Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 Tenable Network Security, Inc.SUSE_11_GLIBC-121129.NASL
HistoryJan 25, 2013 - 12:00 a.m.

SuSE 11.2 Security Update : glibc (SAT Patch Number 7110)

2013-01-2500:00:00
This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.
www.tenable.com
12
JSON

This collective update for the GNU C library (glibc) provides the following fixes :

  • Fix strtod integer/buffer overflows. (bnc#775690, CVE-2012-3480)

  • Fix vfprintf handling of many format specifiers.
    (bnc#770891, CVE-2012-3404 / CVE-2012-3405 / CVE-2012-3406)

  • Fix pthread_cond_timedwait stack unwinding. (bnc#750741, bnc#777233)

  • Improve fix for dynamic library unloading. (bnc#783060)

  • Fix resolver when first query fails, but second one succeeds. (bnc#767266)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(64150);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2012-3404", "CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480");

  script_name(english:"SuSE 11.2 Security Update : glibc (SAT Patch Number 7110)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This collective update for the GNU C library (glibc) provides the
following fixes :

  - Fix strtod integer/buffer overflows. (bnc#775690,
    CVE-2012-3480)

  - Fix vfprintf handling of many format specifiers.
    (bnc#770891, CVE-2012-3404 / CVE-2012-3405 /
    CVE-2012-3406)

  - Fix pthread_cond_timedwait stack unwinding. (bnc#750741,
    bnc#777233)

  - Improve fix for dynamic library unloading. (bnc#783060)

  - Fix resolver when first query fails, but second one
    succeeds. (bnc#767266)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=750741"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=767266"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=770891"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=775690"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=777233"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=783060"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-3404.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-3405.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-3406.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-3480.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 7110.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-i18ndata");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-info");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-locale");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-profile");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:nscd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/11/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");


flag = 0;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"glibc-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"glibc-devel-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"glibc-i18ndata-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"glibc-locale-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"nscd-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i686", reference:"glibc-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i686", reference:"glibc-devel-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"glibc-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"glibc-32bit-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"glibc-devel-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"glibc-devel-32bit-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"glibc-i18ndata-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"glibc-locale-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"glibc-locale-32bit-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"nscd-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"glibc-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"glibc-devel-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"glibc-html-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"glibc-i18ndata-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"glibc-info-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"glibc-locale-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"glibc-profile-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"nscd-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"glibc-32bit-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"glibc-devel-32bit-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"glibc-locale-32bit-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"glibc-profile-32bit-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"glibc-32bit-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"glibc-devel-32bit-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"glibc-locale-32bit-2.11.3-17.43.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"glibc-profile-32bit-2.11.3-17.43.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc-32bit
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc-devel
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc-html
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc-i18ndata
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc-info
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc-locale
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc-profile
Rows per page:
1-10 of 131

Related

openvas 39
nessus 43
ubuntu 2
f5 2
debiancve 4
amazon 2
prion 4
oraclelinux 4
cve 4
ubuntucve 4
veracode 2
centos 4
redhat 8
fedora 4
osv 2
debian 2
securityvulns 5
vmware 2
slackware 1
gentoo 1
archlinux 1
mageia 1
openvas
openvas
Ubuntu Update for eglibc USN-1589-1
2012-10-03 00:00:00
Ubuntu Update for glibc USN-1589-2
2012-12-18 00:00:00
Ubuntu Update for glibc USN-1589-2
2012-12-18 00:00:00
nessus
nessus
Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : eglibc, glibc vulnerabilities (USN-1589-1)
2012-10-02 00:00:00
Ubuntu 8.04 LTS : glibc regression (USN-1589-2)
2012-12-18 00:00:00
RHEL 6 : glibc (RHSA-2012:1098)
2012-07-19 00:00:00
ubuntu
ubuntu
GNU C Library vulnerabilities
2012-10-02 00:00:00
GNU C Library regression
2012-12-17 00:00:00
f5
f5
SOL16364 - GNU C Library (glibc) vulnerability CVE-2012-3406
2015-04-03 00:00:00
K16364 : GNU C Library (glibc) vulnerability CVE-2012-3406
2015-07-23 00:00:00
debiancve
debiancve
CVE-2012-3406
2014-02-10 18:15:00
CVE-2012-3405
2014-02-10 18:15:00
CVE-2012-3404
2014-02-10 18:15:00
amazon
amazon
Medium: glibc
2012-07-25 17:56:00
Medium: glibc
2012-09-04 10:23:00
prion
prion
Format string
2014-02-10 18:15:00
Format string
2014-02-10 18:15:00
Format string
2014-02-10 18:15:00
oraclelinux
oraclelinux
glibc security and bug fix update
2012-07-18 00:00:00
glibc security and bug fix update
2012-07-18 00:00:00
glibc security update
2012-08-27 00:00:00
cve
cve
CVE-2012-3406
2014-02-10 18:15:00
CVE-2012-3405
2014-02-10 18:15:00
CVE-2012-3404
2014-02-10 18:15:00
ubuntucve
ubuntucve
CVE-2012-3406
2012-07-13 00:00:00
CVE-2012-3405
2012-07-13 00:00:00
CVE-2012-3404
2012-07-13 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 08:54:39
Remote Code Execution (RCE)
2019-01-15 08:56:24
centos
centos
glibc, nscd security update
2012-07-18 18:17:20
glibc, nscd security update
2012-07-18 17:40:39
glibc, nscd security update
2012-08-27 16:45:54
redhat
redhat
(RHSA-2012:1098) Moderate: glibc security and bug fix update
2012-07-18 00:00:00
(RHSA-2012:1097) Moderate: glibc security and bug fix update
2012-07-18 00:00:00
(RHSA-2012:1208) Moderate: glibc security update
2012-08-27 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: glibc-2.15-54.fc17
2012-08-15 22:54:00
[SECURITY] Fedora 18 Update: glibc-2.16-8.fc18
2012-09-17 23:50:57
[SECURITY] Fedora 17 Update: glibc-2.15-56.fc17
2012-08-18 01:30:04
osv
osv
eglibc - security update
2015-02-23 00:00:00
eglibc - security update
2015-03-06 00:00:00
debian
debian
[SECURITY] [DSA 3169-1] eglibc security update
2015-02-23 06:08:58
[SECURITY] [DLA 165-1] eglibc security update
2015-03-06 15:39:53
securityvulns
securityvulns
[SECURITY] [DSA 3169-1] eglibc security update
2015-03-07 00:00:00
VMSA-2012-0018 VMware security updates for vCSA and ESXi
2013-01-02 00:00:00
[slackware-security] glibc &#40;SSA:2012-244-01&#41;
2012-09-04 00:00:00
vmware
vmware
VMware security updates for vCSA, vCenter Server, and ESXi
2012-12-20 00:00:00
VMware security updates for vCSA, vCenter Server, and ESXi
2012-12-20 00:00:00
slackware
slackware
[slackware-security] glibc
2012-08-31 18:37:01
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2015-03-08 00:00:00
archlinux
archlinux
glibc: arbitrary code execution
2014-12-18 00:00:00
mageia
mageia
Updated glibc packages fix security vulnerabilities
2015-01-08 15:24:22
JSON
Related for SUSE_11_GLIBC-121129.NASL
openvas39nessus43ubuntu2f52debiancve4amazon2prion4oraclelinux4cve4ubuntucve4veracode2centos4redhat8fedora4osv2debian2securityvulns5vmware2slackware1gentoo1archlinux1mageia1