CVE-2016-6559 (GCVE-0-2016-6559)

Vulnerability from cvelistv5 – Published: 2018-07-13 20:00 – Updated: 2024-08-06 01:36
VLAI?
Summary
Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37.
Severity ?
No CVSS data available.
CWE
Assigner
References
http://www.securitytracker.com/id/1037398 vdb-entryx_refsource_SECTRACK
https://www.freebsd.org/security/advisories/FreeB… vendor-advisoryx_refsource_FREEBSD
https://www.kb.cert.org/vuls/id/548487 third-party-advisoryx_refsource_CERT-VN
https://www.securityfocus.com/bid/94694 vdb-entryx_refsource_BID
Impacted products
Vendor Product Version
BSD libc library Affected: link_ntoa()
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:36:29.410Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1037398",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037398"
          },
          {
            "name": "FreeBSD-SA-16:37",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc"
          },
          {
            "name": "VU#548487",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/548487"
          },
          {
            "name": "94694",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "https://www.securityfocus.com/bid/94694"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libc library",
          "vendor": "BSD",
          "versions": [
            {
              "status": "affected",
              "version": "link_ntoa()"
            }
          ]
        }
      ],
      "datePublic": "2016-12-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-14T09:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "1037398",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037398"
        },
        {
          "name": "FreeBSD-SA-16:37",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc"
        },
        {
          "name": "VU#548487",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/548487"
        },
        {
          "name": "94694",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "https://www.securityfocus.com/bid/94694"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "The BSD libc library\u0027s link_ntoa() function may be vulnerable to a classic buffer overflow",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-6559",
          "STATE": "PUBLIC",
          "TITLE": "The BSD libc library\u0027s link_ntoa() function may be vulnerable to a classic buffer overflow"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "libc library",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_name": "link_ntoa()",
                            "version_value": "link_ntoa()"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "BSD"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-120"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1037398",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037398"
            },
            {
              "name": "FreeBSD-SA-16:37",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc"
            },
            {
              "name": "VU#548487",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/548487"
            },
            {
              "name": "94694",
              "refsource": "BID",
              "url": "https://www.securityfocus.com/bid/94694"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-6559",
    "datePublished": "2018-07-13T20:00:00",
    "dateReserved": "2016-08-03T00:00:00",
    "dateUpdated": "2024-08-06T01:36:29.410Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57052F01-8695-4C63-A947-7671375B9312\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6D63B21-9D2E-4B15-9E60-6181D44B1F55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21EFF723-7B5A-4712-8A6B-56CADAA4BFD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:10.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E102E760-362C-4DC7-BDED-E2CF9F94ECE7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53E56F4F-B418-44DD-9C97-7276A4C58F3E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37.\"}, {\"lang\": \"es\", \"value\": \"La comprobaci\\u00f3n de l\\u00edmites indebida en la variable obuf en la funci\\u00f3n link_ntoa() en linkaddr.c en la librer\\u00eda BSD libc podr\\u00eda permitir que un atacante lea o escriba desde la memoria. El impacto y severidad totales depende del m\\u00e9todo de explotaci\\u00f3n y de c\\u00f3mo las aplicaciones emplean la librer\\u00eda.  Seg\\u00fan el an\\u00e1lisis de los desarrolladores de FreeBSD, es muy improbable que existan aplicaciones que empleen link_ntoa() de forma explotable; el CERT/CC no conoce la existencia de alguna prueba de concepto. Una publicaci\\u00f3n en un blog describe las funcionalidades de link_ntoa() y se\\u00f1ala que ninguna de las utilidades base emplea esta funci\\u00f3n de forma explotable. El Security Advisory SA-16:37 de FreeBSD contiene m\\u00e1s informaci\\u00f3n.\"}]",
      "id": "CVE-2016-6559",
      "lastModified": "2024-11-21T02:56:21.310",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-07-13T20:29:00.910",
      "references": "[{\"url\": \"http://www.securitytracker.com/id/1037398\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc\", \"source\": \"cret@cert.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/548487\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.securityfocus.com/bid/94694\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037398\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/548487\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.securityfocus.com/bid/94694\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cret@cert.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-6559\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2018-07-13T20:29:00.910\",\"lastModified\":\"2024-11-21T02:56:21.310\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37.\"},{\"lang\":\"es\",\"value\":\"La comprobaci\u00f3n de l\u00edmites indebida en la variable obuf en la funci\u00f3n link_ntoa() en linkaddr.c en la librer\u00eda BSD libc podr\u00eda permitir que un atacante lea o escriba desde la memoria. El impacto y severidad totales depende del m\u00e9todo de explotaci\u00f3n y de c\u00f3mo las aplicaciones emplean la librer\u00eda.  Seg\u00fan el an\u00e1lisis de los desarrolladores de FreeBSD, es muy improbable que existan aplicaciones que empleen link_ntoa() de forma explotable; el CERT/CC no conoce la existencia de alguna prueba de concepto. Una publicaci\u00f3n en un blog describe las funcionalidades de link_ntoa() y se\u00f1ala que ninguna de las utilidades base emplea esta funci\u00f3n de forma explotable. El Security Advisory SA-16:37 de FreeBSD contiene m\u00e1s informaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57052F01-8695-4C63-A947-7671375B9312\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6D63B21-9D2E-4B15-9E60-6181D44B1F55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21EFF723-7B5A-4712-8A6B-56CADAA4BFD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E102E760-362C-4DC7-BDED-E2CF9F94ECE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53E56F4F-B418-44DD-9C97-7276A4C58F3E\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1037398\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/548487\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.securityfocus.com/bid/94694\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037398\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/548487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.securityfocus.com/bid/94694\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.