Lucene search
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.SUSE_11_GLIBC-150122.NASLHistoryJan 27, 2015 - 12:00 a.m.
SuSE 11 Security Update : glibc (SAT Patch Numbers 10202,10204,10206)
2015-01-2700:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
23
This update for glibc fixes the following security issue :
- A vulnerability was found and fixed in the GNU C Library, specifically in the function gethostbyname(), that can lead to a local or remote buffer overflow.
(bsc#913646). (CVE-2015-0235)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(81039);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2015-0235");
script_bugtraq_id(72325);
script_xref(name:"CERT", value:"967332");
script_name(english:"SuSE 11 Security Update : glibc (SAT Patch Numbers 10202,10204,10206)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SuSE 11 host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"This update for glibc fixes the following security issue :
- A vulnerability was found and fixed in the GNU C
Library, specifically in the function gethostbyname(),
that can lead to a local or remote buffer overflow.
(bsc#913646). (CVE-2015-0235)"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=913646"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2015-0235.html"
);
script_set_attribute(attribute:"solution", value:"
Apply the correct SAT patch number for your operating system :
SLES11 SP1: 10202
SLES11 SP2: 10204
SLED/SLES11 SP3: 10206");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-html");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-i18ndata");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-info");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-locale");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-profile");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:nscd");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"patch_publication_date", value:"2015/01/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/27");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
flag = 0;
# 11.1
if (rpm_check(release:"SLES11", sp:1, reference:"glibc-2.11.1-0.60.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"glibc-devel-2.11.1-0.60.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"glibc-html-2.11.1-0.60.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"glibc-i18ndata-2.11.1-0.60.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"glibc-info-2.11.1-0.60.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"glibc-locale-2.11.1-0.60.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"glibc-profile-2.11.1-0.60.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"nscd-2.11.1-0.60.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"glibc-32bit-2.11.1-0.60.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"glibc-devel-32bit-2.11.1-0.60.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"glibc-locale-32bit-2.11.1-0.60.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"glibc-profile-32bit-2.11.1-0.60.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"glibc-32bit-2.11.1-0.60.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"glibc-devel-32bit-2.11.1-0.60.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"glibc-locale-32bit-2.11.1-0.60.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"glibc-profile-32bit-2.11.1-0.60.1")) flag++;
# 11.2
if (rpm_check(release:"SLES11", sp:2, reference:"glibc-2.11.3-17.45.55.5")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"glibc-devel-2.11.3-17.45.55.5")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"glibc-html-2.11.3-17.45.55.5")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"glibc-i18ndata-2.11.3-17.45.55.5")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"glibc-info-2.11.3-17.45.55.5")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"glibc-locale-2.11.3-17.45.55.5")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"glibc-profile-2.11.3-17.45.55.5")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"nscd-2.11.3-17.45.55.5")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"glibc-32bit-2.11.3-17.45.55.5")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"glibc-devel-32bit-2.11.3-17.45.55.5")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"glibc-locale-32bit-2.11.3-17.45.55.5")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"glibc-profile-32bit-2.11.3-17.45.55.5")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"glibc-32bit-2.11.3-17.45.55.5")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"glibc-devel-32bit-2.11.3-17.45.55.5")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"glibc-locale-32bit-2.11.3-17.45.55.5")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"glibc-profile-32bit-2.11.3-17.45.55.5")) flag++;
# 11.3
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"glibc-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"glibc-devel-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"glibc-i18ndata-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"glibc-locale-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"nscd-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i686", reference:"glibc-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i686", reference:"glibc-devel-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-32bit-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-devel-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-devel-32bit-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-i18ndata-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-locale-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-locale-32bit-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"nscd-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"glibc-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"glibc-devel-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"glibc-html-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"glibc-i18ndata-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"glibc-info-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"glibc-locale-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"glibc-profile-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"nscd-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"glibc-32bit-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"glibc-devel-32bit-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"glibc-locale-32bit-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"glibc-profile-32bit-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"glibc-32bit-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"glibc-devel-32bit-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"glibc-locale-32bit-2.11.3-17.74.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"glibc-profile-32bit-2.11.3-17.74.13")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:glibc |
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:glibc-32bit |
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:glibc-devel |
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit |
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:glibc-html |
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:glibc-i18ndata |
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:glibc-info |
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:glibc-locale |
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit |
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:glibc-profile |
Related
threatpost
threatpost
Ghost glibc Vulnerability Patching and Exploits
2015-01-28 13:28:29
GHOST glibc Linux Remote Code Execution Vulnerability
2015-01-27 12:55:29
packetstorm
packetstorm
Exim ESMTP GHOST Denial Of Service
2015-01-29 00:00:00
Exim GHOST (glibc gethostbyname) Buffer Overflow
2015-03-24 00:00:00
Qualys Security Advisory - glibc gethostbyname Buffer Overflow
2015-01-27 00:00:00
ibm
ibm
redhat
redhat
(RHSA-2015:0092) Critical: glibc security update
2015-01-27 00:00:00
(RHSA-2015:0090) Critical: glibc security update
2015-01-27 00:00:00
(RHSA-2015:0099) Critical: glibc security update
2015-01-28 00:00:00
nessus
nessus
FreeBSD : glibc -- gethostbyname buffer overflow (0765de84-a6c1-11e4-a0c1-c485083ca99c) (GHOST)
2015-01-29 00:00:00
CentOS 5 : glibc (CESA-2015:0090) (GHOST)
2015-01-28 00:00:00
openSUSE Security Update : glibc (openSUSE-SU-2015:0184-1) (GHOST)
2015-02-03 00:00:00
metasploit
metasploit
Exim GHOST (glibc gethostbyname) Buffer Overflow
2015-03-18 23:51:16
WordPress XMLRPC GHOST Vulnerability Scanner
2015-01-30 14:29:51
checkpoint_advisories
checkpoint_advisories
GNU C Library gethostbyname Buffer Overflow (CVE-2015-0235)
2015-01-28 00:00:00
ics
ics
openvas
openvas
Debian: Security Advisory (DLA-139-1)
2023-03-08 00:00:00
Palo Alto PAN-OS PAN-SA-2015-0002
2015-04-23 00:00:00
Ubuntu: Security Advisory (USN-2485-1)
2015-01-28 00:00:00
thn
thn
GHOST glibc Vulnerability Affects WordPress and PHP applications
2015-01-29 23:53:00
Critical GHOST vulnerability affects most Linux Systems
2015-01-27 21:17:00
Critical glibc Flaw Puts Linux Machines and Apps at Risk (Patch Immediately)
2016-02-16 21:27:00
lenovo
lenovo
slackware
slackware
[slackware-security] glibc
2015-01-28 20:35:21
centos
centos
glibc, nscd security update
2015-01-27 23:31:01
glibc, nscd security update
2015-01-27 22:59:55
attackerkb
attackerkb
Heap overflow in glibc 2.2 name resolution (CVE-2015-0235)
2015-01-28 00:00:00
f5
f5
altlinux
altlinux
Security fix for the ALT Linux 6 package glibc version 6:2.11.3-alt8.M60P.2
2015-01-28 00:00:00
Security fix for the ALT Linux 5 package glibc version 6:2.11.2-alt1.M51.2
2015-01-28 00:00:00
cert
cert
debian
debian
[SECURITY] [DLA 139-1] eglibc security update
2015-01-28 10:25:42
[SECURITY] [DSA 3142-1] eglibc security update
2015-01-27 15:39:01
exploitpack
exploitpack
Exim ESMTP 4.80 - glibc gethostbyname Denial of Service
2015-01-29 00:00:00
Exim - GHOST glibc gethostbyname Buffer Overflow (Metasploit)
2015-03-18 00:00:00
checkpoint_security
checkpoint_security
Check Point Response to CVE-2015-0235 (glibc - GHOST)
2015-01-26 22:00:00
zdt
zdt
Exim GHOST (glibc gethostbyname) Buffer Overflow Exploit
2015-03-19 00:00:00
Exim ESMTP GHOST Denial Of Service Exploit
2015-01-29 00:00:00
securityvulns
securityvulns
osv
osv
eglibc - security update
2015-01-28 00:00:00
eglibc - security update
2015-01-27 00:00:00
debiancve
debiancve
CVE-2015-0235
2015-01-28 19:59:00
ubuntucve
ubuntucve
CVE-2015-0235
2015-01-27 00:00:00
amazon
amazon
Critical: glibc
2015-01-27 11:41:00
Critical: php55
2015-03-23 08:29:00
Critical: php54
2015-03-13 10:00:00
prion
prion
Heap overflow
2015-01-28 19:59:00
freebsd
freebsd
glibc -- gethostbyname buffer overflow
2015-01-27 00:00:00
php5 -- multiple vulnerabilities
2015-02-18 00:00:00
suse
suse
glibc (critical)
2015-01-28 19:04:53
Security update for glibc (critical)
2015-02-02 09:04:48
Security update for glibc (critical)
2015-01-28 03:04:56
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:04:16
fortinet
fortinet
CVE-2015-0235 "GHOST" vulnerability
2015-01-28 00:00:00
arista
arista
Security Advisory 0009
2015-01-28 00:00:00
huawei
huawei
Security Advisory - Glibc Buffer Overflow Vulnerability
2015-02-26 00:00:00
cisco
cisco
GNU glibc gethostbyname Function Buffer Overflow Vulnerability
2015-01-28 22:30:00
oraclelinux
oraclelinux
glibc security update
2015-01-27 00:00:00
glibc security update
2015-01-29 00:00:00
glibc security update
2015-08-17 00:00:00
vulnerlab
vulnerlab
Glibc Ghost Vulnerability (CVE-2015-0235) - How to Secure
2015-01-30 00:00:00
Glibc Ghost Vulnerability (CVE-2015-0235) - How to Secure
2015-01-30 00:00:00
cisa
cisa
Linux "Ghost" Remote Code Execution Vulnerability
2015-01-27 00:00:00
seebug
seebug
Linux glibc 缓冲区溢出
(幽灵(Ghost))
2015-07-02 00:00:00
citrix
citrix
CVE-2015-0235 - Citrix Security Advisory for glibc GHOST Vulnerability
2015-01-28 04:00:00
paloalto
paloalto
GHOST: glibc vulnerability
2015-02-02 08:00:00
ubuntu
ubuntu
GNU C Library vulnerability
2015-01-27 00:00:00
cve
cve
CVE-2015-0235
2015-01-28 19:59:00
cloudfoundry
cloudfoundry
CVE-2015-0235 - GHOST | Cloud Foundry
2015-01-28 00:00:00
exploitdb
exploitdb
Exim - 'GHOST' glibc gethostbyname Buffer Overflow (Metasploit)
2015-03-18 00:00:00
Exim ESMTP 4.80 - glibc gethostbyname Denial of Service
2015-01-29 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: php-5.6.6-1.fc21
2015-02-23 23:28:40
[SECURITY] Fedora 20 Update: php-5.5.22-1.fc20
2015-03-04 10:24:35
archlinux
archlinux
jasper: arbitrary code execution
2015-01-27 00:00:00
flashplugin: multiple issues
2015-01-23 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2015-03-08 00:00:00
Related for SUSE_11_GLIBC-150122.NASL