EulerOS 2.0 SP2 : glibc (EulerOS-SA-2017-1147)

🗓️ 08 Aug 2017 00:00:00Reported by TenableType

EulerOS 2.0 SP2 glibc vulnerabilitie

Reporter	Title	Published	Views	Family All 277
IBM Security Bulletins	Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerability (CVE-2017-1000366)	16 Jun 201822:05	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in OpenSource GNU Glibc affect IBM Netezza Host Management	18 Oct 201903:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Network Protection is affected by a vulnerability in glibc	16 Jun 201822:01	–	ibm
IBM Security Bulletins	IBM Security Network Protection / IBM QRadar Network Security / XGS Technote Index	31 Jan 202100:10	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Glibc affect Power Hardware Management Console ( CVE-2017-15670, CVE-2017-12132, CVE-2015-5180, CVE-2014-9402)	22 Sep 202123:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in sudo, glibc affect IBM SmartCloud Entry (CVE-2017-1000368 CVE-2017-1000366)	19 Jul 202000:49	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in glibc affects PowerKVM	18 Jun 201801:36	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source GNU glibc Vulnerabilities which is used by IBM OS Images for RedHat Linux in IBM PureApplication Systems (CVE-2017-1000366)	15 Jun 201807:08	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in glibc affects IBM Flex System Manager (FSM) (CVE-2017-1000366)	18 Jun 201801:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been fixed in products bundled with IBM Security Directory Suite 8.0.1	16 Jun 201822:04	–	ibm

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(102234);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/04");

  script_cve_id("CVE-2014-9402", "CVE-2017-1000366");
  script_bugtraq_id(71670);

  script_name(english:"EulerOS 2.0 SP2 : glibc (EulerOS-SA-2017-1147)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the glibc packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - The nss_dns implementation of getnetbyname in GNU C
    Library (aka glibc) before 2.21, when the DNS backend
    in the Name Service Switch configuration is enabled,
    allows remote attackers to cause a denial of service
    (infinite loop) by sending a positive answer while a
    network name is being process.(CVE-2014-9402)

  - glibc contains a vulnerability that allows specially
    crafted LD_LIBRARY_PATH values to manipulate the
    heap/stack, causing them to alias, potentially
    resulting in arbitrary code execution. Please note that
    additional hardening changes have been made to glibc to
    prevent manipulation of stack and heap memory but these
    issues are not directly exploitable, as such they have
    not been given a CVE. This affects glibc 2.25 and
    earlier.(CVE-2017-1000366)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1147
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0b5a3465");
  script_set_attribute(attribute:"solution", value:
"Update the affected glibc packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-1000366");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/07/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nscd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["glibc-2.17-111.h15",
        "glibc-common-2.17-111.h15",
        "glibc-devel-2.17-111.h15",
        "glibc-headers-2.17-111.h15",
        "glibc-static-2.17-111.h15",
        "glibc-utils-2.17-111.h15",
        "nscd-2.17-111.h15"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
}

04 Dec 2025 00:00Current

7.5High risk

Vulners AI Score7.5

CVSS 27.8

CVSS 37.8

EPSS0.087