Executive Summary

Summary
Title grep: Denial of Service
Informations
Name GLSA-201502-14 First vendor Publication 2015-02-25
Vendor Gentoo Last vendor Modification 2015-02-25
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 2.1 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

A vulnerability in grep could result in Denial of Service.

Background

grep is the GNU regular expression matcher.

Description

A heap buffer overrun has been fixed in the bmexec_trans function in kwset.c.

Impact

A local user can cause Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All grep users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/grep-2.21-r1"

References

[ 1 ] CVE-2015-1345 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1345

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201502-14.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201502-14.xml

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Os 1

Nessus® Vulnerability Scanner

Date Description
2017-06-29 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL42891424.nasl - Type : ACT_GATHER_INFO
2016-01-19 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2016-639.nasl - Type : ACT_GATHER_INFO
2015-12-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20151119_grep_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-12-02 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2015-2111.nasl - Type : ACT_GATHER_INFO
2015-11-24 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2015-2111.nasl - Type : ACT_GATHER_INFO
2015-11-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-2111.nasl - Type : ACT_GATHER_INFO
2015-09-23 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-598.nasl - Type : ACT_GATHER_INFO
2015-08-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150722_grep_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-07-30 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2015-1447.nasl - Type : ACT_GATHER_INFO
2015-07-28 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2015-1447.nasl - Type : ACT_GATHER_INFO
2015-07-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-1447.nasl - Type : ACT_GATHER_INFO
2015-02-26 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201502-14.nasl - Type : ACT_GATHER_INFO
2015-02-10 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-121.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2015-02-27 13:24:30
  • Multiple Updates
2015-02-25 13:22:03
  • First insertion