This updates addresses a critical security vulnerability in the DNS resolver related to AF_UNSPEC
queries with getaddrinfo
(CVE-2015-7547). It also includes security fixes for CVE-2015-8777 and CVE-2015-1781. It improves malloc
scalability for applications which start and terminate many threads. The output of locale -a
is now ASCII-only (previously, it contained ISO-8859-1 characters).
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2016-0480defc94.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(89473);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2015-1781", "CVE-2015-7547", "CVE-2015-8777");
script_xref(name:"FEDORA", value:"2016-0480defc94");
script_xref(name:"TRA", value:"TRA-2017-08");
script_name(english:"Fedora 22 : glibc-2.21-11.fc22 (2016-0480defc94)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This updates addresses a critical security vulnerability in the DNS
resolver related to `AF_UNSPEC` queries with `getaddrinfo`
(CVE-2015-7547). It also includes security fixes for CVE-2015-8777 and
CVE-2015-1781. It improves `malloc` scalability for applications which
start and terminate many threads. The output of `locale -a` is now
ASCII-only (previously, it contained ISO-8859-1 characters).
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1199525"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260581"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?9683b79d"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.tenable.com/security/research/tra-2017-08"
);
script_set_attribute(attribute:"solution", value:"Update the affected glibc package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:glibc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");
script_set_attribute(attribute:"patch_publication_date", value:"2016/02/17");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC22", reference:"glibc-2.21-11.fc22")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | glibc | p-cpe:/a:fedoraproject:fedora:glibc |
fedoraproject | fedora | 22 | cpe:/o:fedoraproject:fedora:22 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1781
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8777
www.nessus.org/u?9683b79d
bugzilla.redhat.com/show_bug.cgi?id=1199525
bugzilla.redhat.com/show_bug.cgi?id=1260581
bugzilla.redhat.com/show_bug.cgi?id=1293532
www.tenable.com/security/research/tra-2017-08