oval:org.mitre.oval:def:21515

Definition Id: oval:org.mitre.oval:def:21515
 
Oval ID: oval:org.mitre.oval:def:21515
Title: RHSA-2012:1097: glibc security and bug fix update (Moderate)
Description: The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
Family: unix Class: patch
Reference(s): RHSA-2012:1097-00
CESA-2012:1097
CVE-2012-3406
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15802
 
Oval ID: oval:org.mitre.oval:def:15802
Title: The operating system installed on the system is CentOS Linux 5.x
Description: The operating system installed on the system is CentOS Linux 5.x
Family: unix Class: inventory
Reference(s): cpe:/o:centos:centos:5
 Version: 7
Platform(s): CentOS Linux 5
 Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:21515
Definition Id: oval:org.mitre.oval:def:11414
 
Oval ID: oval:org.mitre.oval:def:11414
Title: The operating system installed on the system is Red Hat Enterprise Linux 5
Description: The operating system installed on the system is Red Hat Enterprise Linux 5.
Family: unix Class: inventory
Reference(s): cpe:/o:redhat:enterprise_linux:5
 Version: 7
Platform(s): Red Hat Enterprise Linux 5
 Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:21515