oval:org.mitre.oval:def:22825

Definition Id: oval:org.mitre.oval:def:22825
 
Oval ID: oval:org.mitre.oval:def:22825
Title: ELSA-2012:1097: glibc security and bug fix update (Moderate)
Description: The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
Family: unix Class: patch
Reference(s): ELSA-2012:1097-00
CVE-2012-3406
Version: 6
Platform(s): Oracle Linux 5
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15459
 
Oval ID: oval:org.mitre.oval:def:15459
Title: Oracle Linux 5.x
Description: The operating system installed on the system is Oracle Linux 5.x
Family: unix Class: inventory
Reference(s): cpe:/o:oracle:linux:5
Version: 7
Platform(s): Oracle Linux 5
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:22825