Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2013-723.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : glibc (openSUSE-SU-2013:1510-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26
JSON

This update fixes the following issues in glibc :

  • CVE-2012-4412: glibc: buffer overflow in strcoll

  • CVE-2013-0242: glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters

  • CVE-2013-1914: glibc: stack overflow in getaddrinfo() sorting

  • CVE-2013-2207: glibc: pt_chown tricked into granting access to another users pseudo-terminal

  • CVE-2013-4237: glibc: Buffer overwrite - NAME_MAX not enforced by readdir_r()

  • bnc#805054: man 1 locale mentions non-existent file

  • bnc#813306: glibc 2.17 fprintf(stderr, …) triggers write of undefined values if stderr is closed

  • bnc#819383: pldd a process multiple times can freeze the process

  • bnc#819524: nscd segfault

  • bnc#824046: glibc: blacklist code in bindresvport doesn’t release lock, results in double-lock

  • bnc#839870: glibc: three integer overflows in memory allocator

  • ARM: Support loading unmarked objects from cache

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2013-723.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(75154);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2012-4412", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-2207", "CVE-2013-4237", "CVE-2013-4332");

  script_name(english:"openSUSE Security Update : glibc (openSUSE-SU-2013:1510-1)");
  script_summary(english:"Check for the openSUSE-2013-723 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes the following issues in glibc :

  - CVE-2012-4412: glibc: buffer overflow in strcoll

  - CVE-2013-0242: glibc: DoS due to a buffer overrun in
    regexp matcher by processing multibyte characters

  - CVE-2013-1914: glibc: stack overflow in getaddrinfo()
    sorting

  - CVE-2013-2207: glibc: pt_chown tricked into granting
    access to another users pseudo-terminal

  - CVE-2013-4237: glibc: Buffer overwrite - NAME_MAX not
    enforced by readdir_r()

  - bnc#805054: man 1 locale mentions non-existent file

  - bnc#813306: glibc 2.17 fprintf(stderr, ...) triggers
    write of undefined values if stderr is closed

  - bnc#819383: pldd a process multiple times can freeze the
    process

  - bnc#819524: nscd segfault

  - bnc#824046: glibc: blacklist code in bindresvport
    doesn't release lock, results in double-lock

  - bnc#839870: glibc: three integer overflows in memory
    allocator

  - ARM: Support loading unmarked objects from cache"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=779320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=801246"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=805054"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=813121"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=813306"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=819383"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=819524"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=824046"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=830257"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=834594"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=839870"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2013-09/msg00072.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected glibc packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel-static-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-extra-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-i18ndata");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-info");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-locale");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-locale-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-obsolete");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-profile");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-profile-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-utils-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-utils-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nscd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nscd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.3", reference:"glibc-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"glibc-debuginfo-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"glibc-debugsource-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"glibc-devel-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"glibc-devel-debuginfo-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"glibc-devel-static-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"glibc-extra-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"glibc-extra-debuginfo-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"glibc-html-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"glibc-i18ndata-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"glibc-info-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"glibc-locale-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"glibc-locale-debuginfo-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"glibc-obsolete-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"glibc-obsolete-debuginfo-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"glibc-profile-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"glibc-utils-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"glibc-utils-debuginfo-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"glibc-utils-debugsource-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"nscd-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"nscd-debuginfo-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"glibc-32bit-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"glibc-debuginfo-32bit-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"glibc-devel-32bit-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"glibc-devel-debuginfo-32bit-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"glibc-devel-static-32bit-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"glibc-locale-32bit-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"glibc-locale-debuginfo-32bit-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"glibc-profile-32bit-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"glibc-utils-32bit-2.17-4.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"glibc-utils-debuginfo-32bit-2.17-4.7.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
}
VendorProductVersionCPE
novellopensuseglibcp-cpe:/a:novell:opensuse:glibc
novellopensuseglibc-32bitp-cpe:/a:novell:opensuse:glibc-32bit
novellopensuseglibc-debuginfop-cpe:/a:novell:opensuse:glibc-debuginfo
novellopensuseglibc-debuginfo-32bitp-cpe:/a:novell:opensuse:glibc-debuginfo-32bit
novellopensuseglibc-debugsourcep-cpe:/a:novell:opensuse:glibc-debugsource
novellopensuseglibc-develp-cpe:/a:novell:opensuse:glibc-devel
novellopensuseglibc-devel-32bitp-cpe:/a:novell:opensuse:glibc-devel-32bit
novellopensuseglibc-devel-debuginfop-cpe:/a:novell:opensuse:glibc-devel-debuginfo
novellopensuseglibc-devel-debuginfo-32bitp-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit
novellopensuseglibc-devel-staticp-cpe:/a:novell:opensuse:glibc-devel-static
Rows per page:
1-10 of 321

References

Related

nessus 57
ubuntu 1
openvas 54
oraclelinux 4
amazon 1
fedora 8
redhat 5
centos 4
mageia 2
suse 4
securityvulns 4
veracode 3
altlinux 3
gentoo 1
debian 2
ibm 7
ubuntucve 7
prion 7
cve 7
debiancve 7
osv 2
vmware 4
slackware 1
f5 2
packetstorm 1
zdt 1
nessus
nessus
SuSE 11.3 Security Update : glibc (SAT Patch Number 8337)
2013-12-10 00:00:00
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : eglibc vulnerabilities (USN-1991-1)
2013-10-22 00:00:00
SuSE 11.2 Security Update : glibc (SAT Patch Number 8335)
2013-12-10 00:00:00
ubuntu
ubuntu
GNU C Library vulnerabilities
2013-10-21 00:00:00
openvas
openvas
Ubuntu Update for eglibc USN-1991-1
2013-10-29 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:1852-1)
2021-06-09 00:00:00
Ubuntu: Security Advisory (USN-1991-1)
2013-10-29 00:00:00
oraclelinux
oraclelinux
glibc security, bug fix, and enhancement update
2013-11-25 00:00:00
glibc security and bug fix update
2013-04-24 00:00:00
glibc security and bug fix update
2013-10-08 00:00:00
amazon
amazon
Medium: glibc
2013-12-17 21:39:00
fedora
fedora
[SECURITY] Fedora 19 Update: glibc-2.17-13.fc19
2013-08-22 00:50:09
[SECURITY] Fedora 19 Update: glibc-2.17-18.fc19
2013-09-28 00:07:09
[SECURITY] Fedora 19 Update: glibc-2.17-14.fc19
2013-08-27 23:29:45
redhat
redhat
(RHSA-2013:1605) Moderate: glibc security, bug fix, and enhancement update
2013-11-21 00:00:00
(RHSA-2013:0769) Low: glibc security and bug fix update
2013-04-24 00:00:00
(RHSA-2013:1411) Moderate: glibc security and bug fix update
2013-10-08 00:00:00
centos
centos
glibc, nscd security update
2013-11-26 13:31:38
glibc, nscd security update
2013-04-24 21:58:40
glibc, nscd security update
2013-10-08 20:20:03
mageia
mageia
Updated glibc package fixes security vulnerabilities
2013-11-22 22:44:49
Updated glibc packages fix security vulnerabilities
2015-05-06 18:16:01
suse
suse
Security update for glibc (important)
2014-09-12 06:04:16
Security update for glibc (important)
2014-09-15 19:04:18
Security update for glibc (important)
2014-09-12 02:04:23
securityvulns
securityvulns
GNU glibc security vulnerabilities
2013-05-09 00:00:00
[ MDVSA-2013:163 ] glibc
2013-05-09 00:00:00
[ MDVSA-2013:284 ] glibc
2013-12-01 00:00:00
veracode
veracode
Stack-based Buffer Overflow
2019-05-02 04:44:45
Denial Of Service (DoS)
2019-01-15 09:00:29
Denial Of Service (DoS)
2019-01-15 08:52:21
altlinux
altlinux
Security fix for the ALT Linux 6 package glibc version 6:2.11.3-alt8.M60P.3
2015-12-23 00:00:00
Security fix for the ALT Linux 7 package glibc version 6:2.17-alt6
2014-01-11 00:00:00
Security fix for the ALT Linux 9 package glibc version 6:2.17-alt6
2014-01-11 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2015-03-08 00:00:00
debian
debian
[SECURITY] [DLA 165-1] eglibc security update
2015-03-06 15:39:53
[SECURITY] [DLA 350-1] eglibc security update
2015-11-26 17:49:39
ibm
ibm
Security Bulletin: Vulnerability in glibc affects Integrated Management Module 2 (IMM2) (CVE-2013-4332)
2019-01-31 01:55:01
Security Bulletin: Vulnerabilities in the GNU C Libraries (glibc) affect IBM Flex System Manager(FSM) (CVE-2013-2207, CVE-2014-8121, CVE-2015-1781)
2018-06-18 01:30:10
Security Bulletin: Vulnerabilities in glibc affect the IBM Flex System Manager (FSM): (CVE-2013-4332, CVE-2014-0475, CVE-2014-5119)
2019-01-31 01:35:01
ubuntucve
ubuntucve
CVE-2013-4332
2013-10-09 00:00:00
CVE-2012-4412
2013-10-09 00:00:00
CVE-2013-2207
2013-10-09 00:00:00
prion
prion
Integer overflow
2013-10-09 22:55:00
Integer overflow
2013-10-09 22:55:00
Design/Logic Flaw
2013-10-09 22:55:00
cve
cve
CVE-2012-4412
2013-10-09 22:55:00
CVE-2013-4332
2013-10-09 22:55:00
CVE-2013-1914
2013-04-29 22:55:00
debiancve
debiancve
CVE-2012-4412
2013-10-09 22:55:00
CVE-2013-4332
2013-10-09 22:55:00
CVE-2013-2207
2013-10-09 22:55:00
osv
osv
eglibc - security update
2015-03-06 00:00:00
eglibc - security update
2015-11-26 00:00:00
vmware
vmware
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
VMware vSphere updates to third party libraries
2014-03-11 00:00:00
slackware
slackware
[slackware-security] glibc
2014-10-24 05:36:04
f5
f5
K15640 : GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458
2014-10-02 00:00:00
SOL15640 - GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458
2014-10-02 00:00:00
packetstorm
packetstorm
Moxa Command Injection / Cross Site Scripting / Vulnerable Software
2021-09-01 00:00:00
zdt
zdt
Moxa Command Injection / Cross Site Scripting Vulnerabilities
2021-09-01 00:00:00
JSON
Related for OPENSUSE-2013-723.NASL
nessus57ubuntu1openvas54oraclelinux4amazon1fedora8redhat5centos4mageia2suse4securityvulns4veracode3altlinux3gentoo1debian2ibm7ubuntucve7prion7cve7debiancve7osv2vmware4slackware1f52packetstorm1zdt1