MiracleLinux 7 : glibc-2.17-326.99.0.1.el7.AXS7 (AXSA:2025-10920:15)

🗓️ 13 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 7 glibc vulnerabilities CVE-2025-4802 and CVE-2019-9169 noted in AXSA-2025-10920:15.

Reporter	Title	Published	Views	Family All 308
IBM Security Bulletins	Security Bulletin: Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities.	11 Apr 202311:47	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DataPower Gateway potentially vulnerable to library path manipulation	22 Dec 202514:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2018-20796, CVE-2019-9169)	22 Oct 201904:16	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak	8 Nov 202516:02	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs	19 Oct 202115:38	–	ibm
IBM Security Bulletins	Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to untrusted library loading due to the GNU C library (CVE-2025-4802)	4 Sep 202522:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data are addressed	3 Mar 202514:36	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in GNU C Library affects IBM Watson Studio Local	20 Dec 201913:55	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities due to libxml2, python3, pam and glibc packages shipped with IBM CICS TX Standard.	12 Aug 202511:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image	3 Jul 202510:30	–	ibm

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/22104
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2025-10920:15.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(283029);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/13");

  script_cve_id("CVE-2019-9169", "CVE-2025-4802");

  script_name(english:"MiracleLinux 7 : glibc-2.17-326.99.0.1.el7.AXS7 (AXSA:2025-10920:15)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2025-10920:15 advisory.

    * CVE-2025-4802: prevent untrusted LD_LIBRARY_PATH from loading   dynamically shared libraries in
    statically compiled binaries that call   dlopen
    * CVE-2019-9169: fix heap-based buffer over-read in proceed_next_node function   in posix/regexec.c
    CVE(s):
    CVE-2025-4802
    Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38
    allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries
    that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as
    getaddrinfo).
    CVE-2019-9169
    In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-
    based buffer over-read via an attempted case-insensitive regular-expression match.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/22104");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9169");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/10/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:glibc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:glibc-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:glibc-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:glibc-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:glibc-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nscd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:7");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^7([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 7.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '7',
    'pkgs': [
      {'reference':'glibc-2.17-326.99.0.1.el7.AXS7', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'glibc-2.17-326.99.0.1.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'glibc-common-2.17-326.99.0.1.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'glibc-devel-2.17-326.99.0.1.el7.AXS7', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'glibc-devel-2.17-326.99.0.1.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'glibc-headers-2.17-326.99.0.1.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'glibc-utils-2.17-326.99.0.1.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nscd-2.17-326.99.0.1.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc');
}

13 Jan 2026 00:00Current

7.3High risk

Vulners AI Score7.3

CVSS 27.5

CVSS 3.17.8 - 9.8

EPSS0.04945

SSVC