?id=48733	Exploit
3	http://openwall.com/lists/oss-security/2011/02/26/3
4	http://openwall.com/lists/oss-security/2011/02/28/11	Exploit
5	http://openwall.com/lists/oss-security/2011/02/28/15
6	http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html	Exploit
7	http://seclists.org/fulldisclosure/2011/Feb/635	Exploit
8	http://seclists.org/fulldisclosure/2011/Feb/644	Patch
9	http://secunia.com/advisories/43492	Vendor Advisory
10	http://secunia.com/advisories/43830	Vendor Advisory
11	http://secunia.com/advisories/43989	Vendor Advisory
12	http://secunia.com/advisories/46397	Vendor Advisory
13	http://securityreason.com/securityalert/8175
14	http://securitytracker.com/id?1025290
15	http://sourceware.org/bugzilla/show_bug.cgi?id=11883	Exploit
16	http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=f15ce4d8dc139523fe0c273580b604b2453acba6
17	http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
18	http://www.redhat.com/support/errata/RHSA-2011-0412.html	Vendor Advisory
19	http://www.redhat.com/support/errata/RHSA-2011-0413.html	Vendor Advisory
20	http://www.securityfocus.com/archive/1/520102/100/0/threaded
21	http://www.securityfocus.com/bid/46563	Exploit
22	http://www.vmware.com/security/advisories/VMSA-2011-0012.html
23	http://www.vupen.com/english/advisories/2011/0863	Vendor Advisory
24	https://bugzilla.redhat.com/show_bug.cgi?id=681054	Exploit Patch
25	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853
26	http://bugs.debian.org/615120	Exploit
27	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853
28	https://bugzilla.redhat.com/show_bug.cgi?id=681054	Exploit Patch
29	http://www.vupen.com/english/advisories/2011/0863	Vendor Advisory
30	http://www.vmware.com/security/advisories/VMSA-2011-0012.html
31	http://www.securityfocus.com/bid/46563	Exploit
32	http://www.securityfocus.com/archive/1/520102/100/0/threaded
33	http://www.redhat.com/support/errata/RHSA-2011-0413.html	Vendor Advisory
34	http://www.redhat.com/support/errata/RHSA-2011-0412.html	Vendor Advisory
35	http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
36	http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=f15ce4d8dc139523fe0c273580b604b2453acba6
37	http://sourceware.org/bugzilla/show_bug.cgi?id=11883	Exploit
38	http://securitytracker.com/id?1025290
39	http://securityreason.com/securityalert/8175
40	http://secunia.com/advisories/46397	Vendor Advisory
41	http://secunia.com/advisories/43989	Vendor Advisory
42	http://secunia.com/advisories/43830	Vendor Advisory
43	http://secunia.com/advisories/43492	Vendor Advisory
44	http://seclists.org/fulldisclosure/2011/Feb/644	Patch
45	http://seclists.org/fulldisclosure/2011/Feb/635	Exploit
46	http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html	Exploit
47	http://openwall.com/lists/oss-security/2011/02/28/15
48	http://openwall.com/lists/oss-security/2011/02/28/11	Exploit
49	http://openwall.com/lists/oss-security/2011/02/26/3
50	http://code.google.com/p/chromium/issues/detail?id=48733	Exploit

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-399	リソース管理の問題	https://cwe.mitre.org/data/definitions/399.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:gnu:glibc:2.2.2:::::::*
cpe:2.3:a:gnu:glibc:2.9:::::::*
cpe:2.3:a:gnu:glibc:2.7:::::::*
cpe:2.3:a:gnu:glibc:2.1.2:::::::*
cpe:2.3:a:gnu:glibc:2.11:::::::*
cpe:2.3:a:gnu:glibc:2.0.5:::::::*
cpe:2.3:a:gnu:glibc:2.2.5:::::::*
cpe:2.3:a:gnu:glibc:2.0.6:::::::*
cpe:2.3:a:gnu:glibc:2.10.1:::::::*
cpe:2.3:a:gnu:glibc:1.00:::::::*
cpe:2.3:a:gnu:glibc:1.06:::::::*
cpe:2.3:a:gnu:glibc:2.1.1:::::::*
cpe:2.3:a:gnu:glibc:1.02:::::::*
cpe:2.3:a:gnu:glibc:2.0.3:::::::*
cpe:2.3:a:gnu:glibc:1.07:::::::*
cpe:2.3:a:gnu:glibc:2.3.1:::::::*
cpe:2.3:a:gnu:glibc:2.3:::::::*
cpe:2.3:a:gnu:glibc:2.12.0:::::::*
cpe:2.3:a:gnu:glibc:2.0:::::::*
cpe:2.3:a:gnu:glibc:2.1.1.6:::::::*
cpe:2.3:a:gnu:glibc:1.04:::::::*
cpe:2.3:a:gnu:glibc:1.01:::::::*
cpe:2.3:a:gnu:glibc:2.3.10:::::::*
cpe:2.3:a:gnu:glibc:2.4:::::::*
cpe:2.3:a:gnu:glibc:2.1:::::::*
cpe:2.3:a:gnu:glibc:2.3.4:::::::*
cpe:2.3:a:gnu:glibc:1.09.1:::::::*
cpe:2.3:a:gnu:glibc:2.1.9:::::::*
cpe:2.3:a:gnu:glibc::::::::		2.12.1
cpe:2.3:a:gnu:glibc:2.3.3:::::::*
cpe:2.3:a:gnu:glibc:2.6.1:::::::*
cpe:2.3:a:gnu:glibc:2.0.1:::::::*
cpe:2.3:a:gnu:glibc:1.09:::::::*
cpe:2.3:a:gnu:glibc:2.10:::::::*
cpe:2.3:a:gnu:glibc:2.11.2:::::::*
cpe:2.3:a:gnu:glibc:2.5.1:::::::*
cpe:2.3:a:gnu:glibc:2.6:::::::*
cpe:2.3:a:gnu:glibc:2.0.4:::::::*
cpe:2.3:a:gnu:glibc:2.0.2:::::::*
cpe:2.3:a:gnu:glibc:2.2.1:::::::*
cpe:2.3:a:gnu:glibc:2.3.2:::::::*
cpe:2.3:a:gnu:glibc:1.03:::::::*
cpe:2.3:a:gnu:glibc:2.1.3.10:::::::*
cpe:2.3:a:gnu:glibc:2.3.6:::::::*
cpe:2.3:a:gnu:glibc:2.2.3:::::::*
cpe:2.3:a:gnu:glibc:2.5:::::::*
cpe:2.3:a:gnu:eglibc::::::::
cpe:2.3:a:gnu:glibc:2.11.3:::::::*
cpe:2.3:a:gnu:glibc:1.08:::::::*
cpe:2.3:a:gnu:glibc:2.3.5:::::::*
cpe:2.3:a:gnu:glibc:2.8:::::::*
cpe:2.3:a:gnu:glibc:2.11.1:::::::*
cpe:2.3:a:gnu:glibc:2.2.4:::::::*
cpe:2.3:a:gnu:glibc:2.1.3:::::::*
cpe:2.3:a:gnu:glibc:1.05:::::::*
cpe:2.3:a:gnu:glibc:2.2:::::::*
cpe:2.3:a:gnu:glibc:2.10.2:::::::*