Common Vulnerabilities and Exposures assigned an identifier CVE-2009-4880 to the following vulnerability: Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391. References: [1] http://securityreason.com/achievement_securityalert/67 [2] https://bugzilla.redhat.com/show_bug.cgi?id=524671 [3] http://sources.redhat.com/bugzilla/show_bug.cgi?id=10600 [4] http://sourceware.org/git/?p=glibc.git;a=commit;h=199eb0de8d673fb23aa127721054b4f1803d61f3 [5] http://www.ubuntu.com/usn/USN-944-1 [6] http://www.securityfocus.com/bid/36443 [7] http://secunia.com/advisories/39900 [8] http://www.vupen.com/english/advisories/2010/1246 Public PoC (from [3]): [cx@localhost ~]$ php -r 'money_format("%.1073741821i",1);' Segmentation fault
More details on this bug can be found in upstream bugzilla #10600 or in Fedora bug #496386. Both issues affecting glibc and reported in SecurityReason Advisory 67 are corrected in Red Hat Enterprise Linux 6 glibc packages. Statement: Red Hat does not consider this bug to be a security issue. Properly written application should not use arbitrary untrusted data as part of the format string passed to functions as strfmon or printf family functions.