CVE-2001-0886

Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000447
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-037-01
http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html
http://www.ciac.org/ciac/bulletins/m-029.shtml
http://www.debian.org/security/2002/dsa-103
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-095.php3
http://www.linuxsecurity.com/advisories/other_advisory-1752.html
http://www.redhat.com/support/errata/RHSA-2001-160.html	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/245956
http://www.securityfocus.com/bid/3707
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-008
https://exchange.xforce.ibmcloud.com/vulnerabilities/7705

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:debian:debian_linux:2.1:::::::*
	cpe:2.3:o:redhat:linux::::::::
	cpe:2.3:o:redhat:linux:6.2:::::::*
	cpe:2.3:o:redhat:linux:7.0:::::::*
	cpe:2.3:o:redhat:linux:7.1:::::::*

History

No history.

Information

Published : 2001-12-21 05:00

Updated : 2018-05-03 01:29

NVD link : CVE-2001-0886

Mitre link : CVE-2001-0886

CVE.ORG link : CVE-2001-0886

JSON object : View

Products Affected

debian

debian_linux

redhat

linux

CWE

NVD-CWE-Other

{"id": "CVE-2001-0886", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2001-12-21T05:00:00.000", "references": [{"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000447", "source": "cve@mitre.org"}, {"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-037-01", "source": "cve@mitre.org"}, {"url": "http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html", "source": "cve@mitre.org"}, {"url": "http://www.ciac.org/ciac/bulletins/m-029.shtml", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2002/dsa-103", "source": "cve@mitre.org"}, {"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-095.php3", "source": "cve@mitre.org"}, {"url": "http://www.linuxsecurity.com/advisories/other_advisory-1752.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2001-160.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/245956", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3707", "source": "cve@mitre.org"}, {"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-008", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7705", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace \"{\" character."}, {"lang": "es", "value": "Desbordamiento de buffer en la funci\u00f3n glob de glibc para Red Hat Linux 6.2 a 7.2, y otros sistemas operativos, permite a atacantes causar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrarios mediante un patr\u00f3n de glob que acaba en una llave \"{\""}], "lastModified": "2018-05-03T01:29:14.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C67BDA1-9451-4026-AC6D-E912C882A757"}, {"criteria": "cpe:2.3:o:redhat:linux:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "182B6CF4-3E9D-4188-AFBF-749E2CB53300", "versionEndIncluding": "7.2"}, {"criteria": "cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0633B5A6-7A88-4A96-9462-4C09D124ED36"}, {"criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14"}, {"criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}