Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-3169.NASL
HistoryFeb 24, 2015 - 12:00 a.m.

Debian DSA-3169-1 : eglibc - security update

2015-02-2400:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
84
JSON

Several vulnerabilities have been fixed in eglibc, Debian’s version of the GNU C library :

  • CVE-2012-3406 The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not ‘properly restrict the use of’ the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.

  • CVE-2013-7424 An invalid free flaw was found in glibc’s getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support.

  • CVE-2014-4043 The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.

  • CVE-2014-9402 The getnetbyname function in glibc 2.21 or earlier will enter an infinite loop if the DNS backend is activated in the system Name Service Switch configuration, and the DNS resolver receives a positive answer while processing the network name.

  • CVE-2015-1472 / CVE-2015-1473 Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer. The incorrect use of ‘__libc_use_alloca (newsize)’ caused a different (and weaker) policy to be enforced which could allow a denial of service attack.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3169. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(81448);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2012-3406", "CVE-2013-7424", "CVE-2014-4043", "CVE-2014-9402", "CVE-2015-1472", "CVE-2015-1473");
  script_bugtraq_id(54374, 68006, 71670, 72428, 72499, 72710);
  script_xref(name:"DSA", value:"3169");

  script_name(english:"Debian DSA-3169-1 : eglibc - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been fixed in eglibc, Debian's version of
the GNU C library :

  - CVE-2012-3406
    The vfprintf function in stdio-common/vfprintf.c in GNU
    C Library (aka glibc) 2.5, 2.12, and probably other
    versions does not 'properly restrict the use of' the
    alloca function when allocating the SPECS array, which
    allows context-dependent attackers to bypass the
    FORTIFY_SOURCE format-string protection mechanism and
    cause a denial of service (crash) or possibly execute
    arbitrary code via a crafted format string using
    positional parameters and a large number of format
    specifiers, a different vulnerability than CVE-2012-3404
    and CVE-2012-3405.

  - CVE-2013-7424
    An invalid free flaw was found in glibc's getaddrinfo()
    function when used with the AI_IDN flag. A remote
    attacker able to make an application call this function
    could use this flaw to execute arbitrary code with the
    permissions of the user running the application. Note
    that this flaw only affected applications using glibc
    compiled with libidn support.

  - CVE-2014-4043
    The posix_spawn_file_actions_addopen function in glibc
    before 2.20 does not copy its path argument in
    accordance with the POSIX specification, which allows
    context-dependent attackers to trigger use-after-free
    vulnerabilities.

  - CVE-2014-9402
    The getnetbyname function in glibc 2.21 or earlier will
    enter an infinite loop if the DNS backend is activated
    in the system Name Service Switch configuration, and the
    DNS resolver receives a positive answer while processing
    the network name.

  - CVE-2015-1472 / CVE-2015-1473
    Under certain conditions wscanf can allocate too little
    memory for the to-be-scanned arguments and overflow the
    allocated buffer. The incorrect use of
    '__libc_use_alloca (newsize)' caused a different (and
    weaker) policy to be enforced which could allow a denial
    of service attack."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681888"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751774"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775572"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777197"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-3406"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-3404"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-3405"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-7424"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-4043"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-9402"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-1472"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-1473"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/eglibc"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2015/dsa-3169"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the eglibc packages.

For the stable distribution (wheezy), these issues are fixed in
version 2.13-38+deb7u8 of the eglibc package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:eglibc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/02/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"eglibc-source", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"glibc-doc", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc-bin", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc-dev-bin", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc0.1", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc0.1-dbg", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc0.1-dev", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc0.1-dev-i386", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc0.1-i386", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc0.1-i686", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc0.1-pic", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc0.1-prof", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-amd64", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-dbg", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-dev", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-dev-amd64", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-dev-i386", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-dev-mips64", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-dev-mipsn32", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-dev-ppc64", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-dev-s390", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-dev-s390x", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-dev-sparc64", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-i386", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-i686", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-loongson2f", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-mips64", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-mipsn32", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-pic", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-ppc64", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-prof", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-s390", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-s390x", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-sparc64", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6-xen", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6.1", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6.1-dbg", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6.1-dev", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6.1-pic", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"libc6.1-prof", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"locales", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"locales-all", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"multiarch-support", reference:"2.13-38+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"nscd", reference:"2.13-38+deb7u8")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxeglibcp-cpe:/a:debian:debian_linux:eglibc
debiandebian_linux7.0cpe:/o:debian:debian_linux:7.0

References

Related

securityvulns 5
osv 2
openvas 49
debian 3
nessus 54
f5 11
debiancve 8
amazon 2
redhat 6
prion 8
oraclelinux 4
ubuntucve 8
cve 8
veracode 2
centos 4
ubuntu 3
fedora 2
archlinux 2
mageia 3
ibm 11
suse 1
gentoo 1
vmware 2
securityvulns
securityvulns
[SECURITY] [DSA 3169-1] eglibc security update
2015-03-07 00:00:00
GNU glibc multiple security vulnerabilities
2015-03-07 00:00:00
glibc use-after-free
2014-08-11 00:00:00
osv
osv
eglibc - security update
2015-02-23 00:00:00
eglibc - security update
2015-03-06 00:00:00
openvas
openvas
Debian Security Advisory DSA 3169-1 (eglibc - security update)
2015-02-23 00:00:00
Debian: Security Advisory (DSA-3169-1)
2015-02-22 00:00:00
RedHat Update for glibc RHSA-2012:1098-01
2012-07-19 00:00:00
debian
debian
[SECURITY] [DSA 3169-1] eglibc security update
2015-02-23 06:08:58
[SECURITY] [DLA 165-1] eglibc security update
2015-03-06 15:39:53
[SECURITY] [DLA 122-1] eglibc security update
2014-12-22 23:19:26
nessus
nessus
RHEL 6 : glibc (RHSA-2012:1098)
2012-07-19 00:00:00
Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20120718)
2012-08-01 00:00:00
Amazon Linux AMI : glibc (ALAS-2012-109)
2013-09-04 00:00:00
f5
f5
SOL16364 - GNU C Library (glibc) vulnerability CVE-2012-3406
2015-04-03 00:00:00
K16364 : GNU C Library (glibc) vulnerability CVE-2012-3406
2015-07-23 00:00:00
SOL16472 - glibc vulnerability CVE-2013-7424
2015-04-20 00:00:00
debiancve
debiancve
CVE-2012-3406
2014-02-10 18:15:00
CVE-2012-3405
2014-02-10 18:15:00
CVE-2013-7424
2015-08-26 19:59:00
amazon
amazon
Medium: glibc
2012-07-25 17:56:00
Important: glibc
2015-12-14 10:00:00
redhat
redhat
(RHSA-2012:1098) Moderate: glibc security and bug fix update
2012-07-18 00:00:00
(RHSA-2015:1627) Moderate: glibc security update
2015-08-17 00:00:00
(RHSA-2015:2199) Moderate: glibc security, bug fix, and enhancement update
2015-11-19 14:39:58
prion
prion
Format string
2014-02-10 18:15:00
Format string
2014-02-10 18:15:00
Code injection
2015-08-26 19:59:00
oraclelinux
oraclelinux
glibc security and bug fix update
2012-07-18 00:00:00
glibc security, bug fix, and enhancement update
2015-11-24 00:00:00
glibc security and bug fix update
2012-07-18 00:00:00
ubuntucve
ubuntucve
CVE-2012-3406
2012-07-13 00:00:00
CVE-2012-3405
2012-07-13 00:00:00
CVE-2015-1473
2015-02-05 00:00:00
cve
cve
CVE-2012-3406
2014-02-10 18:15:00
CVE-2012-3405
2014-02-10 18:15:00
CVE-2013-7424
2015-08-26 19:59:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 08:54:39
Denial Of Service (DoS)
2019-01-15 09:07:05
centos
centos
glibc, nscd security update
2012-07-18 18:17:20
glibc, nscd security update
2015-08-17 16:53:34
glibc, nscd security update
2015-11-30 19:30:07
ubuntu
ubuntu
GNU C Library regression
2012-12-17 00:00:00
GNU C Library vulnerabilities
2012-10-02 00:00:00
GNU C Library vulnerabilities
2015-02-26 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: glibc-2.15-54.fc17
2012-08-15 22:54:00
[SECURITY] Fedora 21 Update: glibc-2.20-8.fc21
2015-03-04 10:27:01
archlinux
archlinux
glibc: arbitrary code execution
2014-12-18 00:00:00
glibc: multiple issues
2015-02-09 00:00:00
mageia
mageia
Updated glibc packages fix security vulnerabilities
2015-01-08 15:24:22
Updated glibc packages fix security vulnerabilities
2015-02-17 21:38:13
Updated glibc packages fix security issues
2014-08-06 00:08:48
ibm
ibm
Security Bulletin: Vulnerabilities in GNU C Library Affect Power Hardware Management Console (CVE-2013-7423, CVE-2014-7817, CVE-2014-9402, CVE-2015-1472)
2021-09-23 01:31:39
Security Bulletin: Vulnerabilities in glibc affect IBM Integrated Management Module II (IMM2) for System x, BladeCenter and Flex Systems (CVE-2015-1472, CVE-2013-7423, CVE-2014-7817, CVE-2014-9402)
2023-04-18 18:22:18
Security Bulletin: IBM BladeCenter Advanced Management Module is affected by glibc vulnerabilities (CVE-2015-1472, CVE-2013-7423, CVE-2014-7817, and CVE-2014-9402)
2019-01-31 01:55:01
suse
suse
Security update for glibc (important)
2015-08-14 16:09:31
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2015-03-08 00:00:00
vmware
vmware
VMware security updates for vCSA, vCenter Server, and ESXi
2012-12-20 00:00:00
VMware security updates for vCSA, vCenter Server, and ESXi
2012-12-20 00:00:00
JSON
Related for DEBIAN_DSA-3169.NASL
securityvulns5osv2openvas49debian3nessus54f511debiancve8amazon2redhat6prion8oraclelinux4ubuntucve8cve8veracode2centos4ubuntu3fedora2archlinux2mageia3ibm11suse1gentoo1vmware2