5.1 - CVE-2011-1071

Executive Summary

Informations
Name	CVE-2011-1071	First vendor Publication	2011-04-08
Vendor	Cve	Last vendor Modification	2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score	5.1	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	High
Cvss Expoit Score	4.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1071

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-399	Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12853

Oval ID:	oval:org.mitre.oval:def:12853
Title:	VMSA-2011-0010 VMware ESX third party updates for Service Console packages glibc and dhcp
Description:	The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2011-1071	Version:	4
Platform(s):	VMWare ESX Server 4.0 VMWare ESX Server 4.1	Product(s):
Definition Synopsis:
Patch ESX400-201104401-SG does not exist AND esx 4.1 and patch VMware ESX Server 4.1 is installed AND Patch ESX410-201104401-SG does not exist

Definition Id: oval:org.mitre.oval:def:20361

Oval ID:	oval:org.mitre.oval:def:20361
Title:	VMware ESX third party updates for Service Console packages glibc and dhcp
Description:	The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2011-1071	Version:	4
Platform(s):	VMWare ESX Server 4.1 VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
Patch ESX410-201107406-SG is not installed VMware ESX Server 4.1 is installed AND Patch ESX410-201107406-SG is not installed OR Patch ESX400-201110408-SG is not installed VMware ESX Server 4.0 is installed AND Patch ESX400-201110408-SG is not installed

Definition Id: oval:org.mitre.oval:def:20420

Oval ID:	oval:org.mitre.oval:def:20420
Title:	VMware ESX third party updates for Service Console packages glibc and dhcp
Description:	The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2011-1071	Version:	4
Platform(s):	VMWare ESX Server 4.1 VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
Patch ESX410-201110201-SG is not installed VMware ESX Server 4.1 is installed AND Patch ESX410-201110201-SG is not installed OR Patch ESX400-201110401-SG is not installed VMware ESX Server 4.0 is installed AND Patch ESX400-201110401-SG is not installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Gnu Eglibc cpe:2.3:a:gnu:eglibc::::::::	1
Application	Gnu Glibc cpe:2.3:a:gnu:glibc:2.9:::::::* cpe:2.3:a:gnu:glibc:2.8:::::::* cpe:2.3:a:gnu:glibc:2.7:::::::* cpe:2.3:a:gnu:glibc:2.6.1:::::::* cpe:2.3:a:gnu:glibc:2.6:::::::* cpe:2.3:a:gnu:glibc:2.5.1:::::::* cpe:2.3:a:gnu:glibc:2.5-49.el5_5.6:::::::* cpe:2.3:a:gnu:glibc:2.5:::::::* cpe:2.3:a:gnu:glibc:2.4:::::::* cpe:2.3:a:gnu:glibc:2.3.6:::::::* cpe:2.3:a:gnu:glibc:2.3.5:::::::* cpe:2.3:a:gnu:glibc:2.3.4:::::::* cpe:2.3:a:gnu:glibc:2.3.3:::::::* cpe:2.3:a:gnu:glibc:2.3.2:::::::* cpe:2.3:a:gnu:glibc:2.3.10:::::::* cpe:2.3:a:gnu:glibc:2.3.1:::::::* cpe:2.3:a:gnu:glibc:2.3:::::::* cpe:2.3:a:gnu:glibc:2.2.5:::::::* cpe:2.3:a:gnu:glibc:2.2.4:::::::* cpe:2.3:a:gnu:glibc:2.2.3:::::::* cpe:2.3:a:gnu:glibc:2.2.2:::::::* cpe:2.3:a:gnu:glibc:2.2.1:::::::* cpe:2.3:a:gnu:glibc:2.2:::::::* cpe:2.3:a:gnu:glibc:2.12.1:::::::* cpe:2.3:a:gnu:glibc:2.12.0:::::::* cpe:2.3:a:gnu:glibc:2.12:::::::* cpe:2.3:a:gnu:glibc:2.12::::::x86: cpe:2.3:a:gnu:glibc:2.11.3:::::::* cpe:2.3:a:gnu:glibc:2.11.2:::::::* cpe:2.3:a:gnu:glibc:2.11.1:::::::* cpe:2.3:a:gnu:glibc:2.11:::::::* cpe:2.3:a:gnu:glibc:2.10.2:::::::* cpe:2.3:a:gnu:glibc:2.10.1:::::::* cpe:2.3:a:gnu:glibc:2.10:::::::* cpe:2.3:a:gnu:glibc:2.1.9:::::::* cpe:2.3:a:gnu:glibc:2.1.3.10:::::::* cpe:2.3:a:gnu:glibc:2.1.3:::::::* cpe:2.3:a:gnu:glibc:2.1.2:::::::* cpe:2.3:a:gnu:glibc:2.1.1.6:::::::* cpe:2.3:a:gnu:glibc:2.1.1:::::::* cpe:2.3:a:gnu:glibc:2.1:::::::* cpe:2.3:a:gnu:glibc:2.0.6:::::::* cpe:2.3:a:gnu:glibc:2.0.5:::::::* cpe:2.3:a:gnu:glibc:2.0.4:::::::* cpe:2.3:a:gnu:glibc:2.0.3:::::::* cpe:2.3:a:gnu:glibc:2.0.2:::::::* cpe:2.3:a:gnu:glibc:2.0.1:::::::* cpe:2.3:a:gnu:glibc:2.0:::::::* cpe:2.3:a:gnu:glibc:1.09.5:::::::* cpe:2.3:a:gnu:glibc:1.09.3:::::::* cpe:2.3:a:gnu:glibc:1.09.2:::::::* cpe:2.3:a:gnu:glibc:1.09.1:::::::* cpe:2.3:a:gnu:glibc:1.09:::::::* cpe:2.3:a:gnu:glibc:1.08.9:::::::* cpe:2.3:a:gnu:glibc:1.08.8:::::::* cpe:2.3:a:gnu:glibc:1.08.7:::::::* cpe:2.3:a:gnu:glibc:1.08.6:::::::* cpe:2.3:a:gnu:glibc:1.08.5:::::::* cpe:2.3:a:gnu:glibc:1.08.4:::::::* cpe:2.3:a:gnu:glibc:1.08.3:::::::* cpe:2.3:a:gnu:glibc:1.08.14:::::::* cpe:2.3:a:gnu:glibc:1.08.13:::::::* cpe:2.3:a:gnu:glibc:1.08.12:::::::* cpe:2.3:a:gnu:glibc:1.08.11:::::::* cpe:2.3:a:gnu:glibc:1.08.10:::::::* cpe:2.3:a:gnu:glibc:1.08.1:::::::* cpe:2.3:a:gnu:glibc:1.08:::::::* cpe:2.3:a:gnu:glibc:1.07.6:::::::* cpe:2.3:a:gnu:glibc:1.07.5:::::::* cpe:2.3:a:gnu:glibc:1.07.4:::::::* cpe:2.3:a:gnu:glibc:1.07.3:::::::* cpe:2.3:a:gnu:glibc:1.07.2:::::::* cpe:2.3:a:gnu:glibc:1.07.1:::::::* cpe:2.3:a:gnu:glibc:1.07:::::::* cpe:2.3:a:gnu:glibc:1.06.9:::::::* cpe:2.3:a:gnu:glibc:1.06.8:::::::* cpe:2.3:a:gnu:glibc:1.06.7:::::::* cpe:2.3:a:gnu:glibc:1.06.6:::::::* cpe:2.3:a:gnu:glibc:1.06.4:::::::* cpe:2.3:a:gnu:glibc:1.06.3:::::::* cpe:2.3:a:gnu:glibc:1.06.2:::::::* cpe:2.3:a:gnu:glibc:1.06.13:::::::* cpe:2.3:a:gnu:glibc:1.06.12:::::::* cpe:2.3:a:gnu:glibc:1.06.11:::::::* cpe:2.3:a:gnu:glibc:1.06.10:::::::* cpe:2.3:a:gnu:glibc:1.06.1:::::::* cpe:2.3:a:gnu:glibc:1.06:::::::* cpe:2.3:a:gnu:glibc:1.05:::::::* cpe:2.3:a:gnu:glibc:1.04:::::::* cpe:2.3:a:gnu:glibc:1.03:::::::* cpe:2.3:a:gnu:glibc:1.02:::::::* cpe:2.3:a:gnu:glibc:1.01:::::::* cpe:2.3:a:gnu:glibc:1.00:::::::* cpe:2.3:a:gnu:glibc:0.6:::::::* cpe:2.3:a:gnu:glibc:0.5:::::::* cpe:2.3:a:gnu:glibc:0.4.1:::::::* cpe:2.3:a:gnu:glibc:0.4:::::::* cpe:2.3:a:gnu:glibc:0.1:::::::* cpe:2.3:a:gnu:glibc:::::::: cpe:2.3:a:gnu:glibc:::::::x64:* cpe:2.3:a:gnu:glibc:::::::x86:* cpe:2.3:a:gnu:glibc:-:::::::*	102

OpenVAS Exploits

Date	Description
2012-07-30	Name : CentOS Update for glibc CESA-2011:0412 centos5 x86_64 File : nvt/gb_CESA-2011_0412_glibc_centos5_x86_64.nasl
2012-07-30	Name : CentOS Update for glibc CESA-2012:0125 centos4 File : nvt/gb_CESA-2012_0125_glibc_centos4.nasl
2012-06-06	Name : RedHat Update for glibc RHSA-2011:0413-01 File : nvt/gb_RHSA-2011_0413-01_glibc.nasl
2012-03-16	Name : VMSA-2011-0012.3 VMware ESXi and ESX updates to third party libraries and ESX... File : nvt/gb_VMSA-2011-0012.nasl
2012-03-12	Name : Ubuntu Update for eglibc USN-1396-1 File : nvt/gb_ubuntu_USN_1396_1.nasl
2012-02-21	Name : RedHat Update for glibc RHSA-2012:0125-01 File : nvt/gb_RHSA-2012_0125-01_glibc.nasl
2011-11-28	Name : Mandriva Update for glibc MDVSA-2011:178 (glibc) File : nvt/gb_mandriva_MDVSA_2011_178.nasl
2011-08-09	Name : CentOS Update for glibc CESA-2011:0412 centos5 i386 File : nvt/gb_CESA-2011_0412_glibc_centos5_i386.nasl
2011-04-06	Name : RedHat Update for glibc RHSA-2011:0412-01 File : nvt/gb_RHSA-2011_0412-01_glibc.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
72796	GNU C Library fnmatch() Function UTF8 String Handling Stack Corruption A memory corruption flaw exists in glibc. fnmatch() fails to sanitize user-supplied UTF8 strings resulting in memory corruption, allowing a context-dependent attacker to execute arbitrary code.

Information Assurance Vulnerability Management (IAVM)

Date	Description
2011-10-27	IAVM : 2011-A-0147 - Multiple Vulnerabilities in VMware ESX and ESXi Severity : Category I - VMSKEY : V0030545
2011-08-04	IAVM : 2011-A-0108 - Multiple Vulnerabilities in VMware ESX Service Console Severity : Category I - VMSKEY : V0029562

Nessus® Vulnerability Scanner

Date	Description
2016-08-19	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL09408132.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0012_remote.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2011-0010_remote.nasl - Type : ACT_GATHER_INFO
2015-02-02	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0023.nasl - Type : ACT_GATHER_INFO
2014-11-28	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15885.nasl - Type : ACT_GATHER_INFO
2013-12-03	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-01.nasl - Type : ACT_GATHER_INFO
2013-11-13	Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_0_build_515841_remote.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0412.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0413.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0125.nasl - Type : ACT_GATHER_INFO
2012-09-06	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-179.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110404_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120213_glibc_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-03-12	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1396-1.nasl - Type : ACT_GATHER_INFO
2012-02-14	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0125.nasl - Type : ACT_GATHER_INFO
2012-02-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0125.nasl - Type : ACT_GATHER_INFO
2011-12-13	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-110517.nasl - Type : ACT_GATHER_INFO
2011-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-7574.nasl - Type : ACT_GATHER_INFO
2011-11-28	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-178.nasl - Type : ACT_GATHER_INFO
2011-10-14	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0012.nasl - Type : ACT_GATHER_INFO
2011-08-01	Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2011-0010.nasl - Type : ACT_GATHER_INFO
2011-06-28	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-7575.nasl - Type : ACT_GATHER_INFO
2011-06-28	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-110516.nasl - Type : ACT_GATHER_INFO
2011-06-28	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12775.nasl - Type : ACT_GATHER_INFO
2011-04-15	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0412.nasl - Type : ACT_GATHER_INFO
2011-04-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0413.nasl - Type : ACT_GATHER_INFO
2011-04-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0412.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/46563
BUGTRAQ	http://www.securityfocus.com/archive/1/520102/100/0/threaded
CONFIRM	http://bugs.debian.org/615120 http://code.google.com/p/chromium/issues/detail?id=48733 http://sourceware.org/bugzilla/show_bug.cgi?id=11883 http://www.vmware.com/security/advisories/VMSA-2011-0012.html https://bugzilla.redhat.com/show_bug.cgi?id=681054
FULLDISC	http://seclists.org/fulldisclosure/2011/Feb/635 http://seclists.org/fulldisclosure/2011/Feb/644
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
MISC	http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-executio... http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=f15ce4d8dc139523fe0c273...
MLIST	http://openwall.com/lists/oss-security/2011/02/26/3 http://openwall.com/lists/oss-security/2011/02/28/11 http://openwall.com/lists/oss-security/2011/02/28/15
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT	http://www.redhat.com/support/errata/RHSA-2011-0412.html http://www.redhat.com/support/errata/RHSA-2011-0413.html
SECTRACK	http://securitytracker.com/id?1025290
SECUNIA	http://secunia.com/advisories/43492 http://secunia.com/advisories/43830 http://secunia.com/advisories/43989 http://secunia.com/advisories/46397
SREASON	http://securityreason.com/securityalert/8175
VUPEN	http://www.vupen.com/english/advisories/2011/0863

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-02-13 09:28:58	Multiple Updates
2021-05-04 12:14:08	Multiple Updates
2021-04-22 01:15:20	Multiple Updates
2020-12-11 01:06:28	Multiple Updates
2020-05-24 01:07:30	Multiple Updates
2020-05-23 01:44:01	Multiple Updates
2020-05-23 00:27:57	Multiple Updates
2019-03-07 12:03:57	Multiple Updates
2018-10-10 00:19:42	Multiple Updates
2018-05-30 12:03:31	Multiple Updates
2017-12-21 12:01:24	Multiple Updates
2017-09-19 09:24:16	Multiple Updates
2016-08-20 13:26:23	Multiple Updates
2016-04-26 20:36:40	Multiple Updates
2016-03-05 13:26:42	Multiple Updates
2015-02-03 13:24:09	Multiple Updates
2014-11-29 13:27:07	Multiple Updates
2014-02-17 11:00:56	Multiple Updates
2013-11-11 12:39:15	Multiple Updates
2013-05-10 22:56:08	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	3
CPE ID(s)	103
Sources(s)	25
osvdb(s)	1
Openvas Exploit(s)	9
IAVM(s)	2
Nessus® Exploit(s)	27

	Related
10	MDVSA-2011:178
7.9	VMSA-2011-0012
7.5	VMSA-2011-0010
7.5	USN-1396-1
7.2	RHSA-2012:0125
7.2	RHSA-2011:0412
7.2	MDVSA-2011:179
6.9	RHSA-2011:0413
6.9	GLSA-201312-01
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 9 more Alert(s)

5.1 - CVE-2011-1071

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Information Assurance Vulnerability Management (IAVM)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU