ID CVE-2014-6040 Type cve Reporter cve@mitre.org Modified 2017-01-03T02:59:00
Description
GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.
{"f5": [{"lastseen": "2016-09-26T17:23:20", "bulletinFamily": "software", "cvelist": ["CVE-2014-6040"], "edition": 1, "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you should permit access to F5 products only over a secure network, and limit login access to trusted users. For additional information, refer to SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL10322: FirePass hotfix matrix\n * SOL12766: ARX hotfix matrix\n * SOL3430: Installing FirePass hotfixes\n * SOL6664: Obtaining and installing OPSWAT hotfixes\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "modified": "2015-09-16T00:00:00", "published": "2015-04-14T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/400/sol16435.html", "id": "SOL16435", "title": "SOL16435 - GNU C Library vulnerability CVE-2014-6040", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T01:58:08", "description": "GNU C Library (aka glibc) before 2.20 allows context-dependent\nattackers to cause a denial of service (out-of-bounds read and crash)\nvia a multibyte character value of '0xffff' to the iconv function when\nconverting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5)\nIBM1364 encoded data to UTF-8.", "edition": 26, "published": "2015-09-17T00:00:00", "title": "F5 Networks BIG-IP : GNU C Library vulnerability (SOL16435)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6040"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL16435.NASL", "href": "https://www.tenable.com/plugins/nessus/85963", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL16435.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85963);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2014-6040\");\n script_bugtraq_id(69472);\n\n script_name(english:\"F5 Networks BIG-IP : GNU C Library vulnerability (SOL16435)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"GNU C Library (aka glibc) before 2.20 allows context-dependent\nattackers to cause a denial of service (out-of-bounds read and crash)\nvia a multibyte character value of '0xffff' to the iconv function when\nconverting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5)\nIBM1364 encoded data to UTF-8.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16435\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL16435.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL16435\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.6.0\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T01:19:02", "description": "An out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the files back end of Name Service Switch (NSS) did\nnot isolate iteration over an entire database from key-based look-up\nAPI calls. An application performing look-ups on a database while\niterating over it could enter an infinite loop, leading to a denial of\nservice. (CVE-2014-8121)", "edition": 24, "published": "2015-03-25T00:00:00", "title": "Amazon Linux AMI : glibc (ALAS-2015-495)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6040", "CVE-2014-8121"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:glibc-debuginfo", "p-cpe:/a:amazon:linux:glibc-devel", "p-cpe:/a:amazon:linux:glibc-utils", "p-cpe:/a:amazon:linux:nscd", "p-cpe:/a:amazon:linux:glibc", "p-cpe:/a:amazon:linux:glibc-common", "p-cpe:/a:amazon:linux:glibc-debuginfo-common", "p-cpe:/a:amazon:linux:glibc-static", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:glibc-headers"], "id": "ALA_ALAS-2015-495.NASL", "href": "https://www.tenable.com/plugins/nessus/82044", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-495.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82044);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-8121\");\n script_xref(name:\"ALAS\", value:\"2015-495\");\n\n script_name(english:\"Amazon Linux AMI : glibc (ALAS-2015-495)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the files back end of Name Service Switch (NSS) did\nnot isolate iteration over an entire database from key-based look-up\nAPI calls. An application performing look-ups on a database while\niterating over it could enter an infinite loop, leading to a denial of\nservice. (CVE-2014-8121)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-495.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update glibc' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"glibc-2.17-55.139.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-common-2.17-55.139.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-2.17-55.139.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-common-2.17-55.139.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-devel-2.17-55.139.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-headers-2.17-55.139.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-static-2.17-55.139.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-utils-2.17-55.139.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nscd-2.17-55.139.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T05:05:19", "description": "Updated glibc packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the files back end of Name Service Switch (NSS) did\nnot isolate iteration over an entire database from key-based look-up\nAPI calls. An application performing look-ups on a database while\niterating over it could enter an infinite loop, leading to a denial of\nservice. (CVE-2014-8121)\n\nThis update also fixes the following bugs :\n\n* Due to problems with buffer extension and reallocation, the nscd\ndaemon terminated unexpectedly with a segmentation fault when\nprocessing long netgroup entries. With this update, the handling of\nlong netgroup entries has been corrected and nscd no longer crashes in\nthe described scenario. (BZ#1138520)\n\n* If a file opened in append mode was truncated with the ftruncate()\nfunction, a subsequent ftell() call could incorrectly modify the file\noffset. This update ensures that ftell() modifies the stream state\nonly when it is in append mode and the buffer for the stream is not\nempty. (BZ#1156331)\n\n* A defect in the C library headers caused builds with older compilers\nto generate incorrect code for the btowc() function in the older\ncompatibility C++ standard library. Applications calling btowc() in\nthe compatibility C++ standard library became unresponsive. With this\nupdate, the C library headers have been corrected, and the\ncompatibility C++ standard library shipped with Red Hat Enterprise\nLinux has been rebuilt. Applications that rely on the compatibility\nC++ standard library no longer hang when calling btowc(). (BZ#1120490)\n\n* Previously, when using netgroups and the nscd daemon was set up to\ncache netgroup information, the sudo utility denied access to valid\nusers. The bug in nscd has been fixed, and sudo now works in netgroups\nas expected. (BZ#1080766)\n\nUsers of glibc are advised to upgrade to these updated packages, which\nfix these issues.", "edition": 28, "published": "2015-03-05T00:00:00", "title": "RHEL 7 : glibc (RHSA-2015:0327)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6040", "CVE-2014-8121"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc-static", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "cpe:/o:redhat:enterprise_linux:7.5", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common"], "id": "REDHAT-RHSA-2015-0327.NASL", "href": "https://www.tenable.com/plugins/nessus/81630", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0327. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81630);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-8121\");\n script_bugtraq_id(73038);\n script_xref(name:\"RHSA\", value:\"2015:0327\");\n\n script_name(english:\"RHEL 7 : glibc (RHSA-2015:0327)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the files back end of Name Service Switch (NSS) did\nnot isolate iteration over an entire database from key-based look-up\nAPI calls. An application performing look-ups on a database while\niterating over it could enter an infinite loop, leading to a denial of\nservice. (CVE-2014-8121)\n\nThis update also fixes the following bugs :\n\n* Due to problems with buffer extension and reallocation, the nscd\ndaemon terminated unexpectedly with a segmentation fault when\nprocessing long netgroup entries. With this update, the handling of\nlong netgroup entries has been corrected and nscd no longer crashes in\nthe described scenario. (BZ#1138520)\n\n* If a file opened in append mode was truncated with the ftruncate()\nfunction, a subsequent ftell() call could incorrectly modify the file\noffset. This update ensures that ftell() modifies the stream state\nonly when it is in append mode and the buffer for the stream is not\nempty. (BZ#1156331)\n\n* A defect in the C library headers caused builds with older compilers\nto generate incorrect code for the btowc() function in the older\ncompatibility C++ standard library. Applications calling btowc() in\nthe compatibility C++ standard library became unresponsive. With this\nupdate, the C library headers have been corrected, and the\ncompatibility C++ standard library shipped with Red Hat Enterprise\nLinux has been rebuilt. Applications that rely on the compatibility\nC++ standard library no longer hang when calling btowc(). (BZ#1120490)\n\n* Previously, when using netgroups and the nscd daemon was set up to\ncache netgroup information, the sudo utility denied access to valid\nusers. The bug in nscd has been fixed, and sudo now works in netgroups\nas expected. (BZ#1080766)\n\nUsers of glibc are advised to upgrade to these updated packages, which\nfix these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8121\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0327\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-2.17-78.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-common-2.17-78.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-78.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-debuginfo-2.17-78.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-debuginfo-common-2.17-78.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-devel-2.17-78.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-headers-2.17-78.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-78.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-static-2.17-78.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-utils-2.17-78.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-78.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"nscd-2.17-78.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"nscd-2.17-78.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:30:02", "description": "Updated glibc packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the files back end of Name Service Switch (NSS) did\nnot isolate iteration over an entire database from key-based look-up\nAPI calls. An application performing look-ups on a database while\niterating over it could enter an infinite loop, leading to a denial of\nservice. (CVE-2014-8121)\n\nThis update also fixes the following bugs :\n\n* Due to problems with buffer extension and reallocation, the nscd\ndaemon terminated unexpectedly with a segmentation fault when\nprocessing long netgroup entries. With this update, the handling of\nlong netgroup entries has been corrected and nscd no longer crashes in\nthe described scenario. (BZ#1138520)\n\n* If a file opened in append mode was truncated with the ftruncate()\nfunction, a subsequent ftell() call could incorrectly modify the file\noffset. This update ensures that ftell() modifies the stream state\nonly when it is in append mode and the buffer for the stream is not\nempty. (BZ#1156331)\n\n* A defect in the C library headers caused builds with older compilers\nto generate incorrect code for the btowc() function in the older\ncompatibility C++ standard library. Applications calling btowc() in\nthe compatibility C++ standard library became unresponsive. With this\nupdate, the C library headers have been corrected, and the\ncompatibility C++ standard library shipped with Red Hat Enterprise\nLinux has been rebuilt. Applications that rely on the compatibility\nC++ standard library no longer hang when calling btowc(). (BZ#1120490)\n\n* Previously, when using netgroups and the nscd daemon was set up to\ncache netgroup information, the sudo utility denied access to valid\nusers. The bug in nscd has been fixed, and sudo now works in netgroups\nas expected. (BZ#1080766)\n\nUsers of glibc are advised to upgrade to these updated packages, which\nfix these issues.", "edition": 28, "published": "2015-03-18T00:00:00", "title": "CentOS 7 : glibc (CESA-2015:0327)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6040", "CVE-2014-8121"], "modified": "2015-03-18T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-static", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc"], "id": "CENTOS_RHSA-2015-0327.NASL", "href": "https://www.tenable.com/plugins/nessus/81889", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0327 and \n# CentOS Errata and Security Advisory 2015:0327 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81889);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-8121\");\n script_bugtraq_id(73038);\n script_xref(name:\"RHSA\", value:\"2015:0327\");\n\n script_name(english:\"CentOS 7 : glibc (CESA-2015:0327)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the files back end of Name Service Switch (NSS) did\nnot isolate iteration over an entire database from key-based look-up\nAPI calls. An application performing look-ups on a database while\niterating over it could enter an infinite loop, leading to a denial of\nservice. (CVE-2014-8121)\n\nThis update also fixes the following bugs :\n\n* Due to problems with buffer extension and reallocation, the nscd\ndaemon terminated unexpectedly with a segmentation fault when\nprocessing long netgroup entries. With this update, the handling of\nlong netgroup entries has been corrected and nscd no longer crashes in\nthe described scenario. (BZ#1138520)\n\n* If a file opened in append mode was truncated with the ftruncate()\nfunction, a subsequent ftell() call could incorrectly modify the file\noffset. This update ensures that ftell() modifies the stream state\nonly when it is in append mode and the buffer for the stream is not\nempty. (BZ#1156331)\n\n* A defect in the C library headers caused builds with older compilers\nto generate incorrect code for the btowc() function in the older\ncompatibility C++ standard library. Applications calling btowc() in\nthe compatibility C++ standard library became unresponsive. With this\nupdate, the C library headers have been corrected, and the\ncompatibility C++ standard library shipped with Red Hat Enterprise\nLinux has been rebuilt. Applications that rely on the compatibility\nC++ standard library no longer hang when calling btowc(). (BZ#1120490)\n\n* Previously, when using netgroups and the nscd daemon was set up to\ncache netgroup information, the sudo utility denied access to valid\nusers. The bug in nscd has been fixed, and sudo now works in netgroups\nas expected. (BZ#1080766)\n\nUsers of glibc are advised to upgrade to these updated packages, which\nfix these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-March/001556.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ee84a05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-6040\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-2.17-78.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-78.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-78.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-78.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-78.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-78.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nscd-2.17-78.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T12:49:48", "description": "From Red Hat Security Advisory 2015:0327 :\n\nUpdated glibc packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the files back end of Name Service Switch (NSS) did\nnot isolate iteration over an entire database from key-based look-up\nAPI calls. An application performing look-ups on a database while\niterating over it could enter an infinite loop, leading to a denial of\nservice. (CVE-2014-8121)\n\nThis update also fixes the following bugs :\n\n* Due to problems with buffer extension and reallocation, the nscd\ndaemon terminated unexpectedly with a segmentation fault when\nprocessing long netgroup entries. With this update, the handling of\nlong netgroup entries has been corrected and nscd no longer crashes in\nthe described scenario. (BZ#1138520)\n\n* If a file opened in append mode was truncated with the ftruncate()\nfunction, a subsequent ftell() call could incorrectly modify the file\noffset. This update ensures that ftell() modifies the stream state\nonly when it is in append mode and the buffer for the stream is not\nempty. (BZ#1156331)\n\n* A defect in the C library headers caused builds with older compilers\nto generate incorrect code for the btowc() function in the older\ncompatibility C++ standard library. Applications calling btowc() in\nthe compatibility C++ standard library became unresponsive. With this\nupdate, the C library headers have been corrected, and the\ncompatibility C++ standard library shipped with Red Hat Enterprise\nLinux has been rebuilt. Applications that rely on the compatibility\nC++ standard library no longer hang when calling btowc(). (BZ#1120490)\n\n* Previously, when using netgroups and the nscd daemon was set up to\ncache netgroup information, the sudo utility denied access to valid\nusers. The bug in nscd has been fixed, and sudo now works in netgroups\nas expected. (BZ#1080766)\n\nUsers of glibc are advised to upgrade to these updated packages, which\nfix these issues.", "edition": 25, "published": "2015-03-10T00:00:00", "title": "Oracle Linux 7 : glibc (ELSA-2015-0327)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6040", "CVE-2014-8121"], "modified": "2015-03-10T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:nscd", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:glibc-static", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc"], "id": "ORACLELINUX_ELSA-2015-0327.NASL", "href": "https://www.tenable.com/plugins/nessus/81722", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0327 and \n# Oracle Linux Security Advisory ELSA-2015-0327 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81722);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-8121\");\n script_bugtraq_id(68505, 68983, 69472, 71216, 72325, 73038);\n script_xref(name:\"RHSA\", value:\"2015:0327\");\n\n script_name(english:\"Oracle Linux 7 : glibc (ELSA-2015-0327)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0327 :\n\nUpdated glibc packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the files back end of Name Service Switch (NSS) did\nnot isolate iteration over an entire database from key-based look-up\nAPI calls. An application performing look-ups on a database while\niterating over it could enter an infinite loop, leading to a denial of\nservice. (CVE-2014-8121)\n\nThis update also fixes the following bugs :\n\n* Due to problems with buffer extension and reallocation, the nscd\ndaemon terminated unexpectedly with a segmentation fault when\nprocessing long netgroup entries. With this update, the handling of\nlong netgroup entries has been corrected and nscd no longer crashes in\nthe described scenario. (BZ#1138520)\n\n* If a file opened in append mode was truncated with the ftruncate()\nfunction, a subsequent ftell() call could incorrectly modify the file\noffset. This update ensures that ftell() modifies the stream state\nonly when it is in append mode and the buffer for the stream is not\nempty. (BZ#1156331)\n\n* A defect in the C library headers caused builds with older compilers\nto generate incorrect code for the btowc() function in the older\ncompatibility C++ standard library. Applications calling btowc() in\nthe compatibility C++ standard library became unresponsive. With this\nupdate, the C library headers have been corrected, and the\ncompatibility C++ standard library shipped with Red Hat Enterprise\nLinux has been rebuilt. Applications that rely on the compatibility\nC++ standard library no longer hang when calling btowc(). (BZ#1120490)\n\n* Previously, when using netgroups and the nscd daemon was set up to\ncache netgroup information, the sudo utility denied access to valid\nusers. The bug in nscd has been fixed, and sudo now works in netgroups\nas expected. (BZ#1080766)\n\nUsers of glibc are advised to upgrade to these updated packages, which\nfix these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004874.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-2.17-78.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-78.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-78.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-78.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-78.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-78.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nscd-2.17-78.0.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T05:05:08", "description": "Updated glibc packages that fix two security issues and two bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command\nsubstitution even when the WRDE_NOCMD flag was specified. An attacker\nable to provide specially crafted input to an application using the\nwordexp() function, and not sanitizing the input correctly, could\npotentially use this flaw to execute arbitrary commands with the\ncredentials of the user running that application. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs :\n\n* Previously, when an address lookup using the getaddrinfo() function\nfor the AF_UNSPEC value was performed on a defective DNS server, the\nserver in some cases responded with a valid response for the A record,\nbut a referral response for the AAAA record, which resulted in a\nlookup failure. A prior update was implemented for getaddrinfo() to\nreturn the valid response, but it contained a typographical error, due\nto which the lookup could under some circumstances still fail. This\nerror has been corrected and getaddrinfo() now returns a valid\nresponse in the described circumstances. (BZ#1172023)\n\n* An error in the dlopen() library function previously caused\nrecursive calls to dlopen() to terminate unexpectedly or to abort with\na library assertion. This error has been fixed and recursive calls to\ndlopen() no longer crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.", "edition": 27, "published": "2015-01-08T00:00:00", "title": "RHEL 6 : glibc (RHSA-2015:0016)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "cpe:/o:redhat:enterprise_linux:6.6", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common"], "id": "REDHAT-RHSA-2015-0016.NASL", "href": "https://www.tenable.com/plugins/nessus/80408", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0016. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80408);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-7817\");\n script_bugtraq_id(69472, 71216);\n script_xref(name:\"RHSA\", value:\"2015:0016\");\n\n script_name(english:\"RHEL 6 : glibc (RHSA-2015:0016)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix two security issues and two bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command\nsubstitution even when the WRDE_NOCMD flag was specified. An attacker\nable to provide specially crafted input to an application using the\nwordexp() function, and not sanitizing the input correctly, could\npotentially use this flaw to execute arbitrary commands with the\ncredentials of the user running that application. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs :\n\n* Previously, when an address lookup using the getaddrinfo() function\nfor the AF_UNSPEC value was performed on a defective DNS server, the\nserver in some cases responded with a valid response for the A record,\nbut a referral response for the AAAA record, which resulted in a\nlookup failure. A prior update was implemented for getaddrinfo() to\nreturn the valid response, but it contained a typographical error, due\nto which the lookup could under some circumstances still fail. This\nerror has been corrected and getaddrinfo() now returns a valid\nresponse in the described circumstances. (BZ#1172023)\n\n* An error in the dlopen() library function previously caused\nrecursive calls to dlopen() to terminate unexpectedly or to abort with\na library assertion. This error has been fixed and recursive calls to\ndlopen() no longer crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6040\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0016\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-common-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-common-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-common-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-devel-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-headers-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-headers-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-static-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-utils-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-utils-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"nscd-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"nscd-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"nscd-2.12-1.149.el6_6.4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:29:57", "description": "Updated glibc packages that fix two security issues and two bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command\nsubstitution even when the WRDE_NOCMD flag was specified. An attacker\nable to provide specially crafted input to an application using the\nwordexp() function, and not sanitizing the input correctly, could\npotentially use this flaw to execute arbitrary commands with the\ncredentials of the user running that application. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs :\n\n* Previously, when an address lookup using the getaddrinfo() function\nfor the AF_UNSPEC value was performed on a defective DNS server, the\nserver in some cases responded with a valid response for the A record,\nbut a referral response for the AAAA record, which resulted in a\nlookup failure. A prior update was implemented for getaddrinfo() to\nreturn the valid response, but it contained a typographical error, due\nto which the lookup could under some circumstances still fail. This\nerror has been corrected and getaddrinfo() now returns a valid\nresponse in the described circumstances. (BZ#1172023)\n\n* An error in the dlopen() library function previously caused\nrecursive calls to dlopen() to terminate unexpectedly or to abort with\na library assertion. This error has been fixed and recursive calls to\ndlopen() no longer crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.", "edition": 28, "published": "2015-01-08T00:00:00", "title": "CentOS 6 : glibc (CESA-2015:0016)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "modified": "2015-01-08T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc-common", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:nscd", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-static", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc"], "id": "CENTOS_RHSA-2015-0016.NASL", "href": "https://www.tenable.com/plugins/nessus/80400", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0016 and \n# CentOS Errata and Security Advisory 2015:0016 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80400);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-7817\");\n script_bugtraq_id(69472, 71216);\n script_xref(name:\"RHSA\", value:\"2015:0016\");\n\n script_name(english:\"CentOS 6 : glibc (CESA-2015:0016)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix two security issues and two bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command\nsubstitution even when the WRDE_NOCMD flag was specified. An attacker\nable to provide specially crafted input to an application using the\nwordexp() function, and not sanitizing the input correctly, could\npotentially use this flaw to execute arbitrary commands with the\ncredentials of the user running that application. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs :\n\n* Previously, when an address lookup using the getaddrinfo() function\nfor the AF_UNSPEC value was performed on a defective DNS server, the\nserver in some cases responded with a valid response for the A record,\nbut a referral response for the AAAA record, which resulted in a\nlookup failure. A prior update was implemented for getaddrinfo() to\nreturn the valid response, but it contained a typographical error, due\nto which the lookup could under some circumstances still fail. This\nerror has been corrected and getaddrinfo() now returns a valid\nresponse in the described circumstances. (BZ#1172023)\n\n* An error in the dlopen() library function previously caused\nrecursive calls to dlopen() to terminate unexpectedly or to abort with\na library assertion. This error has been fixed and recursive calls to\ndlopen() no longer crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-January/020863.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f8c20447\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-6040\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-common-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-devel-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-headers-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-static-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-utils-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nscd-2.12-1.149.el6_6.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T12:49:45", "description": "From Red Hat Security Advisory 2015:0016 :\n\nUpdated glibc packages that fix two security issues and two bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command\nsubstitution even when the WRDE_NOCMD flag was specified. An attacker\nable to provide specially crafted input to an application using the\nwordexp() function, and not sanitizing the input correctly, could\npotentially use this flaw to execute arbitrary commands with the\ncredentials of the user running that application. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs :\n\n* Previously, when an address lookup using the getaddrinfo() function\nfor the AF_UNSPEC value was performed on a defective DNS server, the\nserver in some cases responded with a valid response for the A record,\nbut a referral response for the AAAA record, which resulted in a\nlookup failure. A prior update was implemented for getaddrinfo() to\nreturn the valid response, but it contained a typographical error, due\nto which the lookup could under some circumstances still fail. This\nerror has been corrected and getaddrinfo() now returns a valid\nresponse in the described circumstances. (BZ#1172023)\n\n* An error in the dlopen() library function previously caused\nrecursive calls to dlopen() to terminate unexpectedly or to abort with\na library assertion. This error has been fixed and recursive calls to\ndlopen() no longer crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.", "edition": 25, "published": "2015-01-08T00:00:00", "title": "Oracle Linux 6 : glibc (ELSA-2015-0016)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "modified": "2015-01-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:nscd", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:glibc-static", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc"], "id": "ORACLELINUX_ELSA-2015-0016.NASL", "href": "https://www.tenable.com/plugins/nessus/80407", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0016 and \n# Oracle Linux Security Advisory ELSA-2015-0016 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80407);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-7817\");\n script_bugtraq_id(69472, 71216);\n script_xref(name:\"RHSA\", value:\"2015:0016\");\n\n script_name(english:\"Oracle Linux 6 : glibc (ELSA-2015-0016)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0016 :\n\nUpdated glibc packages that fix two security issues and two bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command\nsubstitution even when the WRDE_NOCMD flag was specified. An attacker\nable to provide specially crafted input to an application using the\nwordexp() function, and not sanitizing the input correctly, could\npotentially use this flaw to execute arbitrary commands with the\ncredentials of the user running that application. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs :\n\n* Previously, when an address lookup using the getaddrinfo() function\nfor the AF_UNSPEC value was performed on a defective DNS server, the\nserver in some cases responded with a valid response for the A record,\nbut a referral response for the AAAA record, which resulted in a\nlookup failure. A prior update was implemented for getaddrinfo() to\nreturn the valid response, but it contained a typographical error, due\nto which the lookup could under some circumstances still fail. This\nerror has been corrected and getaddrinfo() now returns a valid\nresponse in the described circumstances. (BZ#1172023)\n\n* An error in the dlopen() library function previously caused\nrecursive calls to dlopen() to terminate unexpectedly or to abort with\na library assertion. This error has been fixed and recursive calls to\ndlopen() no longer crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-January/004773.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"glibc-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-common-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-devel-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-headers-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-static-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-utils-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nscd-2.12-1.149.el6_6.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:48:37", "description": "An out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command\nsubstitution even when the WRDE_NOCMD flag was specified. An attacker\nable to provide specially crafted input to an application using the\nwordexp() function, and not sanitizing the input correctly, could\npotentially use this flaw to execute arbitrary commands with the\ncredentials of the user running that application. (CVE-2014-7817)\n\nThis update also fixes the following bugs :\n\n - Previously, when an address lookup using the\n getaddrinfo() function for the AF_UNSPEC value was\n performed on a defective DNS server, the server in some\n cases responded with a valid response for the A record,\n but a referral response for the AAAA record, which\n resulted in a lookup failure. A prior update was\n implemented for getaddrinfo() to return the valid\n response, but it contained a typographical error, due to\n which the lookup could under some circumstances still\n fail. This error has been corrected and getaddrinfo()\n now returns a valid response in the described\n circumstances.\n\n - An error in the dlopen() library function previously\n caused recursive calls to dlopen() to terminate\n unexpectedly or to abort with a library assertion. This\n error has been fixed and recursive calls to dlopen() no\n longer crash or abort.", "edition": 15, "published": "2015-01-08T00:00:00", "title": "Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20150107)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "modified": "2015-01-08T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-static", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:nscd", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:glibc-headers"], "id": "SL_20150107_GLIBC_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/80409", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80409);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-7817\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20150107)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command\nsubstitution even when the WRDE_NOCMD flag was specified. An attacker\nable to provide specially crafted input to an application using the\nwordexp() function, and not sanitizing the input correctly, could\npotentially use this flaw to execute arbitrary commands with the\ncredentials of the user running that application. (CVE-2014-7817)\n\nThis update also fixes the following bugs :\n\n - Previously, when an address lookup using the\n getaddrinfo() function for the AF_UNSPEC value was\n performed on a defective DNS server, the server in some\n cases responded with a valid response for the A record,\n but a referral response for the AAAA record, which\n resulted in a lookup failure. A prior update was\n implemented for getaddrinfo() to return the valid\n response, but it contained a typographical error, due to\n which the lookup could under some circumstances still\n fail. This error has been corrected and getaddrinfo()\n now returns a valid response in the described\n circumstances.\n\n - An error in the dlopen() library function previously\n caused recursive calls to dlopen() to terminate\n unexpectedly or to abort with a library assertion. This\n error has been fixed and recursive calls to dlopen() no\n longer crash or abort.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1501&L=scientific-linux-errata&T=0&P=532\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3edcc27a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"glibc-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-common-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-debuginfo-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-debuginfo-common-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-devel-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-headers-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-static-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-utils-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nscd-2.12-1.149.el6_6.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:48:41", "description": "An out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the files back end of Name Service Switch (NSS) did\nnot isolate iteration over an entire database from key-based look-up\nAPI calls. An application performing look-ups on a database while\niterating over it could enter an infinite loop, leading to a denial of\nservice. (CVE-2014-8121)\n\nThis update also fixes the following bugs :\n\n - Due to problems with buffer extension and reallocation,\n the nscd daemon terminated unexpectedly with a\n segmentation fault when processing long netgroup\n entries. With this update, the handling of long netgroup\n entries has been corrected and nscd no longer crashes in\n the described scenario.\n\n - If a file opened in append mode was truncated with the\n ftruncate() function, a subsequent ftell() call could\n incorrectly modify the file offset. This update ensures\n that ftell() modifies the stream state only when it is\n in append mode and the buffer for the stream is not\n empty.\n\n - A defect in the C library headers caused builds with\n older compilers to generate incorrect code for the\n btowc() function in the older compatibility C++ standard\n library. Applications calling btowc() in the\n compatibility C++ standard library became unresponsive.\n With this update, the C library headers have been\n corrected, and the compatibility C++ standard library\n shipped with Scientific Linux has been rebuilt.\n Applications that rely on the compatibility C++ standard\n library no longer hang when calling btowc().\n\n - Previously, when using netgroups and the nscd daemon was\n set up to cache netgroup information, the sudo utility\n denied access to valid users. The bug in nscd has been\n fixed, and sudo now works in netgroups as expected.", "edition": 15, "published": "2015-03-26T00:00:00", "title": "Scientific Linux Security Update : glibc on SL7.x x86_64 (20150305)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6040", "CVE-2014-8121"], "modified": "2015-03-26T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-static", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:nscd", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:glibc-headers"], "id": "SL_20150305_GLIBC_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/82250", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82250);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-8121\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL7.x x86_64 (20150305)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the files back end of Name Service Switch (NSS) did\nnot isolate iteration over an entire database from key-based look-up\nAPI calls. An application performing look-ups on a database while\niterating over it could enter an infinite loop, leading to a denial of\nservice. (CVE-2014-8121)\n\nThis update also fixes the following bugs :\n\n - Due to problems with buffer extension and reallocation,\n the nscd daemon terminated unexpectedly with a\n segmentation fault when processing long netgroup\n entries. With this update, the handling of long netgroup\n entries has been corrected and nscd no longer crashes in\n the described scenario.\n\n - If a file opened in append mode was truncated with the\n ftruncate() function, a subsequent ftell() call could\n incorrectly modify the file offset. This update ensures\n that ftell() modifies the stream state only when it is\n in append mode and the buffer for the stream is not\n empty.\n\n - A defect in the C library headers caused builds with\n older compilers to generate incorrect code for the\n btowc() function in the older compatibility C++ standard\n library. Applications calling btowc() in the\n compatibility C++ standard library became unresponsive.\n With this update, the C library headers have been\n corrected, and the compatibility C++ standard library\n shipped with Scientific Linux has been rebuilt.\n Applications that rely on the compatibility C++ standard\n library no longer hang when calling btowc().\n\n - Previously, when using netgroups and the nscd daemon was\n set up to cache netgroup information, the sudo utility\n denied access to valid users. The bug in nscd has been\n fixed, and sudo now works in netgroups as expected.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1503&L=scientific-linux-errata&T=0&P=2889\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d58140a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-2.17-78.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-78.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.17-78.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-debuginfo-common-2.17-78.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-78.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-78.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-78.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-78.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nscd-2.17-78.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:47:05", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6040", "CVE-2014-8121"], "description": "The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function\nconverted certain encoded data to UTF-8. An attacker able to make an\napplication call the iconv() function with a specially crafted argument\ncould use this flaw to crash that application. (CVE-2014-6040)\n\nIt was found that the files back end of Name Service Switch (NSS) did not\nisolate iteration over an entire database from key-based look-up API calls.\nAn application performing look-ups on a database while iterating over it\ncould enter an infinite loop, leading to a denial of service.\n(CVE-2014-8121)\n\nThis update also fixes the following bugs:\n\n* Due to problems with buffer extension and reallocation, the nscd daemon\nterminated unexpectedly with a segmentation fault when processing long\nnetgroup entries. With this update, the handling of long netgroup entries\nhas been corrected and nscd no longer crashes in the described scenario.\n(BZ#1138520)\n\n* If a file opened in append mode was truncated with the ftruncate()\nfunction, a subsequent ftell() call could incorrectly modify the file\noffset. This update ensures that ftell() modifies the stream state only\nwhen it is in append mode and the buffer for the stream is not empty.\n(BZ#1156331)\n\n* A defect in the C library headers caused builds with older compilers to\ngenerate incorrect code for the btowc() function in the older compatibility C++\nstandard library. Applications calling btowc() in the compatibility C++ standard\nlibrary became unresponsive. With this update, the C library headers have been\ncorrected, and the compatibility C++ standard library shipped with Red Hat\nEnterprise Linux has been rebuilt. Applications that rely on the compatibility\nC++ standard library no longer hang when calling btowc(). (BZ#1120490)\n\n* Previously, when using netgroups and the nscd daemon was set up to cache\nnetgroup information, the sudo utility denied access to valid users. The bug in\nnscd has been fixed, and sudo now works in netgroups as\nexpected. (BZ#1080766)\n\nUsers of glibc are advised to upgrade to these updated packages, which fix these\nissues.\n", "modified": "2018-04-12T03:33:28", "published": "2015-03-05T05:00:00", "id": "RHSA-2015:0327", "href": "https://access.redhat.com/errata/RHSA-2015:0327", "type": "redhat", "title": "(RHSA-2015:0327) Moderate: glibc security and bug fix update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:45:24", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "description": "The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function\nconverted certain encoded data to UTF-8. An attacker able to make an\napplication call the iconv() function with a specially crafted argument\ncould use this flaw to crash that application. (CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution\neven when the WRDE_NOCMD flag was specified. An attacker able to provide\nspecially crafted input to an application using the wordexp() function, and\nnot sanitizing the input correctly, could potentially use this flaw to\nexecute arbitrary commands with the credentials of the user running that\napplication. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs:\n\n* Previously, when an address lookup using the getaddrinfo() function for\nthe AF_UNSPEC value was performed on a defective DNS server, the server in\nsome cases responded with a valid response for the A record, but a referral\nresponse for the AAAA record, which resulted in a lookup failure. A prior\nupdate was implemented for getaddrinfo() to return the valid response, but\nit contained a typographical error, due to which the lookup could under\nsome circumstances still fail. This error has been corrected and\ngetaddrinfo() now returns a valid response in the described circumstances.\n(BZ#1172023)\n\n* An error in the dlopen() library function previously caused recursive\ncalls to dlopen() to terminate unexpectedly or to abort with a library\nassertion. This error has been fixed and recursive calls to dlopen() no\nlonger crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "modified": "2018-06-06T20:24:20", "published": "2015-01-07T05:00:00", "id": "RHSA-2015:0016", "href": "https://access.redhat.com/errata/RHSA-2015:0016", "type": "redhat", "title": "(RHSA-2015:0016) Moderate: glibc security and bug fix update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:37:40", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6040", "CVE-2014-8121"], "description": "**Issue Overview:**\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. ([CVE-2014-6040 __](<https://access.redhat.com/security/cve/CVE-2014-6040>))\n\nIt was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service. ([CVE-2014-8121 __](<https://access.redhat.com/security/cve/CVE-2014-8121>))\n\n \n**Affected Packages:** \n\n\nglibc\n\n \n**Issue Correction:** \nRun _yum update glibc_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n glibc-2.17-55.139.amzn1.i686 \n glibc-common-2.17-55.139.amzn1.i686 \n glibc-static-2.17-55.139.amzn1.i686 \n glibc-devel-2.17-55.139.amzn1.i686 \n glibc-headers-2.17-55.139.amzn1.i686 \n glibc-debuginfo-common-2.17-55.139.amzn1.i686 \n glibc-debuginfo-2.17-55.139.amzn1.i686 \n glibc-utils-2.17-55.139.amzn1.i686 \n nscd-2.17-55.139.amzn1.i686 \n \n src: \n glibc-2.17-55.139.amzn1.src \n \n x86_64: \n glibc-debuginfo-2.17-55.139.amzn1.x86_64 \n glibc-devel-2.17-55.139.amzn1.x86_64 \n glibc-headers-2.17-55.139.amzn1.x86_64 \n nscd-2.17-55.139.amzn1.x86_64 \n glibc-common-2.17-55.139.amzn1.x86_64 \n glibc-2.17-55.139.amzn1.x86_64 \n glibc-static-2.17-55.139.amzn1.x86_64 \n glibc-utils-2.17-55.139.amzn1.x86_64 \n glibc-debuginfo-common-2.17-55.139.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-03-23T08:30:00", "published": "2015-03-23T08:30:00", "id": "ALAS-2015-495", "href": "https://alas.aws.amazon.com/ALAS-2015-495.html", "title": "Medium: glibc", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-10T12:36:01", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "description": "**Issue Overview:**\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. ([CVE-2014-6040 __](<https://access.redhat.com/security/cve/CVE-2014-6040>))\n\nIt was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. ([CVE-2014-7817 __](<https://access.redhat.com/security/cve/CVE-2014-7817>))\n\n \n**Affected Packages:** \n\n\nglibc\n\n \n**Issue Correction:** \nRun _yum update glibc_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n glibc-common-2.17-55.92.amzn1.i686 \n glibc-devel-2.17-55.92.amzn1.i686 \n glibc-debuginfo-2.17-55.92.amzn1.i686 \n glibc-utils-2.17-55.92.amzn1.i686 \n glibc-debuginfo-common-2.17-55.92.amzn1.i686 \n nscd-2.17-55.92.amzn1.i686 \n glibc-static-2.17-55.92.amzn1.i686 \n glibc-headers-2.17-55.92.amzn1.i686 \n glibc-2.17-55.92.amzn1.i686 \n \n src: \n glibc-2.17-55.92.amzn1.src \n \n x86_64: \n glibc-2.17-55.92.amzn1.x86_64 \n glibc-utils-2.17-55.92.amzn1.x86_64 \n nscd-2.17-55.92.amzn1.x86_64 \n glibc-headers-2.17-55.92.amzn1.x86_64 \n glibc-static-2.17-55.92.amzn1.x86_64 \n glibc-debuginfo-2.17-55.92.amzn1.x86_64 \n glibc-debuginfo-common-2.17-55.92.amzn1.x86_64 \n glibc-common-2.17-55.92.amzn1.x86_64 \n glibc-devel-2.17-55.92.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-01-08T12:38:00", "published": "2015-01-08T12:38:00", "id": "ALAS-2015-468", "href": "https://alas.aws.amazon.com/ALAS-2015-468.html", "title": "Medium: glibc", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:28:29", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0016\n\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function\nconverted certain encoded data to UTF-8. An attacker able to make an\napplication call the iconv() function with a specially crafted argument\ncould use this flaw to crash that application. (CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution\neven when the WRDE_NOCMD flag was specified. An attacker able to provide\nspecially crafted input to an application using the wordexp() function, and\nnot sanitizing the input correctly, could potentially use this flaw to\nexecute arbitrary commands with the credentials of the user running that\napplication. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs:\n\n* Previously, when an address lookup using the getaddrinfo() function for\nthe AF_UNSPEC value was performed on a defective DNS server, the server in\nsome cases responded with a valid response for the A record, but a referral\nresponse for the AAAA record, which resulted in a lookup failure. A prior\nupdate was implemented for getaddrinfo() to return the valid response, but\nit contained a typographical error, due to which the lookup could under\nsome circumstances still fail. This error has been corrected and\ngetaddrinfo() now returns a valid response in the described circumstances.\n(BZ#1172023)\n\n* An error in the dlopen() library function previously caused recursive\ncalls to dlopen() to terminate unexpectedly or to abort with a library\nassertion. This error has been fixed and recursive calls to dlopen() no\nlonger crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-January/032901.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0016.html", "edition": 3, "modified": "2015-01-07T22:45:41", "published": "2015-01-07T22:45:41", "href": "http://lists.centos.org/pipermail/centos-announce/2015-January/032901.html", "id": "CESA-2015:0016", "title": "glibc, nscd security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-20T18:25:47", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6040", "CVE-2014-8121"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0327\n\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function\nconverted certain encoded data to UTF-8. An attacker able to make an\napplication call the iconv() function with a specially crafted argument\ncould use this flaw to crash that application. (CVE-2014-6040)\n\nIt was found that the files back end of Name Service Switch (NSS) did not\nisolate iteration over an entire database from key-based look-up API calls.\nAn application performing look-ups on a database while iterating over it\ncould enter an infinite loop, leading to a denial of service.\n(CVE-2014-8121)\n\nThis update also fixes the following bugs:\n\n* Due to problems with buffer extension and reallocation, the nscd daemon\nterminated unexpectedly with a segmentation fault when processing long\nnetgroup entries. With this update, the handling of long netgroup entries\nhas been corrected and nscd no longer crashes in the described scenario.\n(BZ#1138520)\n\n* If a file opened in append mode was truncated with the ftruncate()\nfunction, a subsequent ftell() call could incorrectly modify the file\noffset. This update ensures that ftell() modifies the stream state only\nwhen it is in append mode and the buffer for the stream is not empty.\n(BZ#1156331)\n\n* A defect in the C library headers caused builds with older compilers to\ngenerate incorrect code for the btowc() function in the older compatibility C++\nstandard library. Applications calling btowc() in the compatibility C++ standard\nlibrary became unresponsive. With this update, the C library headers have been\ncorrected, and the compatibility C++ standard library shipped with Red Hat\nEnterprise Linux has been rebuilt. Applications that rely on the compatibility\nC++ standard library no longer hang when calling btowc(). (BZ#1120490)\n\n* Previously, when using netgroups and the nscd daemon was set up to cache\nnetgroup information, the sudo utility denied access to valid users. The bug in\nnscd has been fixed, and sudo now works in netgroups as\nexpected. (BZ#1080766)\n\nUsers of glibc are advised to upgrade to these updated packages, which fix these\nissues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-March/007756.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0327.html", "edition": 3, "modified": "2015-03-17T13:28:04", "published": "2015-03-17T13:28:04", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-March/007756.html", "id": "CESA-2015:0327", "title": "glibc, nscd security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:41", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "description": "[2.12-1.149.4]\n- Fix recursive dlopen() (#1173469).\n[2.12-1.149.3]\n- Fix typo in res_send and res_query (#rh1172023).\n[2.12-1.149.2]\n- Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, #1139571).\n[2.12-1.149.1]\n- Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1170121).", "edition": 4, "modified": "2015-01-07T00:00:00", "published": "2015-01-07T00:00:00", "id": "ELSA-2015-0016", "href": "http://linux.oracle.com/errata/ELSA-2015-0016.html", "title": "glibc security and bug fix update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:35", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0235", "CVE-2014-5119", "CVE-2014-6040", "CVE-2014-8121", "CVE-2014-7817", "CVE-2014-0475"], "description": "[2.17-78.0.1]\n- Remove strstr and strcasestr implementations using sse4.2 instructions.\n- Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and\n 1818483b15d22016b0eae41d37ee91cc87b37510 backported.\n[2.17-78]\n- Fix ppc64le builds (#1077389).\n[2.17-77]\n- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183545).\n[2.17-76]\n- Fix application crashes during calls to gettimeofday on ppc64\n when kernel exports gettimeofday via VDSO (#1077389).\n- Prevent NSS-based file backend from entering infinite loop\n when different APIs request the same service (CVE-2014-8121, #1182272).\n[2.17-75]\n- Fix permission of debuginfo source files to allow multiarch\n debuginfo packages to be installed and upgraded (#1170110).\n[2.17-74]\n- Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1170487).\n[2.17-73]\n- ftell: seek to end only when there are unflushed bytes (#1156331).\n[2.17-72]\n- [s390] Fix up _dl_argv after adjusting arguments in _dl_start_user (#1161666).\n[2.17-71]\n- Fix incorrect handling of relocations in 64-bit LE mode for Power\n (#1162847).\n[2.17-70]\n- [s390] Retain stack alignment when skipping over loader argv (#1161666).\n[2.17-69]\n- Use __int128_t in link.h to support older compiler (#1120490).\n[2.17-68]\n- Revert to defining __extern_inline only for gcc-4.3+ (#1120490).\n[2.17-67]\n- Correct a defect in the generated math error table in the manual (#786638).\n[2.17-66]\n- Include preliminary thread, signal and cancellation safety documentation\n in manual (#786638).\n[2.17-65]\n- PowerPC 32-bit and 64-bit optimized function support using STT_GNU_IFUNC\n (#731837).\n- Support running Intel MPX-enabled applications (#1132518).\n- Support running Intel AVX-512-enabled applications (#1140272).\n[2.17-64]\n- Fix crashes on invalid input in IBM gconv modules (#1140474, CVE-2014-6040).\n[2.17-63]\n- Build build-locale-archive statically (#1070611).\n- Return failure in getnetgrent only when all netgroups have been searched\n (#1085313).\n[2.17-62]\n- Don't use alloca in addgetnetgrentX (#1138520).\n- Adjust pointers to triplets in netgroup query data (#1138520).\n[2.17-61]\n- Set CS_PATH to just /use/bin (#1124453).\n- Add systemtap probe in lll_futex_wake for ppc and s390 (#1084089).\n[2.17-60]\n- Add mmap usage to malloc_info output (#1103856).\n- Fix nscd lookup for innetgr when netgroup has wildcards (#1080766).\n- Fix memory order when reading libgcc handle (#1103874).\n- Fix typo in nscd/selinux.c (#1125306).\n- Do not fail if one of the two responses to AF_UNSPEC fails (#1098047).\n[2.17-59]\n- Provide correct buffer length to netgroup queries in nscd (#1083647).\n- Return NULL for wildcard values in getnetgrent from nscd (#1085290).\n- Avoid overlapping addresses to stpcpy calls in nscd (#1083644).\n- Initialize all of datahead structure in nscd (#1083646).\n[2.17-58]\n- Remove gconv transliteration loadable modules support (CVE-2014-5119,\n - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,\n[2.17-57]\n- Merge 64-bit ARM (AArch64) support (#1027179).\n- Fix build failure for rtkaio/tst-aiod2.c and rtkaio/tst-aiod3.c.\n[2.17-56]\n- Merge LE 64-bit POWER support (#1125513).\n[2.17-55.4]\n- Fix tst-cancel4, tst-cancelx4, tst-cancel5, and tst-cancelx5 for all targets.\n- Fix tst-ildoubl, and tst-ldouble for POWER.\n- Allow LE 64-bit POWER to build with VSX if enabled (#1124048).\n[2.17-55.3]\n- Fix ppc64le ABI issue with pthread_atfork being present in libpthread.so.0.\n[2.17-55.2]\n- Add ABI baseline for 64-bit POWER LE.\n[2.17-55.1]\n- Add 64-bit POWER LE support.", "edition": 4, "modified": "2015-03-09T00:00:00", "published": "2015-03-09T00:00:00", "id": "ELSA-2015-0327", "href": "http://linux.oracle.com/errata/ELSA-2015-0327.html", "title": "glibc security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:36:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6040", "CVE-2014-8121"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-03-06T00:00:00", "id": "OPENVAS:1361412562310871331", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871331", "type": "openvas", "title": "RedHat Update for glibc RHSA-2015:0327-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2015:0327-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871331\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-06 06:50:44 +0100 (Fri, 06 Mar 2015)\");\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-8121\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for glibc RHSA-2015:0327-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function\nconverted certain encoded data to UTF-8. An attacker able to make an\napplication call the iconv() function with a specially crafted argument\ncould use this flaw to crash that application. (CVE-2014-6040)\n\nIt was found that the files back end of Name Service Switch (NSS) did not\nisolate iteration over an entire database from key-based look-up API calls.\nAn application performing look-ups on a database while iterating over it\ncould enter an infinite loop, leading to a denial of service.\n(CVE-2014-8121)\n\nThis update also fixes the following bugs:\n\n * Due to problems with buffer extension and reallocation, the nscd daemon\nterminated unexpectedly with a segmentation fault when processing long\nnetgroup entries. With this update, the handling of long netgroup entries\nhas been corrected and nscd no longer crashes in the described scenario.\n(BZ#1138520)\n\n * If a file opened in append mode was truncated with the ftruncate()\nfunction, a subsequent ftell() call could incorrectly modify the file\noffset. This update ensures that ftell() modifies the stream state only\nwhen it is in append mode and the buffer for the stream is not empty.\n(BZ#1156331)\n\n * A defect in the C library headers caused builds with older compilers to\ngenerate incorrect code for the btowc() function in the older compatibility\nC++ standard library. Applications calling btowc() in the compatibility C++\nstandard library became unresponsive. With this update, the C library\nheaders have been corrected, and the compatibility C++ standard library\nshipped with Red Hat Enterprise Linux has been rebuilt. Applications that\nrely on the compatibility C++ standard library no longer hang when calling\nbtowc(). (BZ#1120490)\n\n * Previously, when using netgroups and the nscd daemon was set up to cache\nnetgroup information, the sudo utility denied access to valid users. The\nbug in nscd has been fixed, and sudo now works in netgroups as\nexpected. (BZ#1080766)\n\nUsers of glibc are advised to upgrade to these updated packages, which fix\nthese issues.\");\n script_tag(name:\"affected\", value:\"glibc on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0327-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-March/msg00021.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~78.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~78.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.17~78.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.17~78.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~78.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~78.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~78.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~78.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T22:59:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120455", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120455", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-468)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120455\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:26:45 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-468)\");\n script_tag(name:\"insight\", value:\"An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. (CVE-2014-6040 )It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817 )\");\n script_tag(name:\"solution\", value:\"Run yum update glibc to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-468.html\");\n script_cve_id(\"CVE-2014-7817\", \"CVE-2014-6040\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~55.92.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~55.92.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.17~55.92.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~55.92.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.17~55.92.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~55.92.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.17~55.92.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~55.92.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~55.92.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-01-23T00:00:00", "id": "OPENVAS:1361412562310871301", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871301", "type": "openvas", "title": "RedHat Update for glibc RHSA-2015:0016-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2015:0016-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871301\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:55:28 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-7817\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for glibc RHSA-2015:0016-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function\nconverted certain encoded data to UTF-8. An attacker able to make an\napplication call the iconv() function with a specially crafted argument\ncould use this flaw to crash that application. (CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution\neven when the WRDE_NOCMD flag was specified. An attacker able to provide\nspecially crafted input to an application using the wordexp() function, and\nnot sanitizing the input correctly, could potentially use this flaw to\nexecute arbitrary commands with the credentials of the user running that\napplication. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs:\n\n * Previously, when an address lookup using the getaddrinfo() function for\nthe AF_UNSPEC value was performed on a defective DNS server, the server in\nsome cases responded with a valid response for the A record, but a referral\nresponse for the AAAA record, which resulted in a lookup failure. A prior\nupdate was implemented for getaddrinfo() to return the valid response, but\nit contained a typographical error, due to which the lookup could under\nsome circumstances still fail. This error has been corrected and\ngetaddrinfo() now returns a valid response in the described circumstances.\n(BZ#1172023)\n\n * An error in the dlopen() library function previously caused recursive\ncalls to dlopen() to terminate unexpectedly or to abort with a library\nassertion. This error has been fixed and recursive calls to dlopen() no\nlonger crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\");\n script_tag(name:\"affected\", value:\"glibc on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0016-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-January/msg00005.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.149.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.149.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.12~1.149.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.12~1.149.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.149.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.149.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.149.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.149.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T22:59:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6040", "CVE-2014-8121"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120169", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120169", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-495)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120169\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:19:06 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-495)\");\n script_tag(name:\"insight\", value:\"An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. (CVE-2014-6040 )It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service. (CVE-2014-8121 )\");\n script_tag(name:\"solution\", value:\"Run yum update glibc to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-495.html\");\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-8121\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~55.139.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~55.139.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.17~55.139.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~55.139.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~55.139.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.17~55.139.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.17~55.139.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~55.139.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~55.139.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6040", "CVE-2014-8121"], "description": "Oracle Linux Local Security Checks ELSA-2015-0327", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123175", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123175", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-0327", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0327.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123175\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:00:19 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0327\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0327 - glibc security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0327\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0327.html\");\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-8121\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~78.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~78.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~78.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~78.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.17~78.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~78.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~78.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "description": "Oracle Linux Local Security Checks ELSA-2015-0016", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123206", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123206", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-0016", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0016.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123206\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:00:43 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0016\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0016 - glibc security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0016\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0016.html\");\n script_cve_id(\"CVE-2014-7817\", \"CVE-2014-6040\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.149.el6_6.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.149.el6_6.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.149.el6_6.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.149.el6_6.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.12~1.149.el6_6.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.149.el6_6.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.149.el6_6.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "description": "Check the version of glibc", "modified": "2019-03-08T00:00:00", "published": "2015-01-23T00:00:00", "id": "OPENVAS:1361412562310882090", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882090", "type": "openvas", "title": "CentOS Update for glibc CESA-2015:0016 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2015:0016 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882090\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:56:20 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-7817\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for glibc CESA-2015:0016 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of glibc\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function\nconverted certain encoded data to UTF-8. An attacker able to make an\napplication call the iconv() function with a specially crafted argument\ncould use this flaw to crash that application. (CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution\neven when the WRDE_NOCMD flag was specified. An attacker able to provide\nspecially crafted input to an application using the wordexp() function, and\nnot sanitizing the input correctly, could potentially use this flaw to\nexecute arbitrary commands with the credentials of the user running that\napplication. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs:\n\n * Previously, when an address lookup using the getaddrinfo() function for\nthe AF_UNSPEC value was performed on a defective DNS server, the server in\nsome cases responded with a valid response for the A record, but a referral\nresponse for the AAAA record, which resulted in a lookup failure. A prior\nupdate was implemented for getaddrinfo() to return the valid response, but\nit contained a typographical error, due to which the lookup could under\nsome circumstances still fail. This error has been corrected and\ngetaddrinfo() now returns a valid response in the described circumstances.\n(BZ#1172023)\n\n * An error in the dlopen() library function previously caused recursive\ncalls to dlopen() to terminate unexpectedly or to abort with a library\nassertion. This error has been fixed and recursive calls to dlopen() no\nlonger crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\");\n script_tag(name:\"affected\", value:\"glibc on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0016\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-January/020863.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.149.el6_6.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.149.el6_6.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.149.el6_6.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.149.el6_6.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.12~1.149.el6_6.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.149.el6_6.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.149.el6_6.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-31T18:39:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5119", "CVE-2014-6040", "CVE-2014-0475"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2014-09-12T00:00:00", "id": "OPENVAS:1361412562310850610", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850610", "type": "openvas", "title": "openSUSE: Security Advisory for glibc (openSUSE-SU-2014:1115-1)", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850610\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-09-12 05:56:57 +0200 (Fri, 12 Sep 2014)\");\n script_cve_id(\"CVE-2014-0475\", \"CVE-2014-5119\", \"CVE-2014-6040\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"openSUSE: Security Advisory for glibc (openSUSE-SU-2014:1115-1)\");\n\n script_tag(name:\"insight\", value:\"glibc was updated to fix three security\nissues:\n\n - A directory traversal in locale environment handling was fixed\n (CVE-2014-0475, bnc#887022, GLIBC BZ #17137)\n\n - Disable gconv transliteration module loading which could be used for\n code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187)\n\n - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040,\n bnc#894553, BZ #17325)\");\n\n script_tag(name:\"affected\", value:\"glibc on openSUSE 13.1, openSUSE 12.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2014:1115-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE12\\.3|openSUSE13\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-debugsource\", rpm:\"glibc-debugsource~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel-debuginfo\", rpm:\"glibc-devel-debuginfo~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel-static\", rpm:\"glibc-devel-static~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-extra\", rpm:\"glibc-extra~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-extra-debuginfo\", rpm:\"glibc-extra-debuginfo~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-locale\", rpm:\"glibc-locale~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-locale-debuginfo\", rpm:\"glibc-locale-debuginfo~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd-debuginfo\", rpm:\"nscd-debuginfo~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils-debuginfo\", rpm:\"glibc-utils-debuginfo~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils-debugsource\", rpm:\"glibc-utils-debugsource~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-obsolete\", rpm:\"glibc-obsolete~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-obsolete-debuginfo\", rpm:\"glibc-obsolete-debuginfo~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-32bit\", rpm:\"glibc-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-debuginfo-32bit\", rpm:\"glibc-debuginfo-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel-32bit\", rpm:\"glibc-devel-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel-debuginfo-32bit\", rpm:\"glibc-devel-debuginfo-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel-static-32bit\", rpm:\"glibc-devel-static-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-locale-32bit\", rpm:\"glibc-locale-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-locale-debuginfo-32bit\", rpm:\"glibc-locale-debuginfo-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-profile-32bit\", rpm:\"glibc-profile-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils-32bit\", rpm:\"glibc-utils-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils-debuginfo-32bit\", rpm:\"glibc-utils-debuginfo-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-html\", rpm:\"glibc-html~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-info\", rpm:\"glibc-info~2.17~4.13.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-debugsource\", rpm:\"glibc-debugsource~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel-debuginfo\", rpm:\"glibc-devel-debuginfo~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel-static\", rpm:\"glibc-devel-static~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-extra\", rpm:\"glibc-extra~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-extra-debuginfo\", rpm:\"glibc-extra-debuginfo~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-locale\", rpm:\"glibc-locale~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-locale-debuginfo\", rpm:\"glibc-locale-debuginfo~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd-debuginfo\", rpm:\"nscd-debuginfo~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils-debuginfo\", rpm:\"glibc-utils-debuginfo~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils-debugsource\", rpm:\"glibc-utils-debugsource~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-obsolete\", rpm:\"glibc-obsolete~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-obsolete-debuginfo\", rpm:\"glibc-obsolete-debuginfo~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-32bit\", rpm:\"glibc-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-debuginfo-32bit\", rpm:\"glibc-debuginfo-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel-32bit\", rpm:\"glibc-devel-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel-debuginfo-32bit\", rpm:\"glibc-devel-debuginfo-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel-static-32bit\", rpm:\"glibc-devel-static-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-locale-32bit\", rpm:\"glibc-locale-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-locale-debuginfo-32bit\", rpm:\"glibc-locale-debuginfo-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-profile-32bit\", rpm:\"glibc-profile-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils-32bit\", rpm:\"glibc-utils-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils-debuginfo-32bit\", rpm:\"glibc-utils-debuginfo-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-html\", rpm:\"glibc-html~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-info\", rpm:\"glibc-info~2.18~4.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:37:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5119", "CVE-2014-6040", "CVE-2013-4357", "CVE-2012-6656"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310851101", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851101", "type": "openvas", "title": "SUSE: Security Advisory for glibc (SUSE-SU-2014:1129-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851101\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 20:03:09 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2012-6656\", \"CVE-2013-4357\", \"CVE-2014-5119\", \"CVE-2014-6040\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for glibc (SUSE-SU-2014:1129-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This glibc update fixes a critical privilege escalation problem and two\n additional issues:\n\n * bnc#892073: An off-by-one error leading to a heap-based buffer\n overflow was found in __gconv_translit_find(). An exploit that\n targets the problem is publicly available. (CVE-2014-5119)\n\n * bnc#836746: Avoid race between {, __de}allocate_stack and\n __reclaim_stacks during fork.\n\n * bnc#844309: Fixed various overflows, reading large /etc/hosts or\n long names. (CVE-2013-4357)\n\n * bnc#894553, bnc#894556: Fixed various crashes on invalid input in\n IBM gconv modules. (CVE-2014-6040, CVE-2012-6656)\");\n\n script_tag(name:\"affected\", value:\"glibc on SUSE Linux Enterprise Server 11 SP2 LTSS\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:1129-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP2\") {\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-html\", rpm:\"glibc-html~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-info\", rpm:\"glibc-info~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-locale\", rpm:\"glibc-locale~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-32bit\", rpm:\"glibc-32bit~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel-32bit\", rpm:\"glibc-devel-32bit~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-locale-32bit\", rpm:\"glibc-locale-32bit~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-profile-32bit\", rpm:\"glibc-profile-32bit~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0235", "CVE-2014-6040", "CVE-2014-7817", "CVE-2012-6656"], "description": "Several vulnerabilities have been\nfixed in eglibc, Debian", "modified": "2019-03-18T00:00:00", "published": "2015-01-27T00:00:00", "id": "OPENVAS:1361412562310703142", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703142", "type": "openvas", "title": "Debian Security Advisory DSA 3142-1 (eglibc - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3142.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3142-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703142\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2012-6656\", \"CVE-2014-6040\", \"CVE-2014-7817\", \"CVE-2015-0235\");\n script_name(\"Debian Security Advisory DSA 3142-1 (eglibc - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-27 00:00:00 +0100 (Tue, 27 Jan 2015)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3142.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"eglibc on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 2.13-38+deb7u7.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), the\nCVE-2015-0235\n\nissue has been fixed in version 2.18-1 of the glibc package.\n\nWe recommend that you upgrade your eglibc packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\nfixed in eglibc, Debian's version of the GNU C library:\n\nCVE-2015-0235\nQualys discovered that the gethostbyname and gethostbyname2\nfunctions were subject to a buffer overflow if provided with a\ncrafted IP address argument. This could be used by an attacker to\nexecute arbitrary code in processes which called the affected\nfunctions.\n\nThe original glibc bug was reported by Peter Klotz.\n\nCVE-2014-7817\nTim Waugh of Red Hat discovered that the WRDE_NOCMD option of the\nwordexp function did not suppress command execution in all cases.\nThis allows a context-dependent attacker to execute shell\ncommands.\n\nCVE-2012-6656 CVE-2014-6040\nThe charset conversion code for certain IBM multi-byte code pages\ncould perform an out-of-bounds array access, causing the process\nto crash. In some scenarios, this allows a remote attacker to\ncause a persistent denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"eglibc-source\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"glibc-doc\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc-bin\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc-dev-bin\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-dbg\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-dev\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-dev-i386\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-i386\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-i686\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-pic\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-prof\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-udeb\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-amd64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dbg\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-amd64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-i386\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-mips64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-mipsn32\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-ppc64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-s390\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-s390x\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-sparc64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-i386\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-i686\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-loongson2f\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-mips64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-mipsn32\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-pic\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-ppc64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-prof\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-s390\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-s390x\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-sparc64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-udeb\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-xen\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-dbg\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-dev\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-pic\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-prof\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-udeb\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss-dns-udeb\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss-files-udeb\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"locales\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"locales-all\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"multiarch-support\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"nscd\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:21:25", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6040", "CVE-2014-7817", "CVE-2012-6656"], "description": "Package : eglibc\nVersion : 2.11.3-4+deb6u2\nCVE ID : CVE-2012-6656 CVE-2014-6040 CVE-2014-7817\n\nCVE-2012-6656\n\n Fix validation check when converting from ibm930 to utf.\n When converting IBM930 code with iconv(), if IBM930 code which\n includes invalid multibyte character "0xffff" is specified, then\n iconv() segfaults.\n\nCVE-2014-6040\n\n Crashes on invalid input in IBM gconv modules [BZ #17325]\n These changes are based on the fix for BZ #14134 in commit\n 6e230d11837f3ae7b375ea69d7905f0d18eb79e5.\n\nCVE-2014-7817\n\n The function wordexp() fails to properly handle the WRDE_NOCMD\n flag when processing arithmetic inputs in the form of "$((... ``))"\n where "..." can be anything valid. The backticks in the arithmetic\n epxression are evaluated by in a shell even if WRDE_NOCMD forbade\n command substitution. This allows an attacker to attempt to pass\n dangerous commands via constructs of the above form, and bypass\n the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD\n in exec_comm(), the only place that can execute a shell. All other\n checks for WRDE_NOCMD are superfluous and removed.\n\n", "edition": 7, "modified": "2014-11-29T19:00:34", "published": "2014-11-29T19:00:34", "id": "DEBIAN:DLA-97-1:B684D", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201411/msg00015.html", "title": "[SECURITY] [DLA 97-1] eglibc security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:21:41", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0235", "CVE-2014-6040", "CVE-2014-7817", "CVE-2012-6656"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3142-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJanuary 27, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : eglibc\nCVE ID : CVE-2012-6656 CVE-2014-6040 CVE-2014-7817 CVE-2015-0235\n\nSeveral vulnerabilities have been fixed in eglibc, Debian's version of\nthe GNU C library:\n\nCVE-2015-0235\n\n Qualys discovered that the gethostbyname and gethostbyname2\n functions were subject to a buffer overflow if provided with a\n crafted IP address argument. This could be used by an attacker to\n execute arbitrary code in processes which called the affected\n functions.\n\n The original glibc bug was reported by Peter Klotz.\n\nCVE-2014-7817\n\n Tim Waugh of Red Hat discovered that the WRDE_NOCMD option of the\n wordexp function did not suppress command execution in all cases.\n This allows a context-dependent attacker to execute shell\n commands.\n\nCVE-2012-6656\nCVE-2014-6040\n\n The charset conversion code for certain IBM multi-byte code pages\n could perform an out-of-bounds array access, causing the process\n to crash. In some scenarios, this allows a remote attacker to\n cause a persistent denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 2.13-38+deb7u7.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), the CVE-2015-0235 issue has been fixed in version\n2.18-1 of the glibc package.\n\nWe recommend that you upgrade your eglibc packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2015-01-27T15:39:21", "published": "2015-01-27T15:39:21", "id": "DEBIAN:DSA-3142-1:A3964", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00025.html", "title": "[SECURITY] [DSA 3142-1] eglibc security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:39:57", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6040", "CVE-2014-7817", "CVE-2012-6656"], "description": "Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled \ncertain multibyte characters when using the iconv function. An attacker \ncould possibly use this issue to cause applications to crash, resulting in \na denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu \n12.04 LTS. (CVE-2012-6656)\n\nAdhemerval Zanella Netto discovered that the GNU C Library incorrectly \nhandled certain multibyte characters when using the iconv function. An \nattacker could possibly use this issue to cause applications to crash, \nresulting in a denial of service. (CVE-2014-6040)\n\nTim Waugh discovered that the GNU C Library incorrectly enforced the \nWRDE_NOCMD flag when handling the wordexp function. An attacker could \npossibly use this issue to execute arbitrary commands. (CVE-2014-7817)", "edition": 5, "modified": "2014-12-03T00:00:00", "published": "2014-12-03T00:00:00", "id": "USN-2432-1", "href": "https://ubuntu.com/security/notices/USN-2432-1", "title": "GNU C Library vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5119", "CVE-2014-6040", "CVE-2014-7817"], "description": "The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. ", "modified": "2015-03-04T10:25:31", "published": "2015-03-04T10:25:31", "id": "FEDORA:D6230604AFE5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: glibc-2.18-19.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "cvelist": ["CVE-2014-5119", "CVE-2014-6040", "CVE-2012-6656"], "description": "Off-by-one in __gconv_translit_find().", "edition": 1, "modified": "2014-09-01T00:00:00", "published": "2014-09-01T00:00:00", "id": "SECURITYVULNS:VULN:13947", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13947", "title": "GNU glibc buffer overflow", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:17:43", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5119", "CVE-2014-6040", "CVE-2014-0475"], "description": "glibc was updated to fix three security issues:\n\n - A directory traversal in locale environment handling was fixed\n (CVE-2014-0475, bnc#887022, GLIBC BZ #17137)\n\n - Disable gconv transliteration module loading which could be used for\n code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187)\n\n - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040,\n bnc#894553, BZ #17325)\n\n", "edition": 1, "modified": "2014-09-11T09:04:39", "published": "2014-09-11T09:04:39", "id": "OPENSUSE-SU-2014:1115-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00009.html", "type": "suse", "title": "glibc (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:14:55", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5119", "CVE-2014-6040", "CVE-2013-4357", "CVE-2012-6656"], "description": "This glibc update fixes a critical privilege escalation problem and two\n additional issues:\n\n * bnc#892073: An off-by-one error leading to a heap-based buffer\n overflow was found in __gconv_translit_find(). An exploit that\n targets the problem is publicly available. (CVE-2014-5119)\n * bnc#836746: Avoid race between {, __de}allocate_stack and\n __reclaim_stacks during fork.\n * bnc#844309: Fixed various overflows, reading large /etc/hosts or\n long names. (CVE-2013-4357)\n * bnc#894553, bnc#894556: Fixed various crashes on invalid input in\n IBM gconv modules. (CVE-2014-6040, CVE-2012-6656)\n\n Security Issues:\n\n * CVE-2012-6656\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6656\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6656</a>>\n * CVE-2013-4357\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4357\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4357</a>>\n * CVE-2014-5119\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119</a>>\n * CVE-2014-6040\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040</a>>\n\n", "edition": 1, "modified": "2014-09-15T19:06:41", "published": "2014-09-15T19:06:41", "id": "SUSE-SU-2014:1129-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html", "type": "suse", "title": "Security update for glibc (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:57:20", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0242", "CVE-2014-5119", "CVE-2014-4043", "CVE-2014-6040", "CVE-2012-4412", "CVE-2013-4332", "CVE-2012-6656", "CVE-2013-4237"], "description": "This glibc update fixes a critical privilege escalation problem and the\n following security and non-security issues:\n\n * bnc#892073: An off-by-one error leading to a heap-based buffer\n overflow was found in __gconv_translit_find(). An exploit that\n targets the problem is publicly available. (CVE-2014-5119)\n * bnc#882600: Copy filename argument in\n posix_spawn_file_actions_addopen. (CVE-2014-4043)\n * bnc#860501: Use O_LARGEFILE for utmp file.\n * bnc#842291: Fix typo in glibc-2.5-dlopen-lookup-race.diff.\n * bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332)\n * bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237)\n * bnc#824639: Drop lock before calling malloc_printerr.\n * bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242)\n * bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412)\n * bnc#894556 / bnc#894553: Fix crashes on invalid input in IBM gconv\n modules. (CVE-2014-6040, CVE-2012-6656, bnc#894553, bnc#894556,\n BZ#17325, BZ#14134)\n\n Security Issues:\n\n * CVE-2014-5119\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119</a>>\n * CVE-2014-4043\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043</a>>\n * CVE-2013-4332\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332</a>>\n * CVE-2013-4237\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237</a>>\n * CVE-2013-0242\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242</a>>\n * CVE-2012-4412\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412</a>>\n\n\n", "edition": 1, "modified": "2014-09-15T19:04:18", "published": "2014-09-15T19:04:18", "id": "SUSE-SU-2014:1128-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00019.html", "title": "Security update for glibc (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2020-10-25T16:36:04", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4412", "CVE-2012-4424", "CVE-2013-4237", "CVE-2013-4458", "CVE-2013-4788", "CVE-2014-0475", "CVE-2014-4043", "CVE-2014-5119", "CVE-2014-6040"], "description": "New glibc packages are available for Slackware 14.1 and -current to fix\nsecurity issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/glibc-2.17-i486-8_slack14.1.txz: Rebuilt.\n This update fixes several security issues, and adds an extra security\n hardening patch from Florian Weimer. Thanks to mancha for help with\n tracking and backporting patches.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4424\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0475\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040\n (* Security fix *)\npatches/packages/glibc-i18n-2.17-i486-8_slack14.1.txz: Rebuilt.\npatches/packages/glibc-profile-2.17-i486-8_slack14.1.txz: Rebuilt.\npatches/packages/glibc-solibs-2.17-i486-8_slack14.1.txz: Rebuilt.\npatches/packages/glibc-zoneinfo-2014i-noarch-1_slack14.1.txz: Upgraded.\n Upgraded to tzcode2014i and tzdata2014i.\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-2.17-i486-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-i18n-2.17-i486-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-profile-2.17-i486-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-solibs-2.17-i486-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-zoneinfo-2014i-noarch-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-2.17-x86_64-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-i18n-2.17-x86_64-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-profile-2.17-x86_64-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-solibs-2.17-x86_64-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-zoneinfo-2014i-noarch-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.20-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-zoneinfo-2014i-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.20-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.20-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.20-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.20-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-zoneinfo-2014i-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.20-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.20-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.20-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.1 packages:\n8995409d8ed617125649aaab14299f61 glibc-2.17-i486-8_slack14.1.txz\n877bba4ad31eb68c7e7cce11f6aafd5b glibc-i18n-2.17-i486-8_slack14.1.txz\nf89a9319a1798771b26488e99f0dd1af glibc-profile-2.17-i486-8_slack14.1.txz\nd1756f2721cbb2955152c46ef5fab72e glibc-solibs-2.17-i486-8_slack14.1.txz\nc7080f6d7f309ba2905dacfa555a8115 glibc-zoneinfo-2014i-noarch-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n32904ee5d2a3177d621c4c6f2aa6e67f glibc-2.17-x86_64-8_slack14.1.txz\n1bb4ddd6d4043d632e78dbf3103f2f7c glibc-i18n-2.17-x86_64-8_slack14.1.txz\ne6914d464f57ea493502eea4dd40044a glibc-profile-2.17-x86_64-8_slack14.1.txz\n04562128e188daaad7fdab49756a22f2 glibc-solibs-2.17-x86_64-8_slack14.1.txz\nc7080f6d7f309ba2905dacfa555a8115 glibc-zoneinfo-2014i-noarch-1_slack14.1.txz\n\nSlackware -current packages:\nf547fe51634c852ae17cb1f6c39203e1 a/glibc-solibs-2.20-i486-1.txz\nc7080f6d7f309ba2905dacfa555a8115 a/glibc-zoneinfo-2014i-noarch-1.txz\nf9923d8006a3c03520e93608114cb7de l/glibc-2.20-i486-1.txz\n658301364b68e79d53acb607cd399504 l/glibc-i18n-2.20-i486-1.txz\nd03947abf3d4be41f7bfb0a71bd29f35 l/glibc-profile-2.20-i486-1.txz\n\nSlackware x86_64 -current packages:\na0f46b305c27dd0c80e65cc77254bdf2 a/glibc-solibs-2.20-x86_64-1.txz\nc7080f6d7f309ba2905dacfa555a8115 a/glibc-zoneinfo-2014i-noarch-1.txz\nd673acf56308355713ac67ae68e6bd2b l/glibc-2.20-x86_64-1.txz\n410918dc8bf5b7a84d1bed5b6e125ee3 l/glibc-i18n-2.20-x86_64-1.txz\nc023f4514cd0a672e4852986c74268e6 l/glibc-profile-2.20-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg glibc-*.txz", "modified": "2014-10-24T05:36:04", "published": "2014-10-24T05:36:04", "id": "SSA-2014-296-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.647059", "type": "slackware", "title": "[slackware-security] glibc", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:03", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8776", "CVE-2014-5119", "CVE-2014-6040", "CVE-2014-9402", "CVE-2014-8121", "CVE-2015-8779", "CVE-2015-8778", "CVE-2014-7817", "CVE-2015-1472", "CVE-2015-1781", "CVE-2013-7423", "CVE-2014-0475", "CVE-2015-7547"], "description": "### Background\n\nThe GNU C library is the standard C library used by Gentoo Linux systems. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the GNU C Library:\n\n * The Google Security Team and Red Hat discovered a stack-based buffer overflow in the send_dg() and send_vc() functions due to a buffer mismanagement when getaddrinfo() is called with AF_UNSPEC (CVE-2015-7547). \n * The strftime() function access invalid memory when passed out-of-range data, resulting in a crash (CVE-2015-8776). \n * An integer overflow was found in the __hcreate_r() function (CVE-2015-8778). \n * Multiple unbounded stack allocations were found in the catopen() function (CVE-2015-8779). \n\nPlease review the CVEs referenced below for additional vulnerabilities that had already been fixed in previous versions of sys-libs/glibc, for which we have not issued a GLSA before. \n\n### Impact\n\nA remote attacker could exploit any application which performs host name resolution using getaddrinfo() in order to execute arbitrary code or crash the application. The other vulnerabilities can possibly be exploited to cause a Denial of Service or leak information. \n\n### Workaround\n\nA number of mitigating factors for CVE-2015-7547 have been identified. Please review the upstream advisory and references below. \n\n### Resolution\n\nAll GNU C Library users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-libs/glibc-2.21-r2\"\n \n\nIt is important to ensure that no running process uses the old glibc anymore. The easiest way to achieve that is by rebooting the machine after updating the sys-libs/glibc package. \n\nNote: Should you run into compilation failures while updating, please see bug 574948.", "edition": 1, "modified": "2016-02-17T00:00:00", "published": "2016-02-17T00:00:00", "id": "GLSA-201602-02", "href": "https://security.gentoo.org/glsa/201602-02", "type": "gentoo", "title": "GNU C Library: Multiple vulnerabilities", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}
