GNU C Library 2.14 vfprintf numeric error

CVSS Meta Temp Score
CVSS is a standardized scoring system to determine possibilities of attacks. The Temp Score considers temporal factors like disclosure, exploit and countermeasures. The unique Meta Score calculates the average score of different sources to provide a normalized scoring system.
Current Exploit Price (≈)
Our analysts are monitoring exploit markets and are in contact with vulnerability brokers. The range indicates the observed or calculated exploit price to be seen on exploit markets. A good indicator to understand the monetary effort required for and the popularity of an attack.
CTI Interest Score
Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks. The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. A high score indicates an elevated risk to be targeted for this vulnerability.
7.0$0-$5k0.00

Summaryinfo

A vulnerability described as problematic has been identified in GNU C Library 2.14. This affects the function vfprintf. Executing a manipulation can lead to numeric error. This vulnerability is handled as CVE-2012-0864. Additionally, an exploit exists. It is advisable to implement a patch to correct this issue.

Detailsinfo

A vulnerability classified as critical was found in GNU C Library 2.14 (Software Library). This vulnerability affects the function vfprintf. The manipulation with an unknown input leads to a numeric error vulnerability. The CWE definition for the vulnerability is CWE-189. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.

The issue has been introduced in 06/01/2011. The weakness was released 03/09/2012 by Stefan Cornelius (c0ntex) with Red Hat Security Response Team as Bug 794797 as confirmed bug report (Bugzilla). The advisory is shared for download at bugzilla.redhat.com. This vulnerability was named CVE-2012-0864 since 01/19/2012. The attack needs to be approached locally. The requirement for exploitation is a single authentication. Technical details and also a public exploit are known.

A public exploit has been developed by aeon and been published 2 years after the advisory. It is possible to download the exploit at securityfocus.com. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 282 days. During that time the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 68497 (Oracle Linux 6 : glibc (ELSA-2012-0393)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Oracle Linux Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 216049 (VMWare ESXi 5.1.0 Patch Complete Update 1 Missing (KB2041632)).

Applying the patch usn-1396-1 is able to eliminate this problem. The bugfix is ready for download at ubuntu.com.

The vulnerability is also documented in the databases at X-Force (73547), Exploit-DB (25134), Tenable (68497), SecurityFocus (BID 52201†) and OSVDB (80719†). Entries connected to this vulnerability are available at VDB-4619, VDB-4675, VDB-4995 and VDB-5407. Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

Vendor

Name

Version

License

Website

CPE 2.3info

CPE 2.2info

CVSSv4info

VulDB Vector: 🔍
VulDB Reliability: 🔍

CVSSv3info

VulDB Meta Base Score: 7.8
VulDB Meta Temp Score: 7.0

VulDB Base Score: 7.8
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍

CVSSv2info

AVACAuCIA
💳💳💳💳💳💳
💳💳💳💳💳💳
💳💳💳💳💳💳
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
UnlockUnlockUnlockUnlockUnlockUnlock
UnlockUnlockUnlockUnlockUnlockUnlock
UnlockUnlockUnlockUnlockUnlockUnlock

VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍

NVD Base Score: 🔍

Exploitinginfo

Class: Numeric error
CWE: CWE-189
CAPEC: 🔍
ATT&CK: 🔍

Physical: Partially
Local: Yes
Remote: Yes

Availability: 🔍
Access: Public
Status: Proof-of-Concept
Author: aeon
Download: 🔍

EPSS Score: 🔍
EPSS Percentile: 🔍

Price Prediction: 🔍
Current Price Estimation: 🔍

0-DayUnlockUnlockUnlockUnlock
TodayUnlockUnlockUnlockUnlock

Nessus ID: 68497
Nessus Name: Oracle Linux 6 : glibc (ELSA-2012-0393)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍

OpenVAS ID: 881169
OpenVAS Name: CentOS Update for glibc CESA-2012:0393 centos6
OpenVAS File: 🔍
OpenVAS Family: 🔍

Qualys ID: 🔍
Qualys Name: 🔍

Exploit-DB: 🔍

Threat Intelligenceinfo

Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍

Countermeasuresinfo

Recommended: Patch
Status: 🔍

0-Day Time: 🔍
Exploit Delay Time: 🔍

Patch: usn-1396-1

Timelineinfo

06/01/2011 🔍
01/19/2012 +232 days 🔍
02/28/2012 +40 days 🔍
03/09/2012 +10 days 🔍
03/13/2012 +4 days 🔍
03/19/2012 +6 days 🔍
04/01/2012 +13 days 🔍
04/02/2012 +1 days 🔍
05/01/2013 +394 days 🔍
05/01/2013 +0 days 🔍
05/02/2013 +1 days 🔍
07/12/2013 +71 days 🔍
06/23/2024 +3999 days 🔍

Sourcesinfo

Vendor: gnu.org

Advisory: Bug 794797
Researcher: Stefan Cornelius (c0ntex)
Organization: Red Hat Security Response Team
Status: Confirmed
Confirmation: 🔍

CVE: CVE-2012-0864 (🔍)
GCVE (CVE): GCVE-0-2012-0864
GCVE (VulDB): GCVE-100-4996

OVAL: 🔍
IAVM: 🔍

X-Force: 73547
SecurityFocus: 52201 - GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
Secunia: 48383 - Ubuntu update for GNU C Library, Moderately Critical
OSVDB: 80719
Vulnerability Center: 34758 - GNU glibc \x27nargs\x27 Vulnerability Allows Application Access via Bypassing FORTIFY_SOURCE Protections, High

scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍

Entryinfo

Created: 04/02/2012 23:05
Updated: 06/23/2024 15:34
Changes: 04/02/2012 23:05 (82), 04/10/2017 12:20 (18), 03/22/2021 13:21 (3), 06/23/2024 15:34 (15)
Complete: 🔍
Cache ID: 216:501:103

Discussion

No comments yet. Languages: en.

Please log in to comment.

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!