Vulnerability Name:

CVE-2011-2702 (CCN-77383)

Assigned:2011-07-11
Published:2012-08-01
Updated:2014-10-31
Summary:Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-94
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2011-2702

Source: MLIST
Type: UNKNOWN
[oss-security] 20110718 CVE id request: (e)glibc

Source: MLIST
Type: UNKNOWN
[oss-security] 20110720 Re: CVE id request: (e)glibc

Source: CONFIRM
Type: UNKNOWN
http://www.eglibc.org/cgi-bin/viewvc.cgi/trunk/libc/ChangeLog?view=markup&pathrev=10032

Source: CCN
Type: EGLIBC Web Site
EGLIBC: EGLIBC

Source: MISC
Type: UNKNOWN
http://www.nodefense.org/eglibc.txt

Source: OSVDB
Type: UNKNOWN
80718

Source: CCN
Type: OSVDB ID: 80718
GNU C Library (glibc) Supplemental Streaming SIMD Extensions 3 (SSSE3) Optimized memcpy Implementation Local Overflow

Source: MISC
Type: Exploit
http://xorl.wordpress.com/2011/08/06/cve-2011-2702-eglibc-and-glibc-signedness-issue/

Source: MISC
Type: UNKNOWN
https://bugzilla.novell.com/show_bug.cgi?id=706915

Source: XF
Type: UNKNOWN
eglibc-code-execution(77383)

Source: CONFIRM
Type: UNKNOWN
https://sourceware.org/git/?p=glibc.git;a=commit;h=a0ac24d98ace90d1ccba6a2f3e7d55600f2fdb6e

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [08-01-2012]

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:glibc:2.12:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:*:*:*:*:*:*:*:* (Version <= 2.12.2)

    • Configuration 2:
  • cpe:/a:gnu:eglibc:*:*:*:*:*:*:*:* (Version <= 2.12)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:15237
    P
    		USN-1396-1 -- GNU C Library vulnerabilities
    2014-06-30
    BACK
    gnu glibc 2.12
    gnu glibc 2.12.1
    gnu glibc *
    gnu eglibc *