ID CVE-2015-5229
Summary The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 28-11-2016 - 19:32)
Impact:
Exploitability:
CWE CWE-17
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1244002
    title NFS and Fuse mounts hang while running IO - Malloc/free deadlock
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment glibc is earlier than 0:2.12-1.166.el6_7.1
            oval oval:com.redhat.rhba:tst:20151465001
          • comment glibc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20120763002
        • AND
          • comment glibc-common is earlier than 0:2.12-1.166.el6_7.1
            oval oval:com.redhat.rhba:tst:20151465003
          • comment glibc-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20120763004
        • AND
          • comment glibc-devel is earlier than 0:2.12-1.166.el6_7.1
            oval oval:com.redhat.rhba:tst:20151465005
          • comment glibc-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20120763006
        • AND
          • comment glibc-headers is earlier than 0:2.12-1.166.el6_7.1
            oval oval:com.redhat.rhba:tst:20151465007
          • comment glibc-headers is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20120763008
        • AND
          • comment glibc-static is earlier than 0:2.12-1.166.el6_7.1
            oval oval:com.redhat.rhba:tst:20151465009
          • comment glibc-static is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20120763010
        • AND
          • comment glibc-utils is earlier than 0:2.12-1.166.el6_7.1
            oval oval:com.redhat.rhba:tst:20151465011
          • comment glibc-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20120763012
        • AND
          • comment nscd is earlier than 0:2.12-1.166.el6_7.1
            oval oval:com.redhat.rhba:tst:20151465013
          • comment nscd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20120763014
    rhsa
    id RHBA-2015:1465
    released 2015-07-22
    severity Low
    title RHBA-2015:1465: glibc bug fix update (Low)
  • rhsa
    id RHSA-2016:0176
rpms
  • glibc-0:2.12-1.166.el6_7.1
  • glibc-common-0:2.12-1.166.el6_7.1
  • glibc-debuginfo-0:2.12-1.166.el6_7.1
  • glibc-debuginfo-common-0:2.12-1.166.el6_7.1
  • glibc-devel-0:2.12-1.166.el6_7.1
  • glibc-headers-0:2.12-1.166.el6_7.1
  • glibc-static-0:2.12-1.166.el6_7.1
  • glibc-utils-0:2.12-1.166.el6_7.1
  • nscd-0:2.12-1.166.el6_7.1
  • glibc-0:2.17-106.el7_2.4
  • glibc-common-0:2.17-106.el7_2.4
  • glibc-debuginfo-0:2.17-106.el7_2.4
  • glibc-debuginfo-common-0:2.17-106.el7_2.4
  • glibc-devel-0:2.17-106.el7_2.4
  • glibc-headers-0:2.17-106.el7_2.4
  • glibc-static-0:2.17-106.el7_2.4
  • glibc-utils-0:2.17-106.el7_2.4
  • nscd-0:2.17-106.el7_2.4
refmap via4
bid 84172
confirm
Last major update 28-11-2016 - 19:32
Published 08-04-2016 - 15:59
Last modified 28-11-2016 - 19:32
Back to Top