Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-165.NASL
HistoryMar 26, 2015 - 12:00 a.m.

Debian DLA-165-1 : eglibc security update

2015-03-2600:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30
JSON

Several vulnerabilities have been fixed in eglibc, Debian’s version of the GNU C library.

#553206 CVE-2015-1472 CVE-2015-1473

The scanf family of functions do not properly limit stack allocation, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code.

CVE-2012-3405

The printf family of functions do not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service.

CVE-2012-3406

The printf family of functions do not properly limit stack allocation, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string.

CVE-2012-3480

Multiple integer overflows in the strtod, strtof, strtold, strtod_l, and other related functions allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.

CVE-2012-4412

Integer overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.

CVE-2012-4424

Stack-based buffer overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.

CVE-2013-0242

Buffer overflow in the extend_buffers function in the regular expression matcher allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.

CVE-2013-1914 CVE-2013-4458

Stack-based buffer overflow in the getaddrinfo function allows remote attackers to cause a denial of service (crash) via a hostname or IP address that triggers a large number of domain conversion results.

CVE-2013-4237

readdir_r allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a malicious NTFS image or CIFS service.

CVE-2013-4332

Multiple integer overflows in malloc/malloc.c allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the pvalloc, valloc, posix_memalign, memalign, or aligned_alloc functions.

CVE-2013-4357

The getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname, getservbyname_r, getservbyport, getservbyport_r, and glob functions do not properly limit stack allocation, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code.

CVE-2013-4788

When the GNU C library is statically linked into an executable, the PTR_MANGLE implementation does not initialize the random value for the pointer guard, so that various hardening mechanisms are not effective.

CVE-2013-7423

The send_dg function in resolv/res_send.c does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.

CVE-2013-7424

The getaddrinfo function may attempt to free an invalid pointer when handling IDNs (Internationalised Domain Names), which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.

CVE-2014-4043

The posix_spawn_file_actions_addopen function does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.

For the oldstable distribution (squeeze), these problems have been fixed in version 2.11.3-4+deb6u5.

For the stable distribution (wheezy), these problems were fixed in version 2.13-38+deb7u8 or earlier.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-165-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(82149);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480", "CVE-2012-4412", "CVE-2012-4424", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4237", "CVE-2013-4332", "CVE-2013-4357", "CVE-2013-4458", "CVE-2013-4788", "CVE-2013-7423", "CVE-2013-7424", "CVE-2014-4043", "CVE-2015-1472", "CVE-2015-1473");
  script_bugtraq_id(54374, 54982, 55462, 55543, 57638, 58839, 61183, 61729, 62324, 63299, 67992, 68006, 72428, 72498, 72499, 72710, 72844);

  script_name(english:"Debian DLA-165-1 : eglibc security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been fixed in eglibc, Debian's version of
the GNU C library.

#553206 CVE-2015-1472 CVE-2015-1473

The scanf family of functions do not properly limit stack allocation,
which allows context-dependent attackers to cause a denial of service
(crash) or possibly execute arbitrary code.

CVE-2012-3405

The printf family of functions do not properly calculate a buffer
length, which allows context-dependent attackers to bypass the
FORTIFY_SOURCE format-string protection mechanism and cause a denial
of service.

CVE-2012-3406

The printf family of functions do not properly limit stack allocation,
which allows context-dependent attackers to bypass the FORTIFY_SOURCE
format-string protection mechanism and cause a denial of service
(crash) or possibly execute arbitrary code via a crafted format
string.

CVE-2012-3480

Multiple integer overflows in the strtod, strtof, strtold, strtod_l,
and other related functions allow local users to cause a denial of
service (application crash) and possibly execute arbitrary code via a
long string, which triggers a stack-based buffer overflow.

CVE-2012-4412

Integer overflow in the strcoll and wcscoll functions allows
context-dependent attackers to cause a denial of service (crash) or
possibly execute arbitrary code via a long string, which triggers a
heap-based buffer overflow.

CVE-2012-4424

Stack-based buffer overflow in the strcoll and wcscoll functions
allows context-dependent attackers to cause a denial of service
(crash) or possibly execute arbitrary code via a long string that
triggers a malloc failure and use of the alloca function.

CVE-2013-0242

Buffer overflow in the extend_buffers function in the regular
expression matcher allows context-dependent attackers to cause a
denial of service (memory corruption and crash) via crafted multibyte
characters.

CVE-2013-1914 CVE-2013-4458

Stack-based buffer overflow in the getaddrinfo function allows remote
attackers to cause a denial of service (crash) via a hostname or IP
address that triggers a large number of domain conversion results.

CVE-2013-4237

readdir_r allows context-dependent attackers to cause a denial of
service (out-of-bounds write and crash) or possibly execute arbitrary
code via a malicious NTFS image or CIFS service.

CVE-2013-4332

Multiple integer overflows in malloc/malloc.c allow context-dependent
attackers to cause a denial of service (heap corruption) via a large
value to the pvalloc, valloc, posix_memalign, memalign, or
aligned_alloc functions.

CVE-2013-4357

The getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname,
getservbyname_r, getservbyport, getservbyport_r, and glob functions do
not properly limit stack allocation, which allows context-dependent
attackers to cause a denial of service (crash) or possibly execute
arbitrary code.

CVE-2013-4788

When the GNU C library is statically linked into an executable, the
PTR_MANGLE implementation does not initialize the random value for the
pointer guard, so that various hardening mechanisms are not effective.

CVE-2013-7423

The send_dg function in resolv/res_send.c does not properly reuse file
descriptors, which allows remote attackers to send DNS queries to
unintended locations via a large number of requests that trigger a
call to the getaddrinfo function.

CVE-2013-7424

The getaddrinfo function may attempt to free an invalid pointer when
handling IDNs (Internationalised Domain Names), which allows remote
attackers to cause a denial of service (crash) or possibly execute
arbitrary code.

CVE-2014-4043

The posix_spawn_file_actions_addopen function does not copy its path
argument in accordance with the POSIX specification, which allows
context-dependent attackers to trigger use-after-free vulnerabilities.

For the oldstable distribution (squeeze), these problems have been
fixed in version 2.11.3-4+deb6u5.

For the stable distribution (wheezy), these problems were fixed in
version 2.13-38+deb7u8 or earlier.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2015/03/msg00002.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze-lts/eglibc"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:eglibc-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:glibc-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-dev-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-i386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-i386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-pic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-prof");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-udeb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libnss-dns-udeb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libnss-files-udeb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:locales");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:locales-all");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nscd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"eglibc-source", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"glibc-doc", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"libc-bin", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"libc-dev-bin", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"libc6", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"libc6-amd64", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"libc6-dbg", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"libc6-dev", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"libc6-dev-amd64", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"libc6-dev-i386", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"libc6-i386", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"libc6-i686", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"libc6-pic", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"libc6-prof", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"libc6-udeb", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"libc6-xen", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"libnss-dns-udeb", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"libnss-files-udeb", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"locales", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"locales-all", reference:"2.11.3-4+deb6u5")) flag++;
if (deb_check(release:"6.0", prefix:"nscd", reference:"2.11.3-4+deb6u5")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxeglibc-sourcep-cpe:/a:debian:debian_linux:eglibc-source
debiandebian_linuxglibc-docp-cpe:/a:debian:debian_linux:glibc-doc
debiandebian_linuxlibc-binp-cpe:/a:debian:debian_linux:libc-bin
debiandebian_linuxlibc-dev-binp-cpe:/a:debian:debian_linux:libc-dev-bin
debiandebian_linuxlibc6p-cpe:/a:debian:debian_linux:libc6
debiandebian_linuxlibc6-amd64p-cpe:/a:debian:debian_linux:libc6-amd64
debiandebian_linuxlibc6-dbgp-cpe:/a:debian:debian_linux:libc6-dbg
debiandebian_linuxlibc6-devp-cpe:/a:debian:debian_linux:libc6-dev
debiandebian_linuxlibc6-dev-amd64p-cpe:/a:debian:debian_linux:libc6-dev-amd64
debiandebian_linuxlibc6-dev-i386p-cpe:/a:debian:debian_linux:libc6-dev-i386
Rows per page:
1-10 of 221

References

Related

debian 3
osv 3
altlinux 3
securityvulns 6
openvas 47
ubuntu 7
nessus 67
gentoo 1
mageia 3
suse 3
fedora 6
slackware 1
oraclelinux 5
amazon 3
redhat 6
centos 5
prion 2
cve 3
debiancve 2
ibm 10
veracode 3
archlinux 1
ubuntucve 3
f5 6
debian
debian
[SECURITY] [DLA 165-1] eglibc security update
2015-03-06 15:39:53
[SECURITY] [DSA 3169-1] eglibc security update
2015-02-23 06:08:58
[SECURITY] [DLA 350-1] eglibc security update
2015-11-26 17:49:39
osv
osv
eglibc - security update
2015-03-06 00:00:00
eglibc - security update
2015-02-23 00:00:00
eglibc - security update
2015-11-26 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package glibc version 6:2.17-alt6
2014-01-11 00:00:00
Security fix for the ALT Linux 7 package glibc version 6:2.17-alt6
2014-01-11 00:00:00
Security fix for the ALT Linux 6 package glibc version 6:2.11.3-alt8.M60P.3
2015-12-23 00:00:00
securityvulns
securityvulns
[ MDVSA-2013:284 ] glibc
2013-12-01 00:00:00
glibc security vulnerabilities
2013-12-01 00:00:00
GNU glibc multiple security vulnerabilities
2015-03-07 00:00:00
openvas
openvas
Ubuntu Update for eglibc USN-1991-1
2013-10-29 00:00:00
Ubuntu Update for eglibc USN-1991-1
2013-10-29 00:00:00
Gentoo Security Advisory GLSA 201503-04
2015-09-29 00:00:00
ubuntu
ubuntu
GNU C Library vulnerabilities
2013-10-21 00:00:00
GNU C Library regression
2014-09-08 00:00:00
GNU C Library vulnerabilities
2014-08-04 00:00:00
nessus
nessus
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : eglibc vulnerabilities (USN-1991-1)
2013-10-22 00:00:00
SuSE 11.2 Security Update : glibc (SAT Patch Number 8335)
2013-12-10 00:00:00
SuSE 11.3 Security Update : glibc (SAT Patch Number 8337)
2013-12-10 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2015-03-08 00:00:00
mageia
mageia
Updated glibc package fixes security vulnerabilities
2013-11-22 22:44:49
Updated glibc packages fix security vulnerabilities
2015-05-06 18:16:01
Updated glibc packages fix security vulnerabilities
2015-02-17 21:38:13
suse
suse
Security update for glibc (important)
2014-09-12 06:04:16
Security update for glibc (important)
2014-09-15 19:04:18
Security update for glibc (important)
2014-09-12 02:04:23
fedora
fedora
[SECURITY] Fedora 19 Update: glibc-2.17-18.fc19
2013-09-28 00:07:09
[SECURITY] Fedora 19 Update: glibc-2.17-13.fc19
2013-08-22 00:50:09
[SECURITY] Fedora 19 Update: glibc-2.17-21.fc19
2014-10-19 13:24:18
slackware
slackware
[slackware-security] glibc
2014-10-24 05:36:04
oraclelinux
oraclelinux
glibc security, bug fix, and enhancement update
2013-11-25 00:00:00
glibc security, bug fix, and enhancement update
2015-11-24 00:00:00
glibc security and bug fix update
2013-04-24 00:00:00
amazon
amazon
Medium: glibc
2013-12-17 21:39:00
Important: glibc
2015-12-14 10:00:00
Medium: glibc
2012-07-25 17:56:00
redhat
redhat
(RHSA-2013:1605) Moderate: glibc security, bug fix, and enhancement update
2013-11-21 00:00:00
(RHSA-2015:2199) Moderate: glibc security, bug fix, and enhancement update
2015-11-19 14:39:58
(RHSA-2014:1391) Moderate: glibc security, bug fix, and enhancement update
2014-10-14 00:00:00
centos
centos
glibc, nscd security update
2013-11-26 13:31:38
glibc, nscd security update
2015-11-30 19:30:07
glibc, nscd security update
2014-10-20 18:08:56
prion
prion
Stack overflow
2013-12-12 18:55:00
Format string
2014-02-10 18:15:00
cve
cve
CVE-2013-4458
2013-12-12 18:55:00
CVE-2012-3406
2014-02-10 18:15:00
CVE-2013-7424
2015-08-26 19:59:00
debiancve
debiancve
CVE-2013-4458
2013-12-12 18:55:00
CVE-2012-3406
2014-02-10 18:15:00
ibm
ibm
Security Bulletin: Vulnerabilities in glibc could lead to a local or remote buffer overflow in IBM SOA Policy Gateway Pattern for Red Hat Enterprise Linux Server . (CVE-2015-1472, CVE-2013-7423)
2018-06-15 07:02:48
Security Bulletin: Multiple vulnerabilities in the GNU C Library (glibc) affect PowerKVM
2018-06-18 01:30:38
Security Bulletin: IBM BladeCenter Advanced Management Module is affected by glibc vulnerabilities (CVE-2015-1472, CVE-2013-7423, CVE-2014-7817, and CVE-2014-9402)
2019-01-31 01:55:01
veracode
veracode
Stack-based Buffer Overflow
2019-05-02 04:44:45
Remote Code Execution (RCE)
2019-01-15 08:54:39
Denial Of Service (DoS)
2019-01-15 09:07:05
archlinux
archlinux
glibc: multiple issues
2015-02-09 00:00:00
ubuntucve
ubuntucve
CVE-2015-1473
2015-02-05 00:00:00
CVE-2012-3406
2012-07-13 00:00:00
CVE-2013-4458
2013-12-12 00:00:00
f5
f5
SOL16364 - GNU C Library (glibc) vulnerability CVE-2012-3406
2015-04-03 00:00:00
K16364 : GNU C Library (glibc) vulnerability CVE-2012-3406
2015-07-23 00:00:00
K15640 : GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458
2014-10-02 00:00:00
JSON
Related for DEBIAN_DLA-165.NASL
debian3osv3altlinux3securityvulns6openvas47ubuntu7nessus67gentoo1mageia3suse3fedora6slackware1oraclelinux5amazon3redhat6centos5prion2cve3debiancve2ibm10veracode3archlinux1ubuntucve3f56