Lucene search
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2010-0787.NASLHistoryJul 12, 2013 - 12:00 a.m.
Oracle Linux 5 : glibc (ELSA-2010-0787)
2013-07-1200:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
From Red Hat Security Advisory 2010:0787 :
Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.
It was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LD_AUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use this flaw to escalate their privileges. (CVE-2010-3847)
Red Hat would like to thank Tavis Ormandy for reporting this issue.
All users should upgrade to these updated packages, which contain a backported patch to correct this issue.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2010:0787 and
# Oracle Linux Security Advisory ELSA-2010-0787 respectively.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(68123);
script_version("1.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2010-3847");
script_bugtraq_id(44154);
script_xref(name:"RHSA", value:"2010:0787");
script_name(english:"Oracle Linux 5 : glibc (ELSA-2010-0787)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Oracle Linux host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"From Red Hat Security Advisory 2010:0787 :
Updated glibc packages that fix one security issue are now available
for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System
(CVSS) base score, which gives a detailed severity rating, is
available from the CVE link in the References section.
The glibc packages contain the standard C libraries used by multiple
programs on the system. These packages contain the standard C and the
standard math libraries. Without these two libraries, a Linux system
cannot function properly.
It was discovered that the glibc dynamic linker/loader did not handle
the $ORIGIN dynamic string token set in the LD_AUDIT environment
variable securely. A local attacker with write access to a file system
containing setuid or setgid binaries could use this flaw to escalate
their privileges. (CVE-2010-3847)
Red Hat would like to thank Tavis Ormandy for reporting this issue.
All users should upgrade to these updated packages, which contain a
backported patch to correct this issue."
);
script_set_attribute(
attribute:"see_also",
value:"https://oss.oracle.com/pipermail/el-errata/2010-October/001703.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected glibc packages."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'glibc "$ORIGIN" Expansion Privilege Escalation');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nscd");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/07");
script_set_attribute(attribute:"patch_publication_date", value:"2010/10/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Oracle Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
flag = 0;
if (rpm_check(release:"EL5", reference:"glibc-2.5-49.el5_5.6")) flag++;
if (rpm_check(release:"EL5", reference:"glibc-common-2.5-49.el5_5.6")) flag++;
if (rpm_check(release:"EL5", reference:"glibc-devel-2.5-49.el5_5.6")) flag++;
if (rpm_check(release:"EL5", reference:"glibc-headers-2.5-49.el5_5.6")) flag++;
if (rpm_check(release:"EL5", reference:"glibc-utils-2.5-49.el5_5.6")) flag++;
if (rpm_check(release:"EL5", reference:"nscd-2.5-49.el5_5.6")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | linux | glibc | p-cpe:/a:oracle:linux:glibc |
| oracle | linux | glibc-common | p-cpe:/a:oracle:linux:glibc-common |
| oracle | linux | glibc-devel | p-cpe:/a:oracle:linux:glibc-devel |
| oracle | linux | glibc-headers | p-cpe:/a:oracle:linux:glibc-headers |
| oracle | linux | glibc-utils | p-cpe:/a:oracle:linux:glibc-utils |
| oracle | linux | nscd | p-cpe:/a:oracle:linux:nscd |
| oracle | linux | 5 | cpe:/o:oracle:linux:5 |
Related
canvas
canvas
Immunity Canvas: CVE_2010_3847
2011-01-07 19:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: glibc-2.12.1-3
2010-10-22 18:07:50
[SECURITY] Fedora 14 Update: glibc-2.12.90-17
2010-10-19 22:23:05
[SECURITY] Fedora 13 Update: glibc-2.12.1-4
2010-10-28 22:19:55
prion
prion
Directory traversal
2011-01-07 19:00:00
Design/Logic Flaw
2011-04-08 15:17:00
Design/Logic Flaw
2011-04-08 15:17:00
nessus
nessus
RHEL 5 : glibc (RHSA-2010:0787)
2010-10-21 00:00:00
CentOS 5 : glibc (CESA-2010:0787)
2010-11-24 00:00:00
openvas
openvas
Mandriva Update for glibc MDVSA-2010:207 (glibc)
2010-10-22 00:00:00
Mandriva Update for glibc MDVSA-2010:207 (glibc)
2010-10-22 00:00:00
RedHat Update for glibc RHSA-2010:0787-01
2010-10-22 00:00:00
cert
cert
GNU C library dynamic linker expands $ORIGIN in setuid library search path
2010-10-25 00:00:00
zdt
zdt
glibc $ORIGIN Expansion Privilege Escalation Exploit
2018-02-10 00:00:00
glibc LD_AUDIT libmemusage.so RHEL-Based Arbitrary DSO Load Privilege Escalation Exploit
2018-04-01 00:00:00
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation Exploit
2018-02-10 00:00:00
debiancve
debiancve
CVE-2010-3847
2011-01-07 19:00:00
CVE-2011-0536
2011-04-08 15:17:00
slackware
slackware
[slackware-security] glibc
2010-10-22 21:19:24
packetstorm
packetstorm
glibc '$ORIGIN' Expansion Privilege Escalation
2018-02-10 00:00:00
GNU C Library Dynamic Linker $ORIGIN Expansion Vulnerability
2010-10-19 00:00:00
oraclelinux
oraclelinux
glibc security update
2010-10-21 00:00:00
glibc security and bug fix update
2011-02-10 00:00:00
cve
cve
cvelist
cvelist
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:54:45
Privilege Escalation
2020-04-10 00:55:25
metasploit
metasploit
glibc '$ORIGIN' Expansion Privilege Escalation
2018-02-09 21:15:04
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
2018-01-28 05:11:38
redhat
redhat
(RHSA-2010:0787) Important: glibc security update
2010-10-20 00:00:00
(RHSA-2010:0872) Important: glibc security and bug fix update
2010-11-10 00:00:00
(RHSA-2011:0413) Important: glibc security update
2011-04-04 00:00:00
centos
centos
glibc, nscd security update
2010-10-21 09:47:03
glibc, nscd security update
2011-04-14 13:51:19
ubuntucve
ubuntucve
exploitdb
exploitdb
glibc - '$ORIGIN' Expansion Privilege Escalation (Metasploit)
2018-02-12 00:00:00
glibc - 'LD_AUDIT' Arbitrary DSO Load Privilege Escalation (Metasploit)
2018-02-12 00:00:00
GNU C library dynamic linker - '$ORIGIN' Expansion
2010-10-18 00:00:00
seebug
seebug
GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability
2014-07-01 00:00:00
GNU C library dynamic linker $ORIGIN expansion Vulnerability
2014-07-01 00:00:00
ubuntu
ubuntu
GNU C Library vulnerabilities
2010-10-22 00:00:00
GNU C Library vulnerability
2011-01-12 00:00:00
securityvulns
securityvulns
GNU C dynamic linker privilege escalation
2010-10-26 00:00:00
osv
osv
glibc - privilege escalation
2010-10-22 00:00:00
glibc - local privilege escalation
2010-10-22 00:00:00
debian
debian
[SECURITY] [DSA 2122-1] New glibc packages fix local privilege escalation
2010-10-22 17:05:47
[SECURITY] [DSA 2122-2] New glibc packages fix privilege escalation
2011-01-11 19:49:25
exploitpack
exploitpack
GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load Privilege Escalation
2010-10-22 00:00:00
GNU C library dynamic linker - $ORIGIN Expansion
2010-10-18 00:00:00
thn
thn
Two Linux vulnerabilities to get root access
2010-10-30 07:21:00
vmware
vmware
gentoo
gentoo
GNU C library: Multiple vulnerabilities
2010-11-15 00:00:00
GNU C Library: Multiple vulnerabilities
2013-12-03 00:00:00
suse
suse
local privilege escalation in glibc
2010-10-28 13:41:00
Related for ORACLELINUX_ELSA-2010-0787.NASL