Red Hat Customer Portal

Skip to main content

CVE-2009-5029

Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.

Details Source

Mitre

Public Date

2009-06-01 00:00:00

Impact

Moderate

Bugzilla

CVE-2009-5029 glibc: __tzfile_read integer overflow to buffer overflow

Bugzilla ID

761 245

CVSS Status

verified

Base Score

6.50

Base Metrics

AV:N/AC:L/Au:S/C:P/I:P/A:P

IAVA

2012-A-0148

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (glibc) RHSA-2012:0125 2012-02-13
Red Hat Enterprise Linux 6 (glibc) RHSA-2012:0058 2012-01-24
Red Hat Enterprise Linux 5 (glibc) RHSA-2012:0126 2012-02-13

CWE

CWE-190

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 compat-glibc Affected
Red Hat Enterprise Linux 5 compat-glibc Affected
Red Hat Enterprise Linux 4 compat-glibc Affected
Red Hat Enterprise Linux 3 glibc Affected
Red Hat Enterprise Linux 3 compat-glibc Affected