CVE-2012-3406 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3406): The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. CVE-2012-3405 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3405): The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404. CVE-2012-3404 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3404): The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers. @maintainers: Are we still affected by these?
fairly certain glibc-2.17 (current stable) already contains these fixes
If you can confirm we will gladly close this. Thank you.
CVE-2012-3404 & CVE-2012-3405 are def fixed in >=glibc-2.15 however, i'm not seeing CVE-2012-3406. RedHat is still carrying a patch for it.
Added to an existing GLSA request. Still need cleanup Same as Bug #488084 > But we need to do something about cleaning up the tree... glibc goes back to version > 2.10.1-r1 clearly vulnerable.
Maintainer(s), please drop the vulnerable version(s).
This issue was resolved and addressed in GLSA 201503-04 at http://security.gentoo.org/glsa/glsa-201503-04.xml by GLSA coordinator Kristian Fiskerstrand (K_F).