{"id":"USN-2985-1","summary":"eglibc, glibc vulnerabilities","details":"Martin Carpenter discovered that pt_chown in the GNU C Library did not\nproperly check permissions for tty files. A local attacker could use this\nto gain administrative privileges or expose sensitive information.\n(CVE-2013-2207, CVE-2016-2856)\n\nRobin Hack discovered that the Name Service Switch (NSS) implementation in\nthe GNU C Library did not properly manage its file descriptors. An attacker\ncould use this to cause a denial of service (infinite loop).\n(CVE-2014-8121)\n\nJoseph Myers discovered that the GNU C Library did not properly handle long\narguments to functions returning a representation of Not a Number (NaN). An\nattacker could use this to cause a denial of service (stack exhaustion\nleading to an application crash) or possibly execute arbitrary code.\n(CVE-2014-9761)\n\nArjun Shankar discovered that in certain situations the nss_dns code in the\nGNU C Library did not properly account buffer sizes when passed an\nunaligned buffer. An attacker could use this to cause a denial of service\nor possibly execute arbitrary code. (CVE-2015-1781)\n\nSumit Bose and Lukas Slebodnik discovered that the Name Service\nSwitch (NSS) implementation in the GNU C Library did not handle long\nlines in the files databases correctly. A local attacker could use\nthis to cause a denial of service (application crash) or possibly\nexecute arbitrary code. (CVE-2015-5277)\n\nAdam Nielsen discovered that the strftime function in the GNU C Library did\nnot properly handle out-of-range argument data. An attacker could use this\nto cause a denial of service (application crash) or possibly expose\nsensitive information. (CVE-2015-8776)\n\nHector Marco and Ismael Ripoll discovered that the GNU C Library allowed\nthe pointer-guarding protection mechanism to be disabled by honoring the\nLD_POINTER_GUARD environment variable across privilege boundaries. A local\nattacker could use this to exploit an existing vulnerability more easily.\n(CVE-2015-8777)\n\nSzabolcs Nagy discovered that the hcreate functions in the GNU C Library\ndid not properly check its size argument, leading to an integer overflow.\nAn attacker could use to cause a denial of service (application crash) or\npossibly execute arbitrary code. (CVE-2015-8778)\n\nMaksymilian Arciemowicz discovered a stack-based buffer overflow in the\ncatopen function in the GNU C Library when handling long catalog names. An\nattacker could use this to cause a denial of service (application crash) or\npossibly execute arbitrary code. (CVE-2015-8779)\n\nFlorian Weimer discovered that the getnetbyname implementation in the GNU C\nLibrary did not properly handle long names passed as arguments. An attacker\ncould use to cause a denial of service (stack exhaustion leading to an\napplication crash). (CVE-2016-3075)\n","modified":"2026-02-10T04:40:59Z","published":"2016-05-25T20:22:47Z","related":["UBUNTU-CVE-2013-2207","UBUNTU-CVE-2014-8121","UBUNTU-CVE-2014-9761","UBUNTU-CVE-2015-1781","UBUNTU-CVE-2015-5277","UBUNTU-CVE-2015-8776","UBUNTU-CVE-2015-8777","UBUNTU-CVE-2015-8778","UBUNTU-CVE-2015-8779","UBUNTU-CVE-2016-2856","UBUNTU-CVE-2016-3075"],"upstream":["CVE-2013-2207","CVE-2014-8121","CVE-2014-9761","CVE-2015-1781","CVE-2015-5277","CVE-2015-8776","CVE-2015-8777","CVE-2015-8778","CVE-2015-8779","CVE-2016-2856","CVE-2016-3075","UBUNTU-CVE-2013-2207","UBUNTU-CVE-2014-8121","UBUNTU-CVE-2014-9761","UBUNTU-CVE-2015-1781","UBUNTU-CVE-2015-5277","UBUNTU-CVE-2015-8776","UBUNTU-CVE-2015-8777","UBUNTU-CVE-2015-8778","UBUNTU-CVE-2015-8779","UBUNTU-CVE-2016-2856","UBUNTU-CVE-2016-3075"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2985-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-2207"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-8121"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-9761"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1781"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-5277"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8776"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8777"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8778"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8779"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2856"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-3075"}],"affected":[{"package":{"name":"eglibc","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/eglibc@2.19-0ubuntu6.8?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.19-0ubuntu6.8"}]}],"versions":["2.17-93ubuntu4","2.18-0ubuntu1","2.18-0ubuntu2","2.18-0ubuntu4","2.18-0ubuntu5","2.18-0ubuntu6","2.18-0ubuntu7","2.19-0ubuntu2","2.19-0ubuntu3","2.19-0ubuntu4","2.19-0ubuntu5","2.19-0ubuntu6","2.19-0ubuntu6.1","2.19-0ubuntu6.3","2.19-0ubuntu6.4","2.19-0ubuntu6.5","2.19-0ubuntu6.6","2.19-0ubuntu6.7"],"ecosystem_specific":{"binaries":[{"binary_version":"2.19-0ubuntu6.8","binary_name":"eglibc-source"},{"binary_version":"2.19-0ubuntu6.8","binary_name":"libc-bin"},{"binary_version":"2.19-0ubuntu6.8","binary_name":"libc-dev-bin"},{"binary_version":"2.19-0ubuntu6.8","binary_name":"libc6"},{"binary_version":"2.19-0ubuntu6.8","binary_name":"libc6-amd64"},{"binary_version":"2.19-0ubuntu6.8","binary_name":"libc6-armel"},{"binary_version":"2.19-0ubuntu6.8","binary_name":"libc6-dev"},{"binary_version":"2.19-0ubuntu6.8","binary_name":"libc6-dev-amd64"},{"binary_version":"2.19-0ubuntu6.8","binary_name":"libc6-dev-armel"},{"binary_version":"2.19-0ubuntu6.8","binary_name":"libc6-dev-i386"},{"binary_version":"2.19-0ubuntu6.8","binary_name":"libc6-dev-ppc64"},{"binary_version":"2.19-0ubuntu6.8","binary_name":"libc6-dev-x32"},{"binary_version":"2.19-0ubuntu6.8","binary_name":"libc6-i386"},{"binary_version":"2.19-0ubuntu6.8","binary_name":"libc6-pic"},{"binary_version":"2.19-0ubuntu6.8","binary_name":"libc6-ppc64"},{"binary_version":"2.19-0ubuntu6.8","binary_name":"libc6-prof"},{"binary_version":"2.19-0ubuntu6.8","binary_name":"libc6-x32"},{"binary_version":"2.19-0ubuntu6.8","binary_name":"multiarch-support"},{"binary_version":"2.19-0ubuntu6.8","binary_name":"nscd"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2985-1.json","cves_map":{"cves":[{"severity":[{"type":"Ubuntu","score":"low"}],"id":"CVE-2013-2207"},{"severity":[{"type":"Ubuntu","score":"low"}],"id":"CVE-2014-8121"},{"severity":[{"type":"Ubuntu","score":"low"}],"id":"CVE-2015-1781"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-5277"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2015-8776"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2015-8777"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2015-8778"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2015-8779"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-2856"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-3075"}],"ecosystem":"Ubuntu:14.04:LTS"}}}],"schema_version":"1.7.3"}