Vigil@nce - glibc: two vulnerabilities of strxfrm
March 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of strxfrm of glibc.
Impacted products: Unix (platform)
Severity: 2/4
Creation date: 13/02/2015
DESCRIPTION OF THE VULNERABILITY
The strxfrm() function transforms a string using the locale. Two
vulnerabilities were announced in strxfrm() of the glibc.
An attacker can generate an integer overflow during the memory
size computation, in order to trigger a denial of service, and
possibly to execute code. [severity:2/4]
An attacker can generate a stack overflow via alloca(), in order
to trigger a denial of service. [severity:1/4]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/glibc-two-vulnerabilities-of-strxfrm-16192