Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 Tenable Network Security, Inc.SUSE_11_GLIBC-130917.NASL
HistoryDec 10, 2013 - 12:00 a.m.

SuSE 11.3 Security Update : glibc (SAT Patch Number 8337)

2013-12-1000:00:00
This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.
www.tenable.com
19
JSON

This update for glibc contains the following fixes :

  • Fix integer overflows in malloc. (CVE-2013-4332, bnc#839870)

  • Fix buffer overflow in glob. (bnc#691365)

  • Fix buffer overflow in strcoll. (CVE-2012-4412, bnc#779320)

  • Update mount flags in <sys/mount.h>. (bnc#791928)

  • Fix buffer overrun in regexp matcher. (CVE-2013-0242, bnc#801246)

  • Fix memory leaks in dlopen. (bnc#811979)

  • Fix stack overflow in getaddrinfo with many results.
    (CVE-2013-1914, bnc#813121)

  • Don’t raise UNDERFLOW in tan/tanf for small but normal argument. (bnc#819347)

  • Properly cross page boundary in SSE4.2 implementation of strcmp. (bnc#822210)

  • Fix robust mutex handling after fork. (bnc#827811)

  • Fix missing character in IBM-943 charset. (bnc#828235)

  • Fix use of alloca in gaih_inet. (bnc#828637)

  • Initialize pointer guard also in static executables.
    (CVE-2013-4788, bnc#830268)

  • Fix readdir_r with long file names. (CVE-2013-4237, bnc#834594)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(71308);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2012-4412", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4237", "CVE-2013-4332", "CVE-2013-4788");

  script_name(english:"SuSE 11.3 Security Update : glibc (SAT Patch Number 8337)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for glibc contains the following fixes :

  - Fix integer overflows in malloc. (CVE-2013-4332,
    bnc#839870)

  - Fix buffer overflow in glob. (bnc#691365)

  - Fix buffer overflow in strcoll. (CVE-2012-4412,
    bnc#779320)

  - Update mount flags in <sys/mount.h>. (bnc#791928)

  - Fix buffer overrun in regexp matcher. (CVE-2013-0242,
    bnc#801246)

  - Fix memory leaks in dlopen. (bnc#811979)

  - Fix stack overflow in getaddrinfo with many results.
    (CVE-2013-1914, bnc#813121)

  - Don't raise UNDERFLOW in tan/tanf for small but normal
    argument. (bnc#819347)

  - Properly cross page boundary in SSE4.2 implementation of
    strcmp. (bnc#822210)

  - Fix robust mutex handling after fork. (bnc#827811)

  - Fix missing character in IBM-943 charset. (bnc#828235)

  - Fix use of alloca in gaih_inet. (bnc#828637)

  - Initialize pointer guard also in static executables.
    (CVE-2013-4788, bnc#830268)

  - Fix readdir_r with long file names. (CVE-2013-4237,
    bnc#834594)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=691365"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=779320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=791928"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=801246"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=811979"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=813121"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=819347"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=822210"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827811"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828235"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828637"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=830268"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=834594"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=839870"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4412.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0242.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1914.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4237.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4332.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4788.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 8337.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-i18ndata");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-info");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-locale");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-profile");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:nscd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");


flag = 0;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"glibc-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"glibc-devel-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"glibc-i18ndata-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"glibc-locale-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"nscd-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i686", reference:"glibc-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i686", reference:"glibc-devel-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-32bit-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-devel-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-devel-32bit-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-i18ndata-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-locale-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-locale-32bit-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"nscd-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"glibc-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"glibc-devel-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"glibc-html-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"glibc-i18ndata-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"glibc-info-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"glibc-locale-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"glibc-profile-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"nscd-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"glibc-32bit-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"glibc-devel-32bit-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"glibc-locale-32bit-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"glibc-profile-32bit-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"glibc-32bit-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"glibc-devel-32bit-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"glibc-locale-32bit-2.11.3-17.56.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"glibc-profile-32bit-2.11.3-17.56.2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc-32bit
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc-devel
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc-html
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc-i18ndata
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc-info
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc-locale
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:glibc-profile
Rows per page:
1-10 of 131

References

Related

openvas 53
nessus 55
ubuntu 1
suse 3
oraclelinux 4
amazon 1
centos 4
redhat 5
mageia 2
altlinux 3
securityvulns 4
fedora 7
veracode 3
gentoo 1
debian 2
osv 2
slackware 1
ibm 5
prion 7
cve 7
ubuntucve 7
debiancve 7
zdt 2
vmware 4
f5 2
packetstorm 2
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2013:1854-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:1852-1)
2021-06-09 00:00:00
Ubuntu Update for eglibc USN-1991-1
2013-10-29 00:00:00
nessus
nessus
SuSE 11.2 Security Update : glibc (SAT Patch Number 8335)
2013-12-10 00:00:00
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : eglibc vulnerabilities (USN-1991-1)
2013-10-22 00:00:00
openSUSE Security Update : glibc (openSUSE-SU-2013:1510-1)
2014-06-13 00:00:00
ubuntu
ubuntu
GNU C Library vulnerabilities
2013-10-21 00:00:00
suse
suse
Security update for glibc (important)
2014-09-12 06:04:16
Security update for glibc (important)
2014-09-15 19:04:18
Security update for glibc (important)
2014-09-12 02:04:23
oraclelinux
oraclelinux
glibc security, bug fix, and enhancement update
2013-11-25 00:00:00
glibc security and bug fix update
2013-04-24 00:00:00
glibc security and bug fix update
2013-10-08 00:00:00
amazon
amazon
Medium: glibc
2013-12-17 21:39:00
centos
centos
glibc, nscd security update
2013-11-26 13:31:38
glibc, nscd security update
2013-04-24 21:58:40
glibc, nscd security update
2013-10-08 20:20:03
redhat
redhat
(RHSA-2013:1605) Moderate: glibc security, bug fix, and enhancement update
2013-11-21 00:00:00
(RHSA-2013:0769) Low: glibc security and bug fix update
2013-04-24 00:00:00
(RHSA-2013:1411) Moderate: glibc security and bug fix update
2013-10-08 00:00:00
mageia
mageia
Updated glibc package fixes security vulnerabilities
2013-11-22 22:44:49
Updated glibc packages fix security vulnerabilities
2015-05-06 18:16:01
altlinux
altlinux
Security fix for the ALT Linux 7 package glibc version 6:2.17-alt6
2014-01-11 00:00:00
Security fix for the ALT Linux 9 package glibc version 6:2.17-alt6
2014-01-11 00:00:00
Security fix for the ALT Linux 6 package glibc version 6:2.11.3-alt8.M60P.3
2015-12-23 00:00:00
securityvulns
securityvulns
[ MDVSA-2013:284 ] glibc
2013-12-01 00:00:00
glibc security vulnerabilities
2013-12-01 00:00:00
[ MDVSA-2013:163 ] glibc
2013-05-09 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: glibc-2.17-18.fc19
2013-09-28 00:07:09
[SECURITY] Fedora 20 Update: glibc-2.18-9.fc20
2013-09-26 06:13:02
[SECURITY] Fedora 19 Update: glibc-2.17-13.fc19
2013-08-22 00:50:09
veracode
veracode
Stack-based Buffer Overflow
2019-05-02 04:44:45
Denial Of Service (DoS)
2019-01-15 09:00:29
Denial Of Service (DoS)
2019-01-15 08:52:21
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2015-03-08 00:00:00
debian
debian
[SECURITY] [DLA 165-1] eglibc security update
2015-03-06 15:39:53
[SECURITY] [DLA 350-1] eglibc security update
2015-11-26 17:49:39
osv
osv
eglibc - security update
2015-03-06 00:00:00
eglibc - security update
2015-11-26 00:00:00
slackware
slackware
[slackware-security] glibc
2014-10-24 05:36:04
ibm
ibm
Security Bulletin: Vulnerability in glibc affects Integrated Management Module 2 (IMM2) (CVE-2013-4332)
2019-01-31 01:55:01
Security Bulletin: Vulnerabilities in glibc affect the IBM Flex System Manager (FSM): (CVE-2013-4332, CVE-2014-0475, CVE-2014-5119)
2019-01-31 01:35:01
Security Bulletin: Apache Tomcat vulnerabilities on IBM System Storage Storwize V7000 Unified (CVE-2013-4286 CVE-2013-4332 CVE-2014-0075 CVE-2014-0099)
2018-06-18 00:08:33
prion
prion
Integer overflow
2013-10-09 22:55:00
Integer overflow
2013-10-09 22:55:00
Buffer overflow
2013-10-04 17:55:00
cve
cve
CVE-2012-4412
2013-10-09 22:55:00
CVE-2013-4332
2013-10-09 22:55:00
CVE-2013-4788
2013-10-04 17:55:00
ubuntucve
ubuntucve
CVE-2013-4332
2013-10-09 00:00:00
CVE-2012-4412
2013-10-09 00:00:00
CVE-2013-4788
2013-10-04 00:00:00
debiancve
debiancve
CVE-2012-4412
2013-10-09 22:55:00
CVE-2013-4332
2013-10-09 22:55:00
CVE-2013-4788
2013-10-04 17:55:00
zdt
zdt
glibc and eglibc 2.5, 2.7, 2.13 - Buffer Overflow Vulnerability
2013-10-01 00:00:00
Moxa Command Injection / Cross Site Scripting Vulnerabilities
2021-09-01 00:00:00
vmware
vmware
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
VMware vSphere updates to third party libraries
2014-03-11 00:00:00
f5
f5
SOL15640 - GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458
2014-10-02 00:00:00
K15640 : GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458
2014-10-02 00:00:00
packetstorm
packetstorm
Moxa Command Injection / Cross Site Scripting / Vulnerable Software
2021-09-01 00:00:00
WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
2019-06-13 00:00:00
JSON
Related for SUSE_11_GLIBC-130917.NASL
openvas53nessus55ubuntu1suse3oraclelinux4amazon1centos4redhat5mageia2altlinux3securityvulns4fedora7veracode3gentoo1debian2osv2slackware1ibm5prion7cve7ubuntucve7debiancve7zdt2vmware4f52packetstorm2