CVE-2009-5029

Published: May 2, 2013

Modified: Aug 7, 2024

PUBLISHED

Description

Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[libc-alpha] 20111215 integer overflow to heap overrun exploit in glibc

mailing-list

x_refsource_MLIST

http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/

x_refsource_MISC

http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=97ac2654b2d831acaa18a2b018b0736245903fd2

x_refsource_MISC

20111203 VSFTPD Remote Heap Overrun (low severity)

mailing-list

x_refsource_FULLDISC

https://bugzilla.redhat.com/show_bug.cgi?id=761245

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2009-5029

Description

Affected Products

References