製品・ソフトウェアに関する情報

JVN脆弱性詳細

GNU C Library の posix/fnmatch.c における整数オーバーフローの脆弱性

Title	GNU C Library の posix/fnmatch.c における整数オーバーフローの脆弱性
Summary	GNU C Library の posix/fnmatch.c には、整数オーバーフローの脆弱性が存在します。本脆弱性は、CVE-2011-1071 とは異なる脆弱性です。
Possible impacts	攻撃者により、巧妙に細工されたパターンの引数を含む fnmatch コール内で使用される過度に長い UTF8 文字列を介して、サービス運用妨害 (アプリケーションクラッシュ) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	April 8, 2011, midnight
Registration Date	March 27, 2012, 6:43 p.m.
Last Update	Dec. 18, 2012, 5:16 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected System

GNU Project

GNU C Library 2.13 およびそれ以前

VMware

VMware ESX 3.0.3

VMware ESX 3.5

VMware ESX 4.0

VMware ESX 4.1

VMware ESXi 3.5

VMware ESXi 4.0

VMware ESXi 4.1

VMware ESXi 5.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-1659	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1659
National Vulnerability Database (NVD)
2	CVE-2011-1659	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1659

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-189	https://jvndb.jvn.jp/ja/cwe/CWE-189.html

ベンダー情報

No	Name	URL
GnuPG Project
1	GNU C Library	http://www.gnu.org/software/libc/index.html
VMware Security Advisories
2	VMSA-2011-0012	http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2011-0012.html

Change Log

No	Changed Details	Date of change
0	[2012年03月27日] 掲載 [2012年12月18日] 影響を受けるシステム：VMware (VMSA-2011-0012) の情報を追加ベンダ情報：VMware (VMSA-2011-0012) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2011-1659

Summary	Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.
Publication Date	April 9, 2011, 12:17 a.m.
Registration Date	Jan. 28, 2021, 4:38 p.m.
Last Update	Nov. 21, 2024, 10:26 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:gnu:glibc:2.2.2:::::::*
cpe:2.3:a:gnu:glibc:2.9:::::::*
cpe:2.3:a:gnu:glibc:2.7:::::::*
cpe:2.3:a:gnu:glibc:2.1.2:::::::*
cpe:2.3:a:gnu:glibc:2.11:::::::*
cpe:2.3:a:gnu:glibc:2.0.5:::::::*
cpe:2.3:a:gnu:glibc:2.2.5:::::::*
cpe:2.3:a:gnu:glibc:2.0.6:::::::*
cpe:2.3:a:gnu:glibc:2.10.1:::::::*
cpe:2.3:a:gnu:glibc:1.00:::::::*
cpe:2.3:a:gnu:glibc:1.06:::::::*
cpe:2.3:a:gnu:glibc:2.1.1:::::::*
cpe:2.3:a:gnu:glibc:1.02:::::::*
cpe:2.3:a:gnu:glibc:2.0.3:::::::*
cpe:2.3:a:gnu:glibc:1.07:::::::*
cpe:2.3:a:gnu:glibc:2.3.1:::::::*
cpe:2.3:a:gnu:glibc:2.3:::::::*
cpe:2.3:a:gnu:glibc:2.12.0:::::::*
cpe:2.3:a:gnu:glibc:2.0:::::::*
cpe:2.3:a:gnu:glibc::::::::		2.13
cpe:2.3:a:gnu:glibc:2.1.1.6:::::::*
cpe:2.3:a:gnu:glibc:1.04:::::::*
cpe:2.3:a:gnu:glibc:1.01:::::::*
cpe:2.3:a:gnu:glibc:2.3.10:::::::*
cpe:2.3:a:gnu:glibc:2.4:::::::*
cpe:2.3:a:gnu:glibc:2.1:::::::*
cpe:2.3:a:gnu:glibc:2.3.4:::::::*
cpe:2.3:a:gnu:glibc:1.09.1:::::::*
cpe:2.3:a:gnu:glibc:2.1.9:::::::*
cpe:2.3:a:gnu:glibc:2.3.3:::::::*
cpe:2.3:a:gnu:glibc:2.12.1:::::::*
cpe:2.3:a:gnu:glibc:2.6.1:::::::*
cpe:2.3:a:gnu:glibc:2.0.1:::::::*
cpe:2.3:a:gnu:glibc:1.09:::::::*
cpe:2.3:a:gnu:glibc:2.10:::::::*
cpe:2.3:a:gnu:glibc:2.11.2:::::::*
cpe:2.3:a:gnu:glibc:2.5.1:::::::*
cpe:2.3:a:gnu:glibc:2.6:::::::*
cpe:2.3:a:gnu:glibc:2.0.4:::::::*
cpe:2.3:a:gnu:glibc:2.0.2:::::::*
cpe:2.3:a:gnu:glibc:2.2.1:::::::*
cpe:2.3:a:gnu:glibc:2.3.2:::::::*
cpe:2.3:a:gnu:glibc:1.03:::::::*
cpe:2.3:a:gnu:glibc:2.1.3.10:::::::*
cpe:2.3:a:gnu:glibc:2.3.6:::::::*
cpe:2.3:a:gnu:glibc:2.2.3:::::::*
cpe:2.3:a:gnu:glibc:2.5:::::::*
cpe:2.3:a:gnu:glibc:2.11.3:::::::*
cpe:2.3:a:gnu:glibc:1.08:::::::*
cpe:2.3:a:gnu:glibc:2.3.5:::::::*
cpe:2.3:a:gnu:glibc:2.8:::::::*
cpe:2.3:a:gnu:glibc:2.11.1:::::::*
cpe:2.3:a:gnu:glibc:2.2.4:::::::*
cpe:2.3:a:gnu:glibc:2.1.3:::::::*
cpe:2.3:a:gnu:glibc:1.05:::::::*
cpe:2.3:a:gnu:glibc:2.2:::::::*
cpe:2.3:a:gnu:glibc:2.12.2:::::::*
cpe:2.3:a:gnu:glibc:2.10.2:::::::*

Related information, measures and tools

No	URL	タグ
1	http://code.google.com/p/chromium/issues/detail?id=48733	Exploit
2	http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html	Exploit
3	http://secunia.com/advisories/44353
4	http://secunia.com/advisories/46397
5	http://sourceware.org/bugzilla/show_bug.cgi?id=12583	Exploit Patch
6	http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=8126d90480fa3e0c5c5cd0d02cb1c93174b45485
7	http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
8	http://www.mandriva.com/security/advisories?name=MDVSA-2011:179
9	http://www.securityfocus.com/archive/1/520102/100/0/threaded
10	http://www.securitytracker.com/id?1025450
11	http://www.vmware.com/security/advisories/VMSA-2011-0012.html
12	https://bugzilla.redhat.com/show_bug.cgi?id=681054	Exploit Patch
13	https://exchange.xforce.ibmcloud.com/vulnerabilities/66819
14	http://code.google.com/p/chromium/issues/detail?id=48733	Exploit
15	https://exchange.xforce.ibmcloud.com/vulnerabilities/66819
16	https://bugzilla.redhat.com/show_bug.cgi?id=681054	Exploit Patch
17	http://www.vmware.com/security/advisories/VMSA-2011-0012.html
18	http://www.securitytracker.com/id?1025450
19	http://www.securityfocus.com/archive/1/520102/100/0/threaded
20	http://www.mandriva.com/security/advisories?name=MDVSA-2011:179
21	http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
22	http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=8126d90480fa3e0c5c5cd0d02cb1c93174b45485
23	http://sourceware.org/bugzilla/show_bug.cgi?id=12583	Exploit Patch
24	http://secunia.com/advisories/46397
25	http://secunia.com/advisories/44353
26	http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html	Exploit

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:gnu:glibc:2.2.2:::::::*
cpe:2.3:a:gnu:glibc:2.9:::::::*
cpe:2.3:a:gnu:glibc:2.7:::::::*
cpe:2.3:a:gnu:glibc:2.1.2:::::::*
cpe:2.3:a:gnu:glibc:2.11:::::::*
cpe:2.3:a:gnu:glibc:2.0.5:::::::*
cpe:2.3:a:gnu:glibc:2.2.5:::::::*
cpe:2.3:a:gnu:glibc:2.0.6:::::::*
cpe:2.3:a:gnu:glibc:2.10.1:::::::*
cpe:2.3:a:gnu:glibc:1.00:::::::*
cpe:2.3:a:gnu:glibc:1.06:::::::*
cpe:2.3:a:gnu:glibc:2.1.1:::::::*
cpe:2.3:a:gnu:glibc:1.02:::::::*
cpe:2.3:a:gnu:glibc:2.0.3:::::::*
cpe:2.3:a:gnu:glibc:1.07:::::::*
cpe:2.3:a:gnu:glibc:2.3.1:::::::*
cpe:2.3:a:gnu:glibc:2.3:::::::*
cpe:2.3:a:gnu:glibc:2.12.0:::::::*
cpe:2.3:a:gnu:glibc:2.0:::::::*
cpe:2.3:a:gnu:glibc::::::::		2.13
cpe:2.3:a:gnu:glibc:2.1.1.6:::::::*
cpe:2.3:a:gnu:glibc:1.04:::::::*
cpe:2.3:a:gnu:glibc:1.01:::::::*
cpe:2.3:a:gnu:glibc:2.3.10:::::::*
cpe:2.3:a:gnu:glibc:2.4:::::::*
cpe:2.3:a:gnu:glibc:2.1:::::::*
cpe:2.3:a:gnu:glibc:2.3.4:::::::*
cpe:2.3:a:gnu:glibc:1.09.1:::::::*
cpe:2.3:a:gnu:glibc:2.1.9:::::::*
cpe:2.3:a:gnu:glibc:2.3.3:::::::*
cpe:2.3:a:gnu:glibc:2.12.1:::::::*
cpe:2.3:a:gnu:glibc:2.6.1:::::::*
cpe:2.3:a:gnu:glibc:2.0.1:::::::*
cpe:2.3:a:gnu:glibc:1.09:::::::*
cpe:2.3:a:gnu:glibc:2.10:::::::*
cpe:2.3:a:gnu:glibc:2.11.2:::::::*
cpe:2.3:a:gnu:glibc:2.5.1:::::::*
cpe:2.3:a:gnu:glibc:2.6:::::::*
cpe:2.3:a:gnu:glibc:2.0.4:::::::*
cpe:2.3:a:gnu:glibc:2.0.2:::::::*
cpe:2.3:a:gnu:glibc:2.2.1:::::::*
cpe:2.3:a:gnu:glibc:2.3.2:::::::*
cpe:2.3:a:gnu:glibc:1.03:::::::*
cpe:2.3:a:gnu:glibc:2.1.3.10:::::::*
cpe:2.3:a:gnu:glibc:2.3.6:::::::*
cpe:2.3:a:gnu:glibc:2.2.3:::::::*
cpe:2.3:a:gnu:glibc:2.5:::::::*
cpe:2.3:a:gnu:glibc:2.11.3:::::::*
cpe:2.3:a:gnu:glibc:1.08:::::::*
cpe:2.3:a:gnu:glibc:2.3.5:::::::*
cpe:2.3:a:gnu:glibc:2.8:::::::*
cpe:2.3:a:gnu:glibc:2.11.1:::::::*
cpe:2.3:a:gnu:glibc:2.2.4:::::::*
cpe:2.3:a:gnu:glibc:2.1.3:::::::*
cpe:2.3:a:gnu:glibc:1.05:::::::*
cpe:2.3:a:gnu:glibc:2.2:::::::*
cpe:2.3:a:gnu:glibc:2.12.2:::::::*
cpe:2.3:a:gnu:glibc:2.10.2:::::::*