EulerOS 2.0 SP1 glibc (EulerOS-SA-2016-1073) stack overflow vulnerability in _nss_dns_getnetbyname_
Reporter | Title | Published | Views | Family All 70 |
---|---|---|---|---|
IBM Security Bulletins | Security Bulletin: A vulnerability in glibc affects PowerKVM | 18 Jun 201801:34 | – | ibm |
IBM Security Bulletins | Security Bulletin: Vulnerability in glibc affects Power Hardware Management Console (CVE-2016-3075) | 23 Sep 202101:31 | – | ibm |
IBM Security Bulletins | Security Bulletin: Vulnerability in GNU C Library (glibc) affects IBM Flex System FC5022 16Gb SAN Scalable Switch (CVE-2016-3075) | 31 Jan 201902:25 | – | ibm |
Prion | Stack overflow | 1 Jun 201620:59 | – | prion |
OSV | Red Hat Security Advisory: glibc security, bug fix, and enhancement update | 15 Sep 202423:07 | – | osv |
OSV | eglibc - security update | 30 May 201600:00 | – | osv |
OSV | glibc-2.24-2.3 on GA media | 15 Jun 202400:00 | – | osv |
UbuntuCve | CVE-2016-3075 | 31 Mar 201600:00 | – | ubuntucve |
OpenVAS | Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2016-1073) | 23 Jan 202000:00 | – | openvas |
OpenVAS | RedHat Update for glibc RHSA-2016:2573-02 | 4 Nov 201600:00 | – | openvas |
Source | Link |
---|---|
nessus | www.nessus.org/u |
cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(99833);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id(
"CVE-2016-3075"
);
script_name(english:"EulerOS 2.0 SP1 : glibc (EulerOS-SA-2016-1073)");
script_summary(english:"Checks the rpm output for the updated package.");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the glibc packages installed, the EulerOS
installation on the remote host is affected by the following
vulnerability :
- A stack overflow vulnerability was found in
_nss_dns_getnetbyname_r.On systems with nsswitch
configured to include 'networks: dns' with a privileged
or network-facing service that would attempt to resolve
user-provided network names, an attacker could provide
an excessively long network name, resulting in stack
corruption and code execution.(CVE-2016-3075)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1073
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?384a1aed");
script_set_attribute(attribute:"solution", value:
"Update the affected glibc package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"patch_publication_date", value:"2016/11/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nscd");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["glibc-2.17-111.h5",
"glibc-common-2.17-111.h5",
"glibc-devel-2.17-111.h5",
"glibc-headers-2.17-111.h5",
"glibc-static-2.17-111.h5",
"glibc-utils-2.17-111.h5",
"nscd-2.17-111.h5"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo