{"id": "SUSE_SU-2015-0526-1.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2015:0526-1)", "description": "glibc has been updated to fix four security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-7817: The wordexp function in GNU C Library (aka glibc) 2.21 did not enforce the WRDE_NOCMD flag, which allowed context-dependent attackers to execute arbitrary commands, as demonstrated by input containing '$((`...`))' (bnc#906371).\n\n - CVE-2015-1472: Heap buffer overflow in glibc swscanf (bnc#916222).\n\n - CVE-2014-9402: Denial of service in getnetbyname function (bnc#910599).\n\n - CVE-2013-7423: Getaddrinfo() writes DNS queries to random file descriptors under high load (bnc#915526).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-05-20T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/83701", "reporter": "This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=915985", "https://bugzilla.suse.com/show_bug.cgi?id=916222", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472", "https://www.suse.com/security/cve/CVE-2013-7423/", "http://www.nessus.org/u?fc89dc81", "https://bugzilla.suse.com/show_bug.cgi?id=910599", "https://bugzilla.suse.com/show_bug.cgi?id=906371", "https://www.suse.com/security/cve/CVE-2014-9402/", "https://www.suse.com/security/cve/CVE-2014-7817/", "https://www.suse.com/security/cve/CVE-2015-1472/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9402", "https://bugzilla.suse.com/show_bug.cgi?id=864081", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7423", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7817", "https://bugzilla.suse.com/show_bug.cgi?id=915526", "https://bugzilla.suse.com/show_bug.cgi?id=905313", "https://bugzilla.suse.com/show_bug.cgi?id=909053"], "cvelist": ["CVE-2013-7423", "CVE-2014-7817", "CVE-2014-9402", "CVE-2015-1472"], "immutableFields": [], "lastseen": "2021-08-19T12:45:46", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2015-468", "ALAS-2015-513", "ALAS-2015-617", "ALAS-2018-1017"]}, {"type": "archlinux", "idList": ["ASA-201411-27", "ASA-201412-21", "ASA-201502-8"]}, {"type": "centos", "idList": ["CESA-2014:2023", "CESA-2015:0016", "CESA-2015:0863", "CESA-2015:2199", "CESA-2018:0805"]}, {"type": "cve", "idList": ["CVE-2013-7423", "CVE-2014-7817", "CVE-2014-9402", "CVE-2015-1472"]}, {"type": "debian", "idList": ["DEBIAN:DLA-122-1:BDEC8", "DEBIAN:DLA-165-1:23BFE", "DEBIAN:DLA-97-1:B684D", "DEBIAN:DSA-3142-1:A3964", "DEBIAN:DSA-3169-1:C9823"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-7423", "DEBIANCVE:CVE-2014-7817", "DEBIANCVE:CVE-2014-9402", "DEBIANCVE:CVE-2015-1472"]}, {"type": "f5", "idList": ["F5:K16010", "F5:K16365", "F5:K16841", "SOL16010", "SOL16365", "SOL16366", "SOL16841"]}, {"type": "fedora", "idList": ["FEDORA:B3F8860918D2", "FEDORA:D6230604AFE5"]}, {"type": "gentoo", "idList": ["GLSA-201602-02"]}, {"type": "ibm", "idList": ["0394AE8846493A479931BE19E38194F4270977F6FA36B6193A75C2ACA0EAD8B8", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "37A8EA79DB0196D216B0D013B92E7DAD84ADF24BB48ABABFFEE092ACB6E91917", "3D3EE58E80C8983DECD0C51663BD74CB8497D9389FE462B6FD769F37D1357F58", "40757940D0054030B6297C248ABB540ADB302DD9F89B94DDB202585009632F53", "4B7EBAB09AB01A6A2993819DB2589A79B0751770B2E5A63287320AA02BEF3420", "AE21B16579A39A7500DE184D914C70B4ACB78A6622A77B295BE56BEEC705B523", "C07B22EADF090CC9AAC7EB1364B467F03118CFA06DA1B103743ADFC12C0BE972", "D2DEA5F45A3AB17EC5600C76D66BFE53D1F0214B38862EDBEA32FD76E6762B3A", "DEEEA56C6A53F19158B2B44D715A3E7F89C37B96E56FA2E28F6BF2F9BD859638"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2015-1472/"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-468.NASL", "ALA_ALAS-2015-513.NASL", "ALA_ALAS-2015-617.NASL", "ALA_ALAS-2018-1017.NASL", "CENTOS_RHSA-2014-2023.NASL", "CENTOS_RHSA-2015-0016.NASL", "CENTOS_RHSA-2015-0863.NASL", "CENTOS_RHSA-2015-2199.NASL", "CENTOS_RHSA-2018-0805.NASL", "DEBIAN_DLA-122.NASL", "DEBIAN_DLA-165.NASL", "DEBIAN_DLA-97.NASL", "DEBIAN_DSA-3142.NASL", "DEBIAN_DSA-3169.NASL", "EULEROS_SA-2017-1146.NASL", "EULEROS_SA-2017-1147.NASL", "EULEROS_SA-2018-1272.NASL", "EULEROS_SA-2018-1344.NASL", "EULEROS_SA-2019-1552.NASL", "F5_BIGIP_SOL16010.NASL", "F5_BIGIP_SOL16365.NASL", "FEDORA_2015-2837.NASL", "FEDORA_2015-2845.NASL", "GENTOO_GLSA-201602-02.NASL", "MANDRIVA_MDVSA-2014-232.NASL", "MANDRIVA_MDVSA-2015-168.NASL", "MANDRIVA_MDVSA-2015-218.NASL", "NEWSTART_CGSL_NS-SA-2019-0024_GLIBC.NASL", "OPENSUSE-2015-173.NASL", "ORACLELINUX_ELSA-2014-2023.NASL", "ORACLELINUX_ELSA-2015-0016.NASL", "ORACLELINUX_ELSA-2015-0863.NASL", "ORACLELINUX_ELSA-2015-2199.NASL", "ORACLELINUX_ELSA-2018-0805.NASL", "ORACLEVM_OVMSA-2015-0003.NASL", "ORACLEVM_OVMSA-2015-0055.NASL", "ORACLEVM_OVMSA-2016-0013.NASL", "REDHAT-CVE-2014-9402.NASL", "REDHAT-RHSA-2014-2023.NASL", "REDHAT-RHSA-2015-0016.NASL", "REDHAT-RHSA-2015-0863.NASL", "REDHAT-RHSA-2015-2199.NASL", "REDHAT-RHSA-2015-2589.NASL", "REDHAT-RHSA-2016-1207.NASL", "REDHAT-RHSA-2018-0805.NASL", "SL_20141218_GLIBC_ON_SL7_X.NASL", "SL_20150107_GLIBC_ON_SL6_X.NASL", "SL_20150421_GLIBC_ON_SL6_X.NASL", "SL_20151119_GLIBC_ON_SL7_X.NASL", "SL_20180410_GLIBC_ON_SL7_X.NASL", "SUSE_11_GLIBC-150129.NASL", "SUSE_11_GLIBC-150226.NASL", "SUSE_SU-2015-0550-1.NASL", "SUSE_SU-2015-0551-1.NASL", "UBUNTU_USN-2432-1.NASL", "UBUNTU_USN-2519-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105372", "OPENVAS:1361412562310120455", "OPENVAS:1361412562310120538", "OPENVAS:1361412562310120607", "OPENVAS:1361412562310121441", "OPENVAS:1361412562310122787", "OPENVAS:1361412562310123128", "OPENVAS:1361412562310123206", "OPENVAS:1361412562310123217", "OPENVAS:1361412562310703142", "OPENVAS:1361412562310703169", "OPENVAS:1361412562310842104", "OPENVAS:1361412562310869058", "OPENVAS:1361412562310869060", "OPENVAS:1361412562310871301", "OPENVAS:1361412562310871360", "OPENVAS:1361412562310871503", "OPENVAS:1361412562310882090", "OPENVAS:1361412562310882172", "OPENVAS:1361412562311220171146", "OPENVAS:1361412562311220171147", "OPENVAS:1361412562311220181272", "OPENVAS:1361412562311220181344", "OPENVAS:1361412562311220191552", "OPENVAS:703142", "OPENVAS:703169"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2018", "ORACLE:CPUJAN2018-3236628", "ORACLE:CPUOCT2018", "ORACLE:CPUOCT2018-4428296"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-2023", "ELSA-2015-0016", "ELSA-2015-0092", "ELSA-2015-0327", "ELSA-2015-0863", "ELSA-2015-2199", "ELSA-2018-0805", "ELSA-2018-4078"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:153278", "PACKETSTORM:154361", "PACKETSTORM:164014"]}, {"type": "redhat", "idList": ["RHSA-2014:2023", "RHSA-2015:0016", "RHSA-2015:0863", "RHSA-2015:2199", "RHSA-2015:2589", "RHSA-2016:1207", "RHSA-2018:0805"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31404", "SECURITYVULNS:DOC:31769", "SECURITYVULNS:DOC:31977", "SECURITYVULNS:VULN:14108", "SECURITYVULNS:VULN:14294", "SECURITYVULNS:VULN:14431"]}, {"type": "ubuntu", "idList": ["USN-2432-1", "USN-2519-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-7423", "UB:CVE-2014-7817", "UB:CVE-2014-9402", "UB:CVE-2015-1472"]}, {"type": "zdt", "idList": ["1337DAY-ID-36699"]}], "rev": 4}, "score": {"value": 7.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2015-513"]}, {"type": "archlinux", "idList": ["ASA-201412-21"]}, {"type": "centos", "idList": ["CESA-2014:2023", "CESA-2015:0016", "CESA-2015:0863"]}, {"type": "cve", "idList": ["CVE-2013-7423"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-7423", "DEBIANCVE:CVE-2014-7817", "DEBIANCVE:CVE-2014-9402", "DEBIANCVE:CVE-2015-1472"]}, {"type": "f5", "idList": ["SOL16841"]}, {"type": "fedora", "idList": ["FEDORA:B3F8860918D2"]}, {"type": "ibm", "idList": ["37A8EA79DB0196D216B0D013B92E7DAD84ADF24BB48ABABFFEE092ACB6E91917", "3D3EE58E80C8983DECD0C51663BD74CB8497D9389FE462B6FD769F37D1357F58", "40757940D0054030B6297C248ABB540ADB302DD9F89B94DDB202585009632F53"]}, {"type": "nessus", "idList": ["EULEROS_SA-2017-1146.NASL", "MANDRIVA_MDVSA-2014-232.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123206", "OPENVAS:1361412562310869060"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-2199", "ELSA-2018-4078"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:153278"]}, {"type": "redhat", "idList": ["RHSA-2014:2023", "RHSA-2018:0805"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31404"]}, {"type": "ubuntu", "idList": ["USN-2432-1", "USN-2519-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-1472"]}, {"type": "zdt", "idList": ["1337DAY-ID-36699"]}]}, "exploitation": null, "vulnersScore": 7.5}, "pluginID": "83701", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0526-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83701);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2014-7817\", \"CVE-2014-9402\", \"CVE-2015-1472\");\n script_bugtraq_id(71216, 71670, 72428, 72498, 72844);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2015:0526-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"glibc has been updated to fix four security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-7817: The wordexp function in GNU C Library\n (aka glibc) 2.21 did not enforce the WRDE_NOCMD flag,\n which allowed context-dependent attackers to execute\n arbitrary commands, as demonstrated by input containing\n '$((`...`))' (bnc#906371).\n\n - CVE-2015-1472: Heap buffer overflow in glibc swscanf\n (bnc#916222).\n\n - CVE-2014-9402: Denial of service in getnetbyname\n function (bnc#910599).\n\n - CVE-2013-7423: Getaddrinfo() writes DNS queries to\n random file descriptors under high load (bnc#915526).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=864081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=906371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=910599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=916222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-7423/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-7817/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9402/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1472/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150526-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc89dc81\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-129=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-129=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-129=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-debuginfo-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-debugsource-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-devel-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-devel-debuginfo-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-locale-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-locale-debuginfo-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-profile-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nscd-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nscd-debuginfo-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-32bit-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-debuginfo-32bit-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-devel-32bit-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-devel-debuginfo-32bit-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-locale-32bit-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-locale-debuginfo-32bit-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-profile-32bit-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-32bit-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-debuginfo-32bit-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-debugsource-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-devel-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-devel-debuginfo-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-devel-debuginfo-32bit-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-locale-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-locale-debuginfo-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-locale-debuginfo-32bit-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"nscd-2.19-20.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"nscd-debuginfo-2.19-20.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:glibc", "p-cpe:/a:novell:suse_linux:glibc-debuginfo", "p-cpe:/a:novell:suse_linux:glibc-debugsource", "p-cpe:/a:novell:suse_linux:glibc-devel", "p-cpe:/a:novell:suse_linux:glibc-devel-debuginfo", "p-cpe:/a:novell:suse_linux:glibc-locale", "p-cpe:/a:novell:suse_linux:glibc-locale-debuginfo", "p-cpe:/a:novell:suse_linux:glibc-profile", "p-cpe:/a:novell:suse_linux:nscd", "p-cpe:/a:novell:suse_linux:nscd-debuginfo", "cpe:/o:novell:suse_linux:12"], "solution": "To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-129=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-129=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-129=1\n\nTo bring your system up-to-date, use 'zypper patch'.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2015-03-06T00:00:00", "vulnerabilityPublicationDate": "2014-11-24T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}

{"nessus": [{"lastseen": "2021-08-19T12:46:57", "description": "Glibc was updated to fix several security issues.\n\n - Avoid infinite loop in nss_dns getnetbyname (CVE-2014-9402, bsc#910599, BZ #17630)\n\n - wordexp fails to honour WRDE_NOCMD (CVE-2014-7817, bsc#906371, BZ #17625)\n\n - Fix invalid file descriptor reuse while sending DNS query (CVE-2013-7423, bsc#915526, BZ #15946)\n\n - Fix buffer overflow in wscanf (CVE-2015-1472, bsc#916222, BZ #16618)", "cvss3": {"score": null, "vector": null}, "published": "2015-02-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : glibc (openSUSE-2015-173)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2014-7817", "CVE-2014-9402", "CVE-2015-1472"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:glibc", "p-cpe:/a:novell:opensuse:glibc-32bit", "p-cpe:/a:novell:opensuse:glibc-debuginfo", "p-cpe:/a:novell:opensuse:glibc-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-debugsource", "p-cpe:/a:novell:opensuse:glibc-devel", "p-cpe:/a:novell:opensuse:glibc-devel-32bit", "p-cpe:/a:novell:opensuse:glibc-devel-debuginfo", "p-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-devel-static", "p-cpe:/a:novell:opensuse:glibc-devel-static-32bit", "p-cpe:/a:novell:opensuse:glibc-extra", "p-cpe:/a:novell:opensuse:glibc-extra-debuginfo", "p-cpe:/a:novell:opensuse:glibc-html", "p-cpe:/a:novell:opensuse:glibc-i18ndata", "p-cpe:/a:novell:opensuse:glibc-info", "p-cpe:/a:novell:opensuse:glibc-locale", "p-cpe:/a:novell:opensuse:glibc-locale-32bit", "p-cpe:/a:novell:opensuse:glibc-locale-debuginfo", "p-cpe:/a:novell:opensuse:glibc-locale-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-obsolete", "p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo", "p-cpe:/a:novell:opensuse:glibc-profile", "p-cpe:/a:novell:opensuse:glibc-profile-32bit", "p-cpe:/a:novell:opensuse:glibc-utils", "p-cpe:/a:novell:opensuse:glibc-utils-32bit", "p-cpe:/a:novell:opensuse:glibc-utils-debuginfo", "p-cpe:/a:novell:opensuse:glibc-utils-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-utils-debugsource", "p-cpe:/a:novell:opensuse:nscd", "p-cpe:/a:novell:opensuse:nscd-debuginfo", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-173.NASL", "href": "https://www.tenable.com/plugins/nessus/81560", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-173.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81560);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2014-7817\", \"CVE-2014-9402\", \"CVE-2015-1472\");\n\n script_name(english:\"openSUSE Security Update : glibc (openSUSE-2015-173)\");\n script_summary(english:\"Check for the openSUSE-2015-173 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Glibc was updated to fix several security issues.\n\n - Avoid infinite loop in nss_dns getnetbyname\n (CVE-2014-9402, bsc#910599, BZ #17630)\n\n - wordexp fails to honour WRDE_NOCMD (CVE-2014-7817,\n bsc#906371, BZ #17625)\n\n - Fix invalid file descriptor reuse while sending DNS\n query (CVE-2013-7423, bsc#915526, BZ #15946)\n\n - Fix buffer overflow in wscanf (CVE-2015-1472,\n bsc#916222, BZ #16618)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=910599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=915526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916222\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-debuginfo-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-debugsource-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-devel-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-devel-debuginfo-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-devel-static-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-extra-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-extra-debuginfo-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-html-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-i18ndata-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-info-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-locale-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-locale-debuginfo-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-obsolete-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-obsolete-debuginfo-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-profile-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-utils-2.18-4.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-utils-debuginfo-2.18-4.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-utils-debugsource-2.18-4.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"nscd-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"nscd-debuginfo-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-32bit-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-debuginfo-32bit-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-devel-debuginfo-32bit-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-devel-static-32bit-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-locale-debuginfo-32bit-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.18-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-utils-32bit-2.18-4.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-utils-debuginfo-32bit-2.18-4.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-debuginfo-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-debugsource-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-devel-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-devel-debuginfo-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-devel-static-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-extra-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-extra-debuginfo-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-html-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-i18ndata-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-info-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-locale-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-locale-debuginfo-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-obsolete-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-obsolete-debuginfo-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-profile-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-utils-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-utils-debuginfo-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-utils-debugsource-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"nscd-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"nscd-debuginfo-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-32bit-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-debuginfo-32bit-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-devel-debuginfo-32bit-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-devel-static-32bit-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-locale-debuginfo-32bit-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-utils-32bit-2.19-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-utils-debuginfo-32bit-2.19-16.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc-utils / glibc-utils-32bit / glibc-utils-debuginfo / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:46:55", "description": "glibc has ben updated to fix three security issues :\n\n - wordexp failed to honour WRDE_NOCMD (bsc#906371).\n (CVE-2014-7817)\n\n - Fixed invalid file descriptor reuse while sending DNS query (bsc#915526). (CVE-2013-7423)\n\n - Fixed buffer overflow in wscanf (bsc#916222) These non-security issues have been fixed:. (CVE-2015-1472)\n\n - Remove inaccurate assembler implementations of ceill, floorl, nearbyintl, roundl, truncl for PowerPC64 (bsc#917072)\n\n - Don't return IPv4 addresses when looking for IPv6 addresses only (bsc#904461)", "cvss3": {"score": null, "vector": null}, "published": "2015-03-06T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : glibc (SAT Patch Number 10357)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2014-7817", "CVE-2014-9402", "CVE-2015-1472"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:glibc", "p-cpe:/a:novell:suse_linux:11:glibc-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-devel", "p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-html", "p-cpe:/a:novell:suse_linux:11:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:11:glibc-info", "p-cpe:/a:novell:suse_linux:11:glibc-locale", "p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-profile", "p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit", "p-cpe:/a:novell:suse_linux:11:nscd", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_GLIBC-150226.NASL", "href": "https://www.tenable.com/plugins/nessus/81667", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81667);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2014-7817\", \"CVE-2014-9402\", \"CVE-2015-1472\");\n\n script_name(english:\"SuSE 11.3 Security Update : glibc (SAT Patch Number 10357)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"glibc has ben updated to fix three security issues :\n\n - wordexp failed to honour WRDE_NOCMD (bsc#906371).\n (CVE-2014-7817)\n\n - Fixed invalid file descriptor reuse while sending DNS\n query (bsc#915526). (CVE-2013-7423)\n\n - Fixed buffer overflow in wscanf (bsc#916222) These\n non-security issues have been fixed:. (CVE-2015-1472)\n\n - Remove inaccurate assembler implementations of ceill,\n floorl, nearbyintl, roundl, truncl for PowerPC64\n (bsc#917072)\n\n - Don't return IPv4 addresses when looking for IPv6\n addresses only (bsc#904461)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=904461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=906371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=915526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=917072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-7423.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-7817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9402.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-1472.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10357.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-devel-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-i18ndata-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-locale-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"nscd-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i686\", reference:\"glibc-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i686\", reference:\"glibc-devel-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-i18ndata-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"nscd-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-devel-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-html-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-i18ndata-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-info-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-locale-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-profile-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"nscd-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-32bit-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.3-17.82.11\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.3-17.82.11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:45:54", "description": "glibc has been updated to fix four security issues :\n\n - CVE-2014-0475: Directory traversal in locale environment handling (bnc#887022)\n\n - CVE-2014-7817: wordexp failed to honour WRDE_NOCMD (bsc#906371)\n\n - CVE-2014-9402: Avoid infinite loop in nss_dns getnetbyname (bsc#910599)\n\n - CVE-2015-1472: Fixed buffer overflow in wscanf (bsc#916222)\n\nThis non-security issue has been fixed :\n\n - Fix missing zero termination (bnc#918233)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLES10 Security Update : glibc (SUSE-SU-2015:0550-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2014-0475", "CVE-2014-7817", "CVE-2014-9402", "CVE-2015-1472"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glibc", "p-cpe:/a:novell:suse_linux:glibc-devel", "p-cpe:/a:novell:suse_linux:glibc-html", "p-cpe:/a:novell:suse_linux:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:glibc-info", "p-cpe:/a:novell:suse_linux:glibc-locale", "p-cpe:/a:novell:suse_linux:glibc-profile", "p-cpe:/a:novell:suse_linux:nscd", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2015-0550-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83704", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0550-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83704);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2014-0475\", \"CVE-2014-7817\", \"CVE-2014-9402\", \"CVE-2015-1472\");\n script_bugtraq_id(68505, 71216, 71670, 72428, 72498, 72844);\n\n script_name(english:\"SUSE SLES10 Security Update : glibc (SUSE-SU-2015:0550-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"glibc has been updated to fix four security issues :\n\n - CVE-2014-0475: Directory traversal in locale environment\n handling (bnc#887022)\n\n - CVE-2014-7817: wordexp failed to honour WRDE_NOCMD\n (bsc#906371)\n\n - CVE-2014-9402: Avoid infinite loop in nss_dns\n getnetbyname (bsc#910599)\n\n - CVE-2015-1472: Fixed buffer overflow in wscanf\n (bsc#916222)\n\nThis non-security issue has been fixed :\n\n - Fix missing zero termination (bnc#918233)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=887022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=906371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=910599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=916222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=918233\"\n );\n # https://download.suse.com/patch/finder/?keywords=ddad3e23b15c5919bf5e29a0fcedc637\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?31052ace\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-7423/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-7817/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9402/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1472/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150550-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90bd2014\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc packages\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.117.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.117.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.117.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.4-31.117.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-32bit-2.4-31.117.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-devel-32bit-2.4-31.117.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-locale-32bit-2.4-31.117.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-profile-32bit-2.4-31.117.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-2.4-31.117.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-devel-2.4-31.117.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-html-2.4-31.117.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-i18ndata-2.4-31.117.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-info-2.4-31.117.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-locale-2.4-31.117.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-profile-2.4-31.117.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"nscd-2.4-31.117.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:45:47", "description": "glibc has been updated to fix four security issues :\n\n - CVE-2014-0475: Directory traversal in locale environment handling (bnc#887022)\n\n - CVE-2014-7817: wordexp failed to honour WRDE_NOCMD (bsc#906371)\n\n - CVE-2014-9402: Avoid infinite loop in nss_dns getnetbyname (bsc#910599)\n\n - CVE-2015-1472: Fixed buffer overflow in wscanf (bsc#916222)\n\n - CVE-2013-7423: getaddrinfo() wrote DNS queries to random file descriptors under high load. (bnc#915526)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0551-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2014-0475", "CVE-2014-7817", "CVE-2014-9402", "CVE-2015-1472"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glibc", "p-cpe:/a:novell:suse_linux:glibc-devel", "p-cpe:/a:novell:suse_linux:glibc-html", "p-cpe:/a:novell:suse_linux:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:glibc-info", "p-cpe:/a:novell:suse_linux:glibc-locale", "p-cpe:/a:novell:suse_linux:glibc-profile", "p-cpe:/a:novell:suse_linux:nscd", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-0551-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83705", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0551-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83705);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2014-0475\", \"CVE-2014-7817\", \"CVE-2014-9402\", \"CVE-2015-1472\");\n script_bugtraq_id(68505, 71216, 71670, 72428, 72498, 72844);\n\n script_name(english:\"SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0551-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"glibc has been updated to fix four security issues :\n\n - CVE-2014-0475: Directory traversal in locale environment\n handling (bnc#887022)\n\n - CVE-2014-7817: wordexp failed to honour WRDE_NOCMD\n (bsc#906371)\n\n - CVE-2014-9402: Avoid infinite loop in nss_dns\n getnetbyname (bsc#910599)\n\n - CVE-2015-1472: Fixed buffer overflow in wscanf\n (bsc#916222)\n\n - CVE-2013-7423: getaddrinfo() wrote DNS queries to random\n file descriptors under high load. (bnc#915526)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=887022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=906371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=910599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=916222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=918233\"\n );\n # https://download.suse.com/patch/finder/?keywords=59aada66a6181e4fc79f7233887b7f74\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d2c4fcb\"\n );\n # https://download.suse.com/patch/finder/?keywords=68a9641d4061f4e1326d0bdc84774515\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?801919d5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-7423/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-7817/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9402/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1472/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150551-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e926dbb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP2 LTSS :\n\nzypper in -t patch slessp2-glibc=10401\n\nSUSE Linux Enterprise Server 11 SP1 LTSS :\n\nzypper in -t patch slessp1-glibc=10382\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-32bit-2.11.1-0.64.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.1-0.64.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.1-0.64.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.1-0.64.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-32bit-2.11.1-0.64.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.1-0.64.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.1-0.64.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.1-0.64.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-2.11.1-0.64.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-devel-2.11.1-0.64.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-html-2.11.1-0.64.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-i18ndata-2.11.1-0.64.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-info-2.11.1-0.64.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-locale-2.11.1-0.64.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-profile-2.11.1-0.64.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"nscd-2.11.1-0.64.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-32bit-2.11.3-17.45.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.3-17.45.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.3-17.45.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.3-17.45.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"glibc-32bit-2.11.3-17.45.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.3-17.45.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.3-17.45.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.3-17.45.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-2.11.3-17.45.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-devel-2.11.3-17.45.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-html-2.11.3-17.45.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-i18ndata-2.11.3-17.45.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-info-2.11.3-17.45.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-locale-2.11.3-17.45.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-profile-2.11.3-17.45.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"nscd-2.11.3-17.45.59.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:46:52", "description": "- Fix CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified\n\n - Fix CVE-2014-9402 glibc: denial of service in getnetbyname function\n\n - CVE-2015-1472 glibc: heap buffer overflow in glibc swscanf\n\n - Fix segfault when LD_LIBRARY_PATH is set to non-existent directory.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-03-05T00:00:00", "type": "nessus", "title": "Fedora 21 : glibc-2.20-8.fc21 (2015-2837)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7817", "CVE-2014-9402", "CVE-2015-1472"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:glibc", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-2837.NASL", "href": "https://www.tenable.com/plugins/nessus/81615", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-2837.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81615);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-7817\", \"CVE-2014-9402\", \"CVE-2015-1472\");\n script_xref(name:\"FEDORA\", value:\"2015-2837\");\n\n script_name(english:\"Fedora 21 : glibc-2.20-8.fc21 (2015-2837)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix CVE-2014-7817 glibc: command execution in wordexp()\n with WRDE_NOCMD specified\n\n - Fix CVE-2014-9402 glibc: denial of service in\n getnetbyname function\n\n - CVE-2015-1472 glibc: heap buffer overflow in glibc\n swscanf\n\n - Fix segfault when LD_LIBRARY_PATH is set to\n non-existent directory.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1157689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1175369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1188235\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/150644.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?690fb7f0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"glibc-2.20-8.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:46:53", "description": "Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file descriptors when resolving DNS queries under high load. This may cause a denial of service in other applications, or an information leak. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2013-7423)\n\nIt was discovered that the GNU C Library incorrectly handled receiving a positive answer while processing the network name when performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to hang, resulting in a denial of service.\n(CVE-2014-9402)\n\nJoseph Myers discovered that the GNU C Library wscanf function incorrectly handled memory. A remote attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1472, CVE-2015-1473).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-02-27T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : eglibc, glibc vulnerabilities (USN-2519-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2014-9402", "CVE-2015-1472", "CVE-2015-1473"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libc6", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:14.10"], "id": "UBUNTU_USN-2519-1.NASL", "href": "https://www.tenable.com/plugins/nessus/81572", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2519-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81572);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2014-9402\", \"CVE-2015-1472\", \"CVE-2015-1473\");\n script_bugtraq_id(71670, 72428, 72499);\n script_xref(name:\"USN\", value:\"2519-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : eglibc, glibc vulnerabilities (USN-2519-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Arnaud Le Blanc discovered that the GNU C Library incorrectly handled\nfile descriptors when resolving DNS queries under high load. This may\ncause a denial of service in other applications, or an information\nleak. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2013-7423)\n\nIt was discovered that the GNU C Library incorrectly handled receiving\na positive answer while processing the network name when performing\nDNS resolution. A remote attacker could use this issue to cause the\nGNU C Library to hang, resulting in a denial of service.\n(CVE-2014-9402)\n\nJoseph Myers discovered that the GNU C Library wscanf function\nincorrectly handled memory. A remote attacker could possibly use this\nissue to cause the GNU C Library to crash, resulting in a denial of\nservice, or possibly execute arbitrary code. This issue only affected\nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1472,\nCVE-2015-1473).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2519-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected libc6 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6\", pkgver:\"2.11.1-0ubuntu7.21\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libc6\", pkgver:\"2.15-0ubuntu10.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libc6\", pkgver:\"2.19-0ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libc6\", pkgver:\"2.19-10ubuntu2.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libc6\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:44:04", "description": "Updated glibc packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.\n(CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use these flaws to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1472, CVE-2015-1473)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in glibc's _IO_wstr_overflow() function. An attacker able to make an application call this function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. (BZ#1195762)\n\nA flaw was found in the way glibc's fnmatch() function processed certain malformed patterns. An attacker able to make an application call this function could use this flaw to crash that application.\n(BZ#1197730)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThese updated glibc packages also include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal :\n\nhttps://access.redhat.com/articles/2050743\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "cvss3": {"score": null, "vector": null}, "published": "2015-11-19T00:00:00", "type": "nessus", "title": "RHEL 7 : glibc (RHSA-2015:2199)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2015-1472", "CVE-2015-1473", "CVE-2015-1781"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2015-2199.NASL", "href": "https://www.tenable.com/plugins/nessus/86937", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2199. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86937);\n script_version(\"2.15\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2015-1472\", \"CVE-2015-1473\", \"CVE-2015-1781\");\n script_xref(name:\"RHSA\", value:\"2015:2199\");\n\n script_name(english:\"RHEL 7 : glibc (RHSA-2015:2199)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues, several\nbugs, and add one enhancement are now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nIt was discovered that, under certain circumstances, glibc's\ngetaddrinfo() function would send DNS queries to random file\ndescriptors. An attacker could potentially use this flaw to send DNS\nqueries to unintended recipients, resulting in information disclosure\nor data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r()\nand other related functions computed the size of a buffer when passed\na misaligned buffer as input. An attacker able to make an application\ncall any of these functions with a misaligned buffer could use this\nflaw to crash the application or, potentially, execute arbitrary code\nwith the permissions of the user running the application.\n(CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found\nin glibc's swscanf() function. An attacker able to make an application\ncall the swscanf() function could use these flaws to crash that\napplication or, potentially, execute arbitrary code with the\npermissions of the user running the application. (CVE-2015-1472,\nCVE-2015-1473)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in glibc's _IO_wstr_overflow() function. An attacker able to\nmake an application call this function could use this flaw to crash\nthat application or, potentially, execute arbitrary code with the\npermissions of the user running the application. (BZ#1195762)\n\nA flaw was found in the way glibc's fnmatch() function processed\ncertain malformed patterns. An attacker able to make an application\ncall this function could use this flaw to crash that application.\n(BZ#1197730)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThese updated glibc packages also include numerous bug fixes and one\nenhancement. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes,\nusers are directed to the following article on the Red Hat Customer\nPortal :\n\nhttps://access.redhat.com/articles/2050743\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-7423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1781\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2199\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-2.17-105.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-common-2.17-105.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-105.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-debuginfo-2.17-105.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-debuginfo-common-2.17-105.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-devel-2.17-105.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-headers-2.17-105.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-105.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-static-2.17-105.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-utils-2.17-105.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-105.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"nscd-2.17-105.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"nscd-2.17-105.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:44:02", "description": "Updated glibc packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.\n(CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use these flaws to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1472, CVE-2015-1473)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in glibc's _IO_wstr_overflow() function. An attacker able to make an application call this function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. (BZ#1195762)\n\nA flaw was found in the way glibc's fnmatch() function processed certain malformed patterns. An attacker able to make an application call this function could use this flaw to crash that application.\n(BZ#1197730)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThese updated glibc packages also include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal :\n\nhttps://access.redhat.com/articles/2050743\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "cvss3": {"score": null, "vector": null}, "published": "2015-12-02T00:00:00", "type": "nessus", "title": "CentOS 7 : glibc (CESA-2015:2199)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2015-1472", "CVE-2015-1473", "CVE-2015-1781"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc-static", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2015-2199.NASL", "href": "https://www.tenable.com/plugins/nessus/87142", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2199 and \n# CentOS Errata and Security Advisory 2015:2199 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87142);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2015-1472\", \"CVE-2015-1473\", \"CVE-2015-1781\");\n script_xref(name:\"RHSA\", value:\"2015:2199\");\n\n script_name(english:\"CentOS 7 : glibc (CESA-2015:2199)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues, several\nbugs, and add one enhancement are now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nIt was discovered that, under certain circumstances, glibc's\ngetaddrinfo() function would send DNS queries to random file\ndescriptors. An attacker could potentially use this flaw to send DNS\nqueries to unintended recipients, resulting in information disclosure\nor data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r()\nand other related functions computed the size of a buffer when passed\na misaligned buffer as input. An attacker able to make an application\ncall any of these functions with a misaligned buffer could use this\nflaw to crash the application or, potentially, execute arbitrary code\nwith the permissions of the user running the application.\n(CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found\nin glibc's swscanf() function. An attacker able to make an application\ncall the swscanf() function could use these flaws to crash that\napplication or, potentially, execute arbitrary code with the\npermissions of the user running the application. (CVE-2015-1472,\nCVE-2015-1473)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in glibc's _IO_wstr_overflow() function. An attacker able to\nmake an application call this function could use this flaw to crash\nthat application or, potentially, execute arbitrary code with the\npermissions of the user running the application. (BZ#1195762)\n\nA flaw was found in the way glibc's fnmatch() function processed\ncertain malformed patterns. An attacker able to make an application\ncall this function could use this flaw to crash that application.\n(BZ#1197730)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThese updated glibc packages also include numerous bug fixes and one\nenhancement. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes,\nusers are directed to the following article on the Red Hat Customer\nPortal :\n\nhttps://access.redhat.com/articles/2050743\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-November/002242.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?03af6126\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-1472\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-2.17-105.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-105.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-105.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-105.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-105.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-105.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nscd-2.17-105.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:43:46", "description": "It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.\n(CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use these flaws to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1472, CVE-2015-1473)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in glibc's _IO_wstr_overflow() function. An attacker able to make an application call this function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application.\n\nA flaw was found in the way glibc's fnmatch() function processed certain malformed patterns. An attacker able to make an application call this function could use this flaw to crash that application.", "cvss3": {"score": null, "vector": null}, "published": "2015-12-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL7.x x86_64 (20151119)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2015-1472", "CVE-2015-1473", "CVE-2015-1781"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:glibc-headers", "p-cpe:/a:fermilab:scientific_linux:glibc-static", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:nscd", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20151119_GLIBC_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/87556", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87556);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2015-1472\", \"CVE-2015-1473\", \"CVE-2015-1781\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL7.x x86_64 (20151119)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that, under certain circumstances, glibc's\ngetaddrinfo() function would send DNS queries to random file\ndescriptors. An attacker could potentially use this flaw to send DNS\nqueries to unintended recipients, resulting in information disclosure\nor data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r()\nand other related functions computed the size of a buffer when passed\na misaligned buffer as input. An attacker able to make an application\ncall any of these functions with a misaligned buffer could use this\nflaw to crash the application or, potentially, execute arbitrary code\nwith the permissions of the user running the application.\n(CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found\nin glibc's swscanf() function. An attacker able to make an application\ncall the swscanf() function could use these flaws to crash that\napplication or, potentially, execute arbitrary code with the\npermissions of the user running the application. (CVE-2015-1472,\nCVE-2015-1473)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in glibc's _IO_wstr_overflow() function. An attacker able to\nmake an application call this function could use this flaw to crash\nthat application or, potentially, execute arbitrary code with the\npermissions of the user running the application.\n\nA flaw was found in the way glibc's fnmatch() function processed\ncertain malformed patterns. An attacker able to make an application\ncall this function could use this flaw to crash that application.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1512&L=scientific-linux-errata&F=&S=&P=11952\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d9cd098a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-2.17-105.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-105.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.17-105.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-debuginfo-common-2.17-105.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-105.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-105.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-105.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-105.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nscd-2.17-105.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:43:59", "description": "From Red Hat Security Advisory 2015:2199 :\n\nUpdated glibc packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.\n(CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use these flaws to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1472, CVE-2015-1473)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in glibc's _IO_wstr_overflow() function. An attacker able to make an application call this function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. (BZ#1195762)\n\nA flaw was found in the way glibc's fnmatch() function processed certain malformed patterns. An attacker able to make an application call this function could use this flaw to crash that application.\n(BZ#1197730)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThese updated glibc packages also include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal :\n\nhttps://access.redhat.com/articles/2050743\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "cvss3": {"score": null, "vector": null}, "published": "2015-11-30T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : glibc (ELSA-2015-2199)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2015-1472", "CVE-2015-1473", "CVE-2015-1781"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-static", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-2199.NASL", "href": "https://www.tenable.com/plugins/nessus/87092", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:2199 and \n# Oracle Linux Security Advisory ELSA-2015-2199 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87092);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2015-1472\", \"CVE-2015-1473\", \"CVE-2015-1781\");\n script_xref(name:\"RHSA\", value:\"2015:2199\");\n\n script_name(english:\"Oracle Linux 7 : glibc (ELSA-2015-2199)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:2199 :\n\nUpdated glibc packages that fix multiple security issues, several\nbugs, and add one enhancement are now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nIt was discovered that, under certain circumstances, glibc's\ngetaddrinfo() function would send DNS queries to random file\ndescriptors. An attacker could potentially use this flaw to send DNS\nqueries to unintended recipients, resulting in information disclosure\nor data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r()\nand other related functions computed the size of a buffer when passed\na misaligned buffer as input. An attacker able to make an application\ncall any of these functions with a misaligned buffer could use this\nflaw to crash the application or, potentially, execute arbitrary code\nwith the permissions of the user running the application.\n(CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found\nin glibc's swscanf() function. An attacker able to make an application\ncall the swscanf() function could use these flaws to crash that\napplication or, potentially, execute arbitrary code with the\npermissions of the user running the application. (CVE-2015-1472,\nCVE-2015-1473)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in glibc's _IO_wstr_overflow() function. An attacker able to\nmake an application call this function could use this flaw to crash\nthat application or, potentially, execute arbitrary code with the\npermissions of the user running the application. (BZ#1195762)\n\nA flaw was found in the way glibc's fnmatch() function processed\ncertain malformed patterns. An attacker able to make an application\ncall this function could use this flaw to crash that application.\n(BZ#1197730)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThese updated glibc packages also include numerous bug fixes and one\nenhancement. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes,\nusers are directed to the following article on the Red Hat Customer\nPortal :\n\nhttps://access.redhat.com/articles/2050743\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-November/005577.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-2.17-105.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-105.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-105.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-105.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-105.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-105.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nscd-2.17-105.0.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T14:48:24", "description": "The remote host is affected by the vulnerability described in GLSA-201602-02 (GNU C Library: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the GNU C Library:\n The Google Security Team and Red Hat discovered a stack-based buffer overflow in the send_dg() and send_vc() functions due to a buffer mismanagement when getaddrinfo() is called with AF_UNSPEC (CVE-2015-7547).\n The strftime() function access invalid memory when passed out-of-range data, resulting in a crash (CVE-2015-8776).\n An integer overflow was found in the __hcreate_r() function (CVE-2015-8778).\n Multiple unbounded stack allocations were found in the catopen() function (CVE-2015-8779).\n Please review the CVEs referenced below for additional vulnerabilities that had already been fixed in previous versions of sys-libs/glibc, for which we have not issued a GLSA before.\n Impact :\n\n A remote attacker could exploit any application which performs host name resolution using getaddrinfo() in order to execute arbitrary code or crash the application. The other vulnerabilities can possibly be exploited to cause a Denial of Service or leak information.\n Workaround :\n\n A number of mitigating factors for CVE-2015-7547 have been identified.\n Please review the upstream advisory and references below.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-18T00:00:00", "type": "nessus", "title": "GLSA-201602-02 : GNU C Library: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2014-0475", "CVE-2014-5119", "CVE-2014-6040", "CVE-2014-7817", "CVE-2014-8121", "CVE-2014-9402", "CVE-2015-1472", "CVE-2015-1781", "CVE-2015-7547", "CVE-2015-8776", "CVE-2015-8778", "CVE-2015-8779"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:glibc", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201602-02.NASL", "href": "https://www.tenable.com/plugins/nessus/88822", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201602-02.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88822);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2014-0475\", \"CVE-2014-5119\", \"CVE-2014-6040\", \"CVE-2014-7817\", \"CVE-2014-8121\", \"CVE-2014-9402\", \"CVE-2015-1472\", \"CVE-2015-1781\", \"CVE-2015-7547\", \"CVE-2015-8776\", \"CVE-2015-8778\", \"CVE-2015-8779\");\n script_xref(name:\"GLSA\", value:\"201602-02\");\n script_xref(name:\"IAVA\", value:\"2016-A-0053\");\n script_xref(name:\"TRA\", value:\"TRA-2017-08\");\n\n script_name(english:\"GLSA-201602-02 : GNU C Library: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201602-02\n(GNU C Library: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the GNU C Library:\n The Google Security Team and Red Hat discovered a stack-based buffer\n overflow in the send_dg() and send_vc() functions due to a buffer\n mismanagement when getaddrinfo() is called with AF_UNSPEC\n (CVE-2015-7547).\n The strftime() function access invalid memory when passed\n out-of-range data, resulting in a crash (CVE-2015-8776).\n An integer overflow was found in the __hcreate_r() function\n (CVE-2015-8778).\n Multiple unbounded stack allocations were found in the catopen()\n function (CVE-2015-8779).\n Please review the CVEs referenced below for additional vulnerabilities\n that had already been fixed in previous versions of sys-libs/glibc, for\n which we have not issued a GLSA before.\n \nImpact :\n\n A remote attacker could exploit any application which performs host name\n resolution using getaddrinfo() in order to execute arbitrary code or\n crash the application. The other vulnerabilities can possibly be\n exploited to cause a Denial of Service or leak information.\n \nWorkaround :\n\n A number of mitigating factors for CVE-2015-7547 have been identified.\n Please review the upstream advisory and references below.\"\n );\n # https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1358552a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201602-02\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2017-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All GNU C Library users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-libs/glibc-2.21-r2'\n It is important to ensure that no running process uses the old glibc\n anymore. The easiest way to achieve that is by rebooting the machine\n after updating the sys-libs/glibc package.\n Note: Should you run into compilation failures while updating, please\n see bug 574948.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/18\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-libs/glibc\", unaffected:make_list(\"ge 2.21-r2\"), vulnerable:make_list(\"lt 2.21-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GNU C Library\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-04T02:35:46", "description": "An update for glibc is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es) :\n\n* It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.\n(CVE-2013-7423)", "cvss3": {"score": null, "vector": null}, "published": "2016-06-07T00:00:00", "type": "nessus", "title": "RHEL 6 : glibc (RHSA-2016:1207)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2016-1207.NASL", "href": "https://www.tenable.com/plugins/nessus/91497", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1207. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91497);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2013-7423\");\n script_xref(name:\"RHSA\", value:\"2016:1207\");\n\n script_name(english:\"RHEL 6 : glibc (RHSA-2016:1207)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for glibc is now available for Red Hat Enterprise Linux 6.5\nAdvanced Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nname service cache daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nSecurity Fix(es) :\n\n* It was discovered that, under certain circumstances, glibc's\ngetaddrinfo() function would send DNS queries to random file\ndescriptors. An attacker could potentially use this flaw to send DNS\nqueries to unintended recipients, resulting in information disclosure\nor data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-7423\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.5\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1207\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"glibc-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"glibc-debuginfo-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"glibc-debuginfo-common-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-debuginfo-common-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"glibc-devel-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-devel-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"glibc-static-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-static-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"nscd-2.12-1.132.el6_5.8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:46:47", "description": "Updated glibc packages fix security vulnerabilities :\n\nStephane Chazelas discovered that directory traversal issue in locale handling in glibc. glibc accepts relative paths with .. components in the LC_* and LANG variables. Together with typical OpenSSH configurations (with suitable AcceptEnv settings in sshd_config), this could conceivably be used to bypass ForceCommand restrictions (or restricted shells), assuming the attacker has sufficient level of access to a file system location on the host to create crafted locale definitions there (CVE-2014-0475).\n\nDavid Reid, Glyph Lefkowitz, and Alex Gaynor discovered a bug where posix_spawn_file_actions_addopen fails to copy the path argument (glibc bz #17048) which can, in conjunction with many common memory management techniques from an application, lead to a use after free, or other vulnerabilities (CVE-2014-4043).\n\nThis update also fixes the following issues: x86: Disable x87 inline functions for SSE2 math (glibc bz #16510) malloc: Fix race in free() of fastbin chunk (glibc bz #15073)\n\nTavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution.\n\nThis update removes support of loadable gconv transliteration modules.\nBesides the security vulnerability, the module loading code had functionality defects which prevented it from working for the intended purpose (CVE-2014-5119).\n\nAdhemerval Zanella Netto discovered out-of-bounds reads in additional code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364) that can be used to crash the systems, causing a denial of service conditions (CVE-2014-6040).\n\nThe function wordexp() fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of '$((... ))' where '...' can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This update fixes the issue (CVE-2014-7817).\n\nThe vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not properly restrict the use of the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers (CVE-2012-3406).\n\nThe nss_dns implementation of getnetbyname could run into an infinite loop if the DNS response contained a PTR record of an unexpected format (CVE-2014-9402).\n\nAlso glibc lock elision (new feature in glibc 2.18) has been disabled as it can break glibc at runtime on newer Intel hardware (due to hardware bug)\n\nUnder certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer (CVE-2015-1472).\n\nThe incorrect use of '__libc_use_alloca (newsize)' caused a different (and weaker) policy to be enforced which could allow a denial of service attack (CVE-2015-1473).", "cvss3": {"score": null, "vector": null}, "published": "2015-03-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : glibc (MDVSA-2015:168)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3406", "CVE-2014-0475", "CVE-2014-4043", "CVE-2014-5119", "CVE-2014-6040", "CVE-2014-7817", "CVE-2014-9402", "CVE-2015-1472", "CVE-2015-1473"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:glibc", "p-cpe:/a:mandriva:linux:glibc-devel", "p-cpe:/a:mandriva:linux:glibc-doc", "p-cpe:/a:mandriva:linux:glibc-i18ndata", "p-cpe:/a:mandriva:linux:glibc-profile", "p-cpe:/a:mandriva:linux:glibc-static-devel", "p-cpe:/a:mandriva:linux:glibc-utils", "p-cpe:/a:mandriva:linux:nscd", "cpe:/o:mandriva:business_server:2"], "id": "MANDRIVA_MDVSA-2015-168.NASL", "href": "https://www.tenable.com/plugins/nessus/82421", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:168. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82421);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3406\", \"CVE-2014-0475\", \"CVE-2014-4043\", \"CVE-2014-5119\", \"CVE-2014-6040\", \"CVE-2014-7817\", \"CVE-2014-9402\", \"CVE-2015-1472\", \"CVE-2015-1473\");\n script_xref(name:\"MDVSA\", value:\"2015:168\");\n\n script_name(english:\"Mandriva Linux Security Advisory : glibc (MDVSA-2015:168)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages fix security vulnerabilities :\n\nStephane Chazelas discovered that directory traversal issue in locale\nhandling in glibc. glibc accepts relative paths with .. components in\nthe LC_* and LANG variables. Together with typical OpenSSH\nconfigurations (with suitable AcceptEnv settings in sshd_config), this\ncould conceivably be used to bypass ForceCommand restrictions (or\nrestricted shells), assuming the attacker has sufficient level of\naccess to a file system location on the host to create crafted locale\ndefinitions there (CVE-2014-0475).\n\nDavid Reid, Glyph Lefkowitz, and Alex Gaynor discovered a bug where\nposix_spawn_file_actions_addopen fails to copy the path argument\n(glibc bz #17048) which can, in conjunction with many common memory\nmanagement techniques from an application, lead to a use after free,\nor other vulnerabilities (CVE-2014-4043).\n\nThis update also fixes the following issues: x86: Disable x87 inline\nfunctions for SSE2 math (glibc bz #16510) malloc: Fix race in free()\nof fastbin chunk (glibc bz #15073)\n\nTavis Ormandy discovered a heap-based buffer overflow in the\ntransliteration module loading code. As a result, an attacker who can\nsupply a crafted destination character set argument to iconv-related\ncharacter conversation functions could achieve arbitrary code\nexecution.\n\nThis update removes support of loadable gconv transliteration modules.\nBesides the security vulnerability, the module loading code had\nfunctionality defects which prevented it from working for the intended\npurpose (CVE-2014-5119).\n\nAdhemerval Zanella Netto discovered out-of-bounds reads in additional\ncode page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)\nthat can be used to crash the systems, causing a denial of service\nconditions (CVE-2014-6040).\n\nThe function wordexp() fails to properly handle the WRDE_NOCMD flag\nwhen processing arithmetic inputs in the form of '$((... ))' where\n'...' can be anything valid. The backticks in the arithmetic\nepxression are evaluated by in a shell even if WRDE_NOCMD forbade\ncommand substitution. This allows an attacker to attempt to pass\ndangerous commands via constructs of the above form, and bypass the\nWRDE_NOCMD flag. This update fixes the issue (CVE-2014-7817).\n\nThe vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka\nglibc) 2.5, 2.12, and probably other versions does not properly\nrestrict the use of the alloca function when allocating the SPECS\narray, which allows context-dependent attackers to bypass the\nFORTIFY_SOURCE format-string protection mechanism and cause a denial\nof service (crash) or possibly execute arbitrary code via a crafted\nformat string using positional parameters and a large number of format\nspecifiers (CVE-2012-3406).\n\nThe nss_dns implementation of getnetbyname could run into an infinite\nloop if the DNS response contained a PTR record of an unexpected\nformat (CVE-2014-9402).\n\nAlso glibc lock elision (new feature in glibc 2.18) has been disabled\nas it can break glibc at runtime on newer Intel hardware (due to\nhardware bug)\n\nUnder certain conditions wscanf can allocate too little memory for the\nto-be-scanned arguments and overflow the allocated buffer\n(CVE-2015-1472).\n\nThe incorrect use of '__libc_use_alloca (newsize)' caused a different\n(and weaker) policy to be enforced which could allow a denial of\nservice attack (CVE-2015-1473).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0314.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0376.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0496.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0072.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"glibc-2.18-10.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"glibc-devel-2.18-10.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"glibc-doc-2.18-10.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"glibc-i18ndata-2.18-10.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"glibc-profile-2.18-10.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"glibc-static-devel-2.18-10.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"glibc-utils-2.18-10.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"nscd-2.18-10.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:47:35", "description": "It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817)\n\nThis update also fixes the following bug :\n\n - Prior to this update, if a file stream that was opened in append mode and its underlying file descriptor were used at the same time and the file was truncated using the ftruncate() function on the file descriptor, a subsequent ftell() call on the stream incorrectly modified the file offset by seeking to the new end of the file. This update ensures that ftell() modifies the state of the file stream only when it is in append mode and its buffer is not empty. As a result, the described incorrect changes to the file offset no longer occur.", "cvss3": {"score": null, "vector": null}, "published": "2014-12-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL7.x x86_64 (20141218)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7817"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:glibc-headers", "p-cpe:/a:fermilab:scientific_linux:glibc-static", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:nscd", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20141218_GLIBC_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/80162", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80162);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-7817\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL7.x x86_64 (20141218)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the wordexp() function would perform command\nsubstitution even when the WRDE_NOCMD flag was specified. An attacker\nable to provide specially crafted input to an application using the\nwordexp() function, and not sanitizing the input correctly, could\npotentially use this flaw to execute arbitrary commands with the\ncredentials of the user running that application. (CVE-2014-7817)\n\nThis update also fixes the following bug :\n\n - Prior to this update, if a file stream that was opened\n in append mode and its underlying file descriptor were\n used at the same time and the file was truncated using\n the ftruncate() function on the file descriptor, a\n subsequent ftell() call on the stream incorrectly\n modified the file offset by seeking to the new end of\n the file. This update ensures that ftell() modifies the\n state of the file stream only when it is in append mode\n and its buffer is not empty. As a result, the described\n incorrect changes to the file offset no longer occur.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1412&L=scientific-linux-errata&T=0&P=3476\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cba89865\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-2.17-55.el7_0.3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-55.el7_0.3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.17-55.el7_0.3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-debuginfo-common-2.17-55.el7_0.3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-55.el7_0.3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-55.el7_0.3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-55.el7_0.3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-55.el7_0.3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nscd-2.17-55.el7_0.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:44:24", "description": "The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing '$((`...`))'.", "cvss3": {"score": null, "vector": null}, "published": "2015-09-18T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : GNU C Library (glibc) vulnerability (SOL16010)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7817"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL16010.NASL", "href": "https://www.tenable.com/plugins/nessus/86008", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL16010.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86008);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2014-7817\");\n script_bugtraq_id(71216);\n\n script_name(english:\"F5 Networks BIG-IP : GNU C Library (glibc) vulnerability (SOL16010)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The wordexp function in GNU C Library (aka glibc) 2.21 does not\nenforce the WRDE_NOCMD flag, which allows context-dependent attackers\nto execute arbitrary commands, as demonstrated by input containing\n'$((`...`))'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16010\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL16010.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL16010\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.6.0\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:47:50", "description": "Updated glibc package fixes security vulnerability :\n\nThe function wordexp\\(\\) fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of $((... ``)) where ...\ncan be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This update fixes the issue (CVE-2014-7817).", "cvss3": {"score": null, "vector": null}, "published": "2014-11-28T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : glibc (MDVSA-2014:232)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7817"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:glibc", "p-cpe:/a:mandriva:linux:glibc-devel", "p-cpe:/a:mandriva:linux:glibc-doc", "p-cpe:/a:mandriva:linux:glibc-doc-pdf", "p-cpe:/a:mandriva:linux:glibc-i18ndata", "p-cpe:/a:mandriva:linux:glibc-profile", "p-cpe:/a:mandriva:linux:glibc-static-devel", "p-cpe:/a:mandriva:linux:glibc-utils", "p-cpe:/a:mandriva:linux:nscd", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-232.NASL", "href": "https://www.tenable.com/plugins/nessus/79612", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:232. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79612);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-7817\");\n script_bugtraq_id(71216);\n script_xref(name:\"MDVSA\", value:\"2014:232\");\n\n script_name(english:\"Mandriva Linux Security Advisory : glibc (MDVSA-2014:232)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc package fixes security vulnerability :\n\nThe function wordexp\\(\\) fails to properly handle the WRDE_NOCMD flag\nwhen processing arithmetic inputs in the form of $((... ``)) where ...\ncan be anything valid. The backticks in the arithmetic epxression are\nevaluated by in a shell even if WRDE_NOCMD forbade command\nsubstitution. This allows an attacker to attempt to pass dangerous\ncommands via constructs of the above form, and bypass the WRDE_NOCMD\nflag. This update fixes the issue (CVE-2014-7817).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0496.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-2.14.1-12.10.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-devel-2.14.1-12.10.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"glibc-doc-2.14.1-12.10.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"glibc-doc-pdf-2.14.1-12.10.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-i18ndata-2.14.1-12.10.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-profile-2.14.1-12.10.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-static-devel-2.14.1-12.10.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-utils-2.14.1-12.10.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"nscd-2.14.1-12.10.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:47:28", "description": "From Red Hat Security Advisory 2014:2023 :\n\nUpdated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nIt was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817)\n\nThis issue was discovered by Tim Waugh of the Red Hat Developer Experience Team.\n\nThis update also fixes the following bug :\n\n* Prior to this update, if a file stream that was opened in append mode and its underlying file descriptor were used at the same time and the file was truncated using the ftruncate() function on the file descriptor, a subsequent ftell() call on the stream incorrectly modified the file offset by seeking to the new end of the file. This update ensures that ftell() modifies the state of the file stream only when it is in append mode and its buffer is not empty. As a result, the described incorrect changes to the file offset no longer occur.\n(BZ#1170187)\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-12-19T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : glibc (ELSA-2014-2023)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7817"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-static", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2014-2023.NASL", "href": "https://www.tenable.com/plugins/nessus/80114", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:2023 and \n# Oracle Linux Security Advisory ELSA-2014-2023 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80114);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-7817\");\n script_bugtraq_id(68505, 68983, 71216);\n script_xref(name:\"RHSA\", value:\"2014:2023\");\n\n script_name(english:\"Oracle Linux 7 : glibc (ELSA-2014-2023)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:2023 :\n\nUpdated glibc packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nIt was found that the wordexp() function would perform command\nsubstitution even when the WRDE_NOCMD flag was specified. An attacker\nable to provide specially crafted input to an application using the\nwordexp() function, and not sanitizing the input correctly, could\npotentially use this flaw to execute arbitrary commands with the\ncredentials of the user running that application. (CVE-2014-7817)\n\nThis issue was discovered by Tim Waugh of the Red Hat Developer\nExperience Team.\n\nThis update also fixes the following bug :\n\n* Prior to this update, if a file stream that was opened in append\nmode and its underlying file descriptor were used at the same time and\nthe file was truncated using the ftruncate() function on the file\ndescriptor, a subsequent ftell() call on the stream incorrectly\nmodified the file offset by seeking to the new end of the file. This\nupdate ensures that ftell() modifies the state of the file stream only\nwhen it is in append mode and its buffer is not empty. As a result,\nthe described incorrect changes to the file offset no longer occur.\n(BZ#1170187)\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-December/004751.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-2.17-55.0.4.el7_0.3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-55.0.4.el7_0.3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-55.0.4.el7_0.3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-55.0.4.el7_0.3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-55.0.4.el7_0.3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-55.0.4.el7_0.3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nscd-2.17-55.0.4.el7_0.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:47:36", "description": "Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nIt was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817)\n\nThis issue was discovered by Tim Waugh of the Red Hat Developer Experience Team.\n\nThis update also fixes the following bug :\n\n* Prior to this update, if a file stream that was opened in append mode and its underlying file descriptor were used at the same time and the file was truncated using the ftruncate() function on the file descriptor, a subsequent ftell() call on the stream incorrectly modified the file offset by seeking to the new end of the file. This update ensures that ftell() modifies the state of the file stream only when it is in append mode and its buffer is not empty. As a result, the described incorrect changes to the file offset no longer occur.\n(BZ#1170187)\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-12-22T00:00:00", "type": "nessus", "title": "CentOS 7 : glibc (CESA-2014:2023)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7817"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc-static", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2014-2023.NASL", "href": "https://www.tenable.com/plugins/nessus/80123", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:2023 and \n# CentOS Errata and Security Advisory 2014:2023 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80123);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-7817\");\n script_bugtraq_id(71216);\n script_xref(name:\"RHSA\", value:\"2014:2023\");\n\n script_name(english:\"CentOS 7 : glibc (CESA-2014:2023)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nIt was found that the wordexp() function would perform command\nsubstitution even when the WRDE_NOCMD flag was specified. An attacker\nable to provide specially crafted input to an application using the\nwordexp() function, and not sanitizing the input correctly, could\npotentially use this flaw to execute arbitrary commands with the\ncredentials of the user running that application. (CVE-2014-7817)\n\nThis issue was discovered by Tim Waugh of the Red Hat Developer\nExperience Team.\n\nThis update also fixes the following bug :\n\n* Prior to this update, if a file stream that was opened in append\nmode and its underlying file descriptor were used at the same time and\nthe file was truncated using the ftruncate() function on the file\ndescriptor, a subsequent ftell() call on the stream incorrectly\nmodified the file offset by seeking to the new end of the file. This\nupdate ensures that ftell() modifies the state of the file stream only\nwhen it is in append mode and its buffer is not empty. As a result,\nthe described incorrect changes to the file offset no longer occur.\n(BZ#1170187)\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-December/020849.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f97aa0b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7817\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-2.17-55.el7_0.3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-55.el7_0.3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-55.el7_0.3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-55.el7_0.3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-55.el7_0.3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-55.el7_0.3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nscd-2.17-55.el7_0.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:47:27", "description": "Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nIt was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817)\n\nThis issue was discovered by Tim Waugh of the Red Hat Developer Experience Team.\n\nThis update also fixes the following bug :\n\n* Prior to this update, if a file stream that was opened in append mode and its underlying file descriptor were used at the same time and the file was truncated using the ftruncate() function on the file descriptor, a subsequent ftell() call on the stream incorrectly modified the file offset by seeking to the new end of the file. This update ensures that ftell() modifies the state of the file stream only when it is in append mode and its buffer is not empty. As a result, the described incorrect changes to the file offset no longer occur.\n(BZ#1170187)\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-12-19T00:00:00", "type": "nessus", "title": "RHEL 7 : glibc (RHSA-2014:2023)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7817"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2014-2023.NASL", "href": "https://www.tenable.com/plugins/nessus/80116", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:2023. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80116);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-7817\");\n script_xref(name:\"RHSA\", value:\"2014:2023\");\n\n script_name(english:\"RHEL 7 : glibc (RHSA-2014:2023)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nIt was found that the wordexp() function would perform command\nsubstitution even when the WRDE_NOCMD flag was specified. An attacker\nable to provide specially crafted input to an application using the\nwordexp() function, and not sanitizing the input correctly, could\npotentially use this flaw to execute arbitrary commands with the\ncredentials of the user running that application. (CVE-2014-7817)\n\nThis issue was discovered by Tim Waugh of the Red Hat Developer\nExperience Team.\n\nThis update also fixes the following bug :\n\n* Prior to this update, if a file stream that was opened in append\nmode and its underlying file descriptor were used at the same time and\nthe file was truncated using the ftruncate() function on the file\ndescriptor, a subsequent ftell() call on the stream incorrectly\nmodified the file offset by seeking to the new end of the file. This\nupdate ensures that ftell() modifies the state of the file stream only\nwhen it is in append mode and its buffer is not empty. As a result,\nthe described incorrect changes to the file offset no longer occur.\n(BZ#1170187)\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:2023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7817\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:2023\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-2.17-55.el7_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-common-2.17-55.el7_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-55.el7_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-debuginfo-2.17-55.el7_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-debuginfo-common-2.17-55.el7_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-devel-2.17-55.el7_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-headers-2.17-55.el7_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-55.el7_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-static-2.17-55.el7_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-utils-2.17-55.el7_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-55.el7_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"nscd-2.17-55.el7_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"nscd-2.17-55.el7_0.3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:43:24", "description": "Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nIt was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system.\n(CVE-2015-5277)\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.\n(CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use these flaws to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1472, CVE-2015-1473)\n\nThe CVE-2015-5277 issue was discovered by Sumit Bose and Lukas Slebodnik of Red Hat, and the CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2016-02-04T00:00:00", "type": "nessus", "title": "RHEL 7 : glibc (RHSA-2015:2589)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2015-1472", "CVE-2015-1473", "CVE-2015-1781", "CVE-2015-5277"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:7.1"], "id": "REDHAT-RHSA-2015-2589.NASL", "href": "https://www.tenable.com/plugins/nessus/88573", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2589. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88573);\n script_version(\"2.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2015-1472\", \"CVE-2015-1473\", \"CVE-2015-1781\", \"CVE-2015-5277\");\n script_xref(name:\"RHSA\", value:\"2015:2589\");\n\n script_name(english:\"RHEL 7 : glibc (RHSA-2015:2589)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 7.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nIt was discovered that the nss_files backend for the Name Service\nSwitch in glibc would return incorrect data to applications or corrupt\nthe heap (depending on adjacent heap contents). A local attacker could\npotentially use this flaw to execute arbitrary code on the system.\n(CVE-2015-5277)\n\nIt was discovered that, under certain circumstances, glibc's\ngetaddrinfo() function would send DNS queries to random file\ndescriptors. An attacker could potentially use this flaw to send DNS\nqueries to unintended recipients, resulting in information disclosure\nor data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r()\nand other related functions computed the size of a buffer when passed\na misaligned buffer as input. An attacker able to make an application\ncall any of these functions with a misaligned buffer could use this\nflaw to crash the application or, potentially, execute arbitrary code\nwith the permissions of the user running the application.\n(CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found\nin glibc's swscanf() function. An attacker able to make an application\ncall the swscanf() function could use these flaws to crash that\napplication or, potentially, execute arbitrary code with the\npermissions of the user running the application. (CVE-2015-1472,\nCVE-2015-1473)\n\nThe CVE-2015-5277 issue was discovered by Sumit Bose and Lukas\nSlebodnik of Red Hat, and the CVE-2015-1781 issue was discovered by\nArjun Shankar of Red Hat.\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-7423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5277\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2589\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"glibc-2.17-79.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-common-2.17-79.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-common-2.17-79.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"glibc-debuginfo-2.17-79.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"glibc-debuginfo-common-2.17-79.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"glibc-devel-2.17-79.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-headers-2.17-79.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-79.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"glibc-static-2.17-79.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-utils-2.17-79.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-79.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"nscd-2.17-79.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"nscd-2.17-79.el7_1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T01:35:07", "description": "A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.\n(CVE-2015-1781)\n\nIt was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system.\n(CVE-2015-5277)\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nA stack overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1473)\n\nA heap-based buffer overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1472)", "cvss3": {"score": null, "vector": null}, "published": "2015-12-15T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : glibc (ALAS-2015-617)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2015-1472", "CVE-2015-1473", "CVE-2015-1781", "CVE-2015-5277"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:glibc", "p-cpe:/a:amazon:linux:glibc-common", "p-cpe:/a:amazon:linux:glibc-debuginfo", "p-cpe:/a:amazon:linux:glibc-debuginfo-common", "p-cpe:/a:amazon:linux:glibc-devel", "p-cpe:/a:amazon:linux:glibc-headers", "p-cpe:/a:amazon:linux:glibc-static", "p-cpe:/a:amazon:linux:glibc-utils", "p-cpe:/a:amazon:linux:nscd", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-617.NASL", "href": "https://www.tenable.com/plugins/nessus/87343", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-617.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87343);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2015-1472\", \"CVE-2015-1473\", \"CVE-2015-1781\", \"CVE-2015-5277\");\n script_xref(name:\"ALAS\", value:\"2015-617\");\n\n script_name(english:\"Amazon Linux AMI : glibc (ALAS-2015-617)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was found in the way glibc's gethostbyname_r()\nand other related functions computed the size of a buffer when passed\na misaligned buffer as input. An attacker able to make an application\ncall any of these functions with a misaligned buffer could use this\nflaw to crash the application or, potentially, execute arbitrary code\nwith the permissions of the user running the application.\n(CVE-2015-1781)\n\nIt was discovered that the nss_files backend for the Name Service\nSwitch in glibc would return incorrect data to applications or corrupt\nthe heap (depending on adjacent heap contents). A local attacker could\npotentially use this flaw to execute arbitrary code on the system.\n(CVE-2015-5277)\n\nIt was discovered that, under certain circumstances, glibc's\ngetaddrinfo() function would send DNS queries to random file\ndescriptors. An attacker could potentially use this flaw to send DNS\nqueries to unintended recipients, resulting in information disclosure\nor data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nA stack overflow flaw was found in glibc's swscanf() function. An\nattacker able to make an application call the swscanf() function could\nuse this flaw to crash that application or, potentially, execute\narbitrary code with the permissions of the user running the\napplication. (CVE-2015-1473)\n\nA heap-based buffer overflow flaw was found in glibc's swscanf()\nfunction. An attacker able to make an application call the swscanf()\nfunction could use this flaw to crash that application or,\npotentially, execute arbitrary code with the permissions of the user\nrunning the application. (CVE-2015-1472)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-617.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update glibc' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"glibc-2.17-106.163.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-common-2.17-106.163.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-2.17-106.163.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-common-2.17-106.163.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-devel-2.17-106.163.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-headers-2.17-106.163.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-static-2.17-106.163.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-utils-2.17-106.163.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nscd-2.17-106.163.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:46:25", "description": "Avoid infinite loop in nss_dns getnetbyname [BZ #17630]\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-03-26T00:00:00", "type": "nessus", "title": "Debian DLA-122-1 : eglibc security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:eglibc-source", "p-cpe:/a:debian:debian_linux:glibc-doc", "p-cpe:/a:debian:debian_linux:libc-bin", "p-cpe:/a:debian:debian_linux:libc-dev-bin", "p-cpe:/a:debian:debian_linux:libc6", "p-cpe:/a:debian:debian_linux:libc6-amd64", "p-cpe:/a:debian:debian_linux:libc6-dbg", "p-cpe:/a:debian:debian_linux:libc6-dev", "p-cpe:/a:debian:debian_linux:libc6-dev-amd64", "p-cpe:/a:debian:debian_linux:libc6-dev-i386", "p-cpe:/a:debian:debian_linux:libc6-i386", "p-cpe:/a:debian:debian_linux:libc6-i686", "p-cpe:/a:debian:debian_linux:libc6-pic", "p-cpe:/a:debian:debian_linux:libc6-prof", "p-cpe:/a:debian:debian_linux:libc6-udeb", "p-cpe:/a:debian:debian_linux:libc6-xen", "p-cpe:/a:debian:debian_linux:libnss-dns-udeb", "p-cpe:/a:debian:debian_linux:libnss-files-udeb", "p-cpe:/a:debian:debian_linux:locales", "p-cpe:/a:debian:debian_linux:locales-all", "p-cpe:/a:debian:debian_linux:nscd", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-122.NASL", "href": "https://www.tenable.com/plugins/nessus/82105", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-122-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82105);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9402\");\n script_bugtraq_id(71670);\n\n script_name(english:\"Debian DLA-122-1 : eglibc security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Avoid infinite loop in nss_dns getnetbyname [BZ #17630]\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/12/msg00024.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/eglibc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:eglibc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc-dev-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-pic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-prof\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss-dns-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss-files-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:locales\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:locales-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"eglibc-source\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"glibc-doc\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc-bin\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc-dev-bin\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-amd64\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dbg\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dev\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dev-amd64\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dev-i386\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-i386\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-i686\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-pic\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-prof\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-udeb\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-xen\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnss-dns-udeb\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnss-files-udeb\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"locales\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"locales-all\", reference:\"2.11.3-4+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"nscd\", reference:\"2.11.3-4+deb6u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:43:02", "description": "The remote Red Hat Enterprise Linux host has a version of glibc installed that is similar in patching level to version 2.21 of the official glibc library. It is, therefore, potentially affected by a denial of service vulnerability due to improper handling of alias names supplied to the getnetbyname() function. A remote attacker can exploit this to cause an invite loop by sending a positive answer to the host while a network name is being processed.\n\nNote that Red Hat has no plans to release a patch since the host will only be affected by the vulnerability if it is running a 'networks:\nfile dns' non-standard configuration in /etc/nsswitch.conf, and the host is targeted by a separate DNS spoofing attack.", "cvss3": {"score": null, "vector": null}, "published": "2016-02-19T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 / 7 : glibc (CVE-2014-9402)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402"], "modified": "2018-07-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-CVE-2014-9402.NASL", "href": "https://www.tenable.com/plugins/nessus/88862", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88862);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/25 18:58:06\");\n\n script_cve_id(\"CVE-2014-9402\");\n script_bugtraq_id(71670);\n\n script_name(english:\"RHEL 5 / 6 / 7 : glibc (CVE-2014-9402)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is potentially affected by a denial of service\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Red Hat Enterprise Linux host has a version of glibc\ninstalled that is similar in patching level to version 2.21 of the\nofficial glibc library. It is, therefore, potentially affected by a\ndenial of service vulnerability due to improper handling of alias\nnames supplied to the getnetbyname() function. A remote attacker can\nexploit this to cause an invite loop by sending a positive answer to\nthe host while a network name is being processed.\n\nNote that Red Hat has no plans to release a patch since the host will\nonly be affected by the vulnerability if it is running a 'networks:\nfile dns' non-standard configuration in /etc/nsswitch.conf, and the\nhost is targeted by a separate DNS spoofing attack.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2014-9402.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"No patch from Red Hat is currently available. However, users are\nadvised to check their settings, and upgrade to a glibc package\nreleased after February, 2nd 2015.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", reference:\"glibc-2.5-123.el5_11.3\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"glibc-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"RHEL7\", reference:\"glibc-2.17-78.el7\")) flag++;\n\nif (flag)\n{\n report_extra = rpm_report_get() +\n 'NOTE: No official Red Hat Security Advisory exists for this vulnerability.\\n' +\n 'Consult https://access.redhat.com/security/cve/CVE-2014-9402 for details.\\n';\n if (report_verbosity > 0) security_note(port:0, extra:report_extra);\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 1.2, "vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:16:47", "description": "According to the version of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.(CVE-2014-9402)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2018-09-18T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.1 : glibc (EulerOS-SA-2018-1272)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:uvp:2.5.1"], "id": "EULEROS_SA-2018-1272.NASL", "href": "https://www.tenable.com/plugins/nessus/117581", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117581);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-9402\"\n );\n script_bugtraq_id(\n 71670\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.1 : glibc (EulerOS-SA-2018-1272)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the glibc packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - The nss_dns implementation of getnetbyname in GNU C\n Library (aka glibc) before 2.21, when the DNS backend\n in the Name Service Switch configuration is enabled,\n allows remote attackers to cause a denial of service\n (infinite loop) by sending a positive answer while a\n network name is being process.(CVE-2014-9402)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1272\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?55f2cf0e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.17-157.h14\",\n \"glibc-common-2.17-157.h14\",\n \"glibc-devel-2.17-157.h14\",\n \"glibc-headers-2.17-157.h14\",\n \"nscd-2.17-157.h14\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-16T00:47:46", "description": "The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. (CVE-2014-9402)\n\nImpact\n\nThis vulnerability can only be exploited if you explicitly enable DNS for networks in the Name Service Switch Configuration file ( /etc/nsswitch.conf ). By default, the BIG-IP system does not have DNS enabled for networks in the Name Service Switch configuration and is not vulnerable. An attacker with local access and knowledge of how to make the glibc function trigger an exploit may be able to cause a denial of service (DoS).", "cvss3": {"score": null, "vector": null}, "published": "2018-12-18T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : glibc vulnerability (K16365)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402"], "modified": "2020-08-27T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL16365.NASL", "href": "https://www.tenable.com/plugins/nessus/119731", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K16365.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119731);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/27\");\n\n script_cve_id(\"CVE-2014-9402\");\n script_bugtraq_id(71670);\n\n script_name(english:\"F5 Networks BIG-IP : glibc vulnerability (K16365)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The nss_dns implementation of getnetbyname in GNU C Library (aka\nglibc) before 2.21, when the DNS backend in the Name Service Switch\nconfiguration is enabled, allows remote attackers to cause a denial of\nservice (infinite loop) by sending a positive answer while a network\nname is being process. (CVE-2014-9402)\n\nImpact\n\nThis vulnerability can only be exploited if you explicitly enable DNS\nfor networks in the Name Service Switch Configuration file (\n/etc/nsswitch.conf ). By default, the BIG-IP system does not have DNS\nenabled for networks in the Name Service Switch configuration and is\nnot vulnerable. An attacker with local access and knowledge of how to\nmake the glibc function trigger an exploit may be able to cause a\ndenial of service (DoS).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16365\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K16365.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K16365\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.0.0-12.1.5\",\"11.3.0-11.6.5\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.0.0-12.1.5\",\"11.4.0-11.6.5\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.0.0-12.1.5\",\"11.0.0-11.6.5\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.0.0-12.1.5\",\"11.0.0-11.6.5\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.0.0-12.1.5\",\"11.0.0-11.6.5\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.0.0-12.1.5\",\"11.0.0-11.6.5\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.0.0-12.1.5\",\"11.0.0-11.6.5\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.0.0-12.1.5\",\"11.3.0-11.6.5\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.0.0-12.1.5\",\"11.0.0-11.6.5\",\"10.1.0-10.2.4\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-09-11T01:29:32", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Update fix for CVE-2015-7547 (#1296028).\n\n - Create helper threads with enough stack for POSIX AIO and timers (#1301625).\n\n - Fix CVE-2015-7547: getaddrinfo stack-based buffer overflow (#1296028).\n\n - Support loading more libraries with static TLS (#1291270).\n\n - Check for NULL arena pointer in _int_pvalloc (#1256890).\n\n - Don't change no_dyn_threshold on mallopt failure (#1256891).\n\n - Unlock main arena after allocation in calloc (#1256812).\n\n - Enable robust malloc change again (#1256812).\n\n - Fix perturbing in malloc on free and simply perturb_byte (#1256812).\n\n - Don't fall back to mmap prematurely (#1256812).\n\n - The malloc deadlock avoidance support has been temporarily removed since it triggers deadlocks in certain applications (#1244002).\n\n - Fix ruserok check to reject, not skip, negative user checks (#1217186).\n\n - Optimize ruserok function for large ~/.rhosts (#1217186).\n\n - Fix crash in valloc due to the backtrace deadlock fix (#1207236).\n\n - Fix buffer overflow in gethostbyname_r with misaligned buffer (#1209376, CVE-2015-1781).\n\n - Avoid deadlock in malloc on backtrace (#1066724).\n\n - Support running applications that use Intel AVX-512 (#1195453).\n\n - Silence logging of record type mismatch for DNSSEC records (#1088301).\n\n - Shrink heap on free when vm.overcommit_memory == 2 (#867679).\n\n - Enhance nscd to detect any configuration file changes (#859965).\n\n - Fix __times handling of EFAULT when buf is NULL (#1124204).\n\n - Fix memory leak with dlopen and thread-local storage variables (#978098).\n\n - Prevent getaddrinfo from writing DNS queries to random fd (CVE-2013-7423, - Implement userspace half of in6.h header coordination (#1053178).\n\n - Correctely size relocation cache used by profiler (#1144132).\n\n - Fix reuse of cached stack leading to bounds overrun of DTV (#1116050).\n\n - Return failure in getnetgrent only when all netgroups have been searched (#1085312).\n\n - Fix valgrind warning in nscd_stats (#1091915).\n\n - Initialize xports array (#1159167).\n\n - Fix tst-default-attr test to not fail on powerpc (#1023306).\n\n - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183534).\n\n - Fix typo in nscd/selinux.c (#1125307).\n\n - Actually run test-iconv modules (#1176907).\n\n - Fix recursive dlopen (#1154563).\n\n - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, #1172044).\n\n - Fix wordexp to honour WRDE_NOCMD (CVE-2014-7817, #1171296).\n\n - Fix typo in res_send and res_query (#rh1138769).", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-17T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : glibc (OVMSA-2016-0013) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2014-6040", "CVE-2014-7817", "CVE-2015-0235", "CVE-2015-1781", "CVE-2015-7547"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:glibc", "p-cpe:/a:oracle:vm:glibc-common", "p-cpe:/a:oracle:vm:nscd", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2016-0013.NASL", "href": "https://www.tenable.com/plugins/nessus/88783", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0013.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88783);\n script_version(\"2.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2014-6040\", \"CVE-2014-7817\", \"CVE-2015-0235\", \"CVE-2015-1781\", \"CVE-2015-7547\");\n script_bugtraq_id(69472, 71216, 72325, 72844, 74255);\n script_xref(name:\"TRA\", value:\"TRA-2017-08\");\n script_xref(name:\"IAVA\", value:\"2016-A-0053\");\n\n script_name(english:\"OracleVM 3.3 : glibc (OVMSA-2016-0013) (GHOST)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Update fix for CVE-2015-7547 (#1296028).\n\n - Create helper threads with enough stack for POSIX AIO\n and timers (#1301625).\n\n - Fix CVE-2015-7547: getaddrinfo stack-based buffer\n overflow (#1296028).\n\n - Support loading more libraries with static TLS\n (#1291270).\n\n - Check for NULL arena pointer in _int_pvalloc (#1256890).\n\n - Don't change no_dyn_threshold on mallopt failure\n (#1256891).\n\n - Unlock main arena after allocation in calloc (#1256812).\n\n - Enable robust malloc change again (#1256812).\n\n - Fix perturbing in malloc on free and simply perturb_byte\n (#1256812).\n\n - Don't fall back to mmap prematurely (#1256812).\n\n - The malloc deadlock avoidance support has been\n temporarily removed since it triggers deadlocks in\n certain applications (#1244002).\n\n - Fix ruserok check to reject, not skip, negative user\n checks (#1217186).\n\n - Optimize ruserok function for large ~/.rhosts\n (#1217186).\n\n - Fix crash in valloc due to the backtrace deadlock fix\n (#1207236).\n\n - Fix buffer overflow in gethostbyname_r with misaligned\n buffer (#1209376, CVE-2015-1781).\n\n - Avoid deadlock in malloc on backtrace (#1066724).\n\n - Support running applications that use Intel AVX-512\n (#1195453).\n\n - Silence logging of record type mismatch for DNSSEC\n records (#1088301).\n\n - Shrink heap on free when vm.overcommit_memory == 2\n (#867679).\n\n - Enhance nscd to detect any configuration file changes\n (#859965).\n\n - Fix __times handling of EFAULT when buf is NULL\n (#1124204).\n\n - Fix memory leak with dlopen and thread-local storage\n variables (#978098).\n\n - Prevent getaddrinfo from writing DNS queries to random\n fd (CVE-2013-7423, - Implement userspace half of in6.h\n header coordination (#1053178).\n\n - Correctely size relocation cache used by profiler\n (#1144132).\n\n - Fix reuse of cached stack leading to bounds overrun of\n DTV (#1116050).\n\n - Return failure in getnetgrent only when all netgroups\n have been searched (#1085312).\n\n - Fix valgrind warning in nscd_stats (#1091915).\n\n - Initialize xports array (#1159167).\n\n - Fix tst-default-attr test to not fail on powerpc\n (#1023306).\n\n - Fix parsing of numeric hosts in gethostbyname_r\n (CVE-2015-0235, #1183534).\n\n - Fix typo in nscd/selinux.c (#1125307).\n\n - Actually run test-iconv modules (#1176907).\n\n - Fix recursive dlopen (#1154563).\n\n - Fix crashes on invalid input in IBM gconv modules\n (CVE-2014-6040, #1172044).\n\n - Fix wordexp to honour WRDE_NOCMD (CVE-2014-7817,\n #1171296).\n\n - Fix typo in res_send and res_query (#rh1138769).\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-February/000418.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?92d5b0bd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2017-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc / glibc-common / nscd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"glibc-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"glibc-common-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"nscd-2.12-1.166.el6_7.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / nscd\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:46:07", "description": "Multiple vulnerabilities has been found and corrected in glibc :\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo\\(\\) function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data (CVE-2013-7423).\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r\\(\\) and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application (CVE-2015-1781).\n\nThe updated packages provides a solution for these security issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-05-01T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : glibc (MDVSA-2015:218)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2015-1781"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:glibc", "p-cpe:/a:mandriva:linux:glibc-devel", "p-cpe:/a:mandriva:linux:glibc-doc", "p-cpe:/a:mandriva:linux:glibc-doc-pdf", "p-cpe:/a:mandriva:linux:glibc-i18ndata", "p-cpe:/a:mandriva:linux:glibc-profile", "p-cpe:/a:mandriva:linux:glibc-static-devel", "p-cpe:/a:mandriva:linux:glibc-utils", "p-cpe:/a:mandriva:linux:nscd", "cpe:/o:mandriva:business_server:1", "cpe:/o:mandriva:business_server:2"], "id": "MANDRIVA_MDVSA-2015-218.NASL", "href": "https://www.tenable.com/plugins/nessus/83170", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:218. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83170);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2015-1781\");\n script_xref(name:\"MDVSA\", value:\"2015:218\");\n\n script_name(english:\"Mandriva Linux Security Advisory : glibc (MDVSA-2015:218)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in glibc :\n\nIt was discovered that, under certain circumstances, glibc's\ngetaddrinfo\\(\\) function would send DNS queries to random file\ndescriptors. An attacker could potentially use this flaw to send DNS\nqueries to unintended recipients, resulting in information disclosure\nor data loss due to the application encountering corrupted data\n(CVE-2013-7423).\n\nA buffer overflow flaw was found in the way glibc's\ngethostbyname_r\\(\\) and other related functions computed the size of a\nbuffer when passed a misaligned buffer as input. An attacker able to\nmake an application call any of these functions with a misaligned\nbuffer could use this flaw to crash the application or, potentially,\nexecute arbitrary code with the permissions of the user running the\napplication (CVE-2015-1781).\n\nThe updated packages provides a solution for these security issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0863\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-2.14.1-12.12.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-devel-2.14.1-12.12.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"glibc-doc-2.14.1-12.12.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"glibc-doc-pdf-2.14.1-12.12.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-i18ndata-2.14.1-12.12.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-profile-2.14.1-12.12.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-static-devel-2.14.1-12.12.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-utils-2.14.1-12.12.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"nscd-2.14.1-12.12.mbs1\")) flag++;\n\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"glibc-2.18-10.2.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"glibc-devel-2.18-10.2.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"glibc-doc-2.18-10.2.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"glibc-i18ndata-2.18-10.2.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"glibc-profile-2.18-10.2.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"glibc-static-devel-2.18-10.2.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"glibc-utils-2.18-10.2.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"nscd-2.18-10.2.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:46:03", "description": "Updated glibc packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.\n(CVE-2015-1781)\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThis update also fixes the following bug :\n\n* Previously, the nscd daemon did not properly reload modified data when the user edited monitored nscd configuration files. As a consequence, nscd returned stale data to system processes. This update adds a system of inotify-based monitoring and stat-based backup monitoring for nscd configuration files. As a result, nscd now detects changes to its configuration files and reloads the data properly, which prevents it from returning stale data. (BZ#1194149)\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-04-22T00:00:00", "type": "nessus", "title": "RHEL 6 : glibc (RHSA-2015:0863)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2015-1781"], "modified": "2021-02-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.6"], "id": "REDHAT-RHSA-2015-0863.NASL", "href": "https://www.tenable.com/plugins/nessus/82984", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0863. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82984);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2015-1781\");\n script_bugtraq_id(72844, 74255);\n script_xref(name:\"RHSA\", value:\"2015:0863\");\n\n script_name(english:\"RHEL 6 : glibc (RHSA-2015:0863)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated glibc packages that fix two security issues and one bug are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r()\nand other related functions computed the size of a buffer when passed\na misaligned buffer as input. An attacker able to make an application\ncall any of these functions with a misaligned buffer could use this\nflaw to crash the application or, potentially, execute arbitrary code\nwith the permissions of the user running the application.\n(CVE-2015-1781)\n\nIt was discovered that, under certain circumstances, glibc's\ngetaddrinfo() function would send DNS queries to random file\ndescriptors. An attacker could potentially use this flaw to send DNS\nqueries to unintended recipients, resulting in information disclosure\nor data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThis update also fixes the following bug :\n\n* Previously, the nscd daemon did not properly reload modified data\nwhen the user edited monitored nscd configuration files. As a\nconsequence, nscd returned stale data to system processes. This update\nadds a system of inotify-based monitoring and stat-based backup\nmonitoring for nscd configuration files. As a result, nscd now detects\nchanges to its configuration files and reloads the data properly,\nwhich prevents it from returning stale data. (BZ#1194149)\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-7423\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0863\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-2.12-1.149.el6_6.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-common-2.12-1.149.el6_6.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-common-2.12-1.149.el6_6.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.149.el6_6.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-2.12-1.149.el6_6.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-common-2.12-1.149.el6_6.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-devel-2.12-1.149.el6_6.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-headers-2.12-1.149.el6_6.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-headers-2.12-1.149.el6_6.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.149.el6_6.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-static-2.12-1.149.el6_6.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-utils-2.12-1.149.el6_6.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-utils-2.12-1.149.el6_6.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.149.el6_6.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"nscd-2.12-1.149.el6_6.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"nscd-2.12-1.149.el6_6.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"nscd-2.12-1.149.el6_6.7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:46:03", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Fix invalid file descriptor reuse while sending DNS query (#1207995, CVE-2013-7423).\n\n - Fix buffer overflow in gethostbyname_r with misaligned buffer (#1209375, CVE-2015-1781).\n\n - Enhance nscd to detect any configuration file changes (#1194149).", "cvss3": {"score": null, "vector": null}, "published": "2015-04-22T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : glibc (OVMSA-2015-0055)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2015-1781"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:glibc", "p-cpe:/a:oracle:vm:glibc-common", "p-cpe:/a:oracle:vm:nscd", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2015-0055.NASL", "href": "https://www.tenable.com/plugins/nessus/82983", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0055.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82983);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2015-1781\");\n script_bugtraq_id(72844, 74255);\n\n script_name(english:\"OracleVM 3.3 : glibc (OVMSA-2015-0055)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Fix invalid file descriptor reuse while sending DNS\n query (#1207995, CVE-2013-7423).\n\n - Fix buffer overflow in gethostbyname_r with misaligned\n buffer (#1209375, CVE-2015-1781).\n\n - Enhance nscd to detect any configuration file changes\n (#1194149).\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2015-April/000306.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?feec9555\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc / glibc-common / nscd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"glibc-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"glibc-common-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"nscd-2.12-1.149.el6_6.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / nscd\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:46:03", "description": "From Red Hat Security Advisory 2015:0863 :\n\nUpdated glibc packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.\n(CVE-2015-1781)\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThis update also fixes the following bug :\n\n* Previously, the nscd daemon did not properly reload modified data when the user edited monitored nscd configuration files. As a consequence, nscd returned stale data to system processes. This update adds a system of inotify-based monitoring and stat-based backup monitoring for nscd configuration files. As a result, nscd now detects changes to its configuration files and reloads the data properly, which prevents it from returning stale data. (BZ#1194149)\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-04-22T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : glibc (ELSA-2015-0863)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2015-1781"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-static", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2015-0863.NASL", "href": "https://www.tenable.com/plugins/nessus/82980", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0863 and \n# Oracle Linux Security Advisory ELSA-2015-0863 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82980);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2015-1781\");\n script_bugtraq_id(72844, 74255);\n script_xref(name:\"RHSA\", value:\"2015:0863\");\n\n script_name(english:\"Oracle Linux 6 : glibc (ELSA-2015-0863)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0863 :\n\nUpdated glibc packages that fix two security issues and one bug are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r()\nand other related functions computed the size of a buffer when passed\na misaligned buffer as input. An attacker able to make an application\ncall any of these functions with a misaligned buffer could use this\nflaw to crash the application or, potentially, execute arbitrary code\nwith the permissions of the user running the application.\n(CVE-2015-1781)\n\nIt was discovered that, under certain circumstances, glibc's\ngetaddrinfo() function would send DNS queries to random file\ndescriptors. An attacker could potentially use this flaw to send DNS\nqueries to unintended recipients, resulting in information disclosure\nor data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThis update also fixes the following bug :\n\n* Previously, the nscd daemon did not properly reload modified data\nwhen the user edited monitored nscd configuration files. As a\nconsequence, nscd returned stale data to system processes. This update\nadds a system of inotify-based monitoring and stat-based backup\nmonitoring for nscd configuration files. As a result, nscd now detects\nchanges to its configuration files and reloads the data properly,\nwhich prevents it from returning stale data. (BZ#1194149)\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/005011.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"glibc-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-common-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-devel-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-headers-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-static-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-utils-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nscd-2.12-1.149.el6_6.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:46:06", "description": "Updated glibc packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.\n(CVE-2015-1781)\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThis update also fixes the following bug :\n\n* Previously, the nscd daemon did not properly reload modified data when the user edited monitored nscd configuration files. As a consequence, nscd returned stale data to system processes. This update adds a system of inotify-based monitoring and stat-based backup monitoring for nscd configuration files. As a result, nscd now detects changes to its configuration files and reloads the data properly, which prevents it from returning stale data. (BZ#1194149)\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-04-22T00:00:00", "type": "nessus", "title": "CentOS 6 : glibc (CESA-2015:0863)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2015-1781"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc-static", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2015-0863.NASL", "href": "https://www.tenable.com/plugins/nessus/82928", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0863 and \n# CentOS Errata and Security Advisory 2015:0863 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82928);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2015-1781\");\n script_bugtraq_id(72844, 74255);\n script_xref(name:\"RHSA\", value:\"2015:0863\");\n\n script_name(english:\"CentOS 6 : glibc (CESA-2015:0863)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix two security issues and one bug are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r()\nand other related functions computed the size of a buffer when passed\na misaligned buffer as input. An attacker able to make an application\ncall any of these functions with a misaligned buffer could use this\nflaw to crash the application or, potentially, execute arbitrary code\nwith the permissions of the user running the application.\n(CVE-2015-1781)\n\nIt was discovered that, under certain circumstances, glibc's\ngetaddrinfo() function would send DNS queries to random file\ndescriptors. An attacker could potentially use this flaw to send DNS\nqueries to unintended recipients, resulting in information disclosure\nor data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThis update also fixes the following bug :\n\n* Previously, the nscd daemon did not properly reload modified data\nwhen the user edited monitored nscd configuration files. As a\nconsequence, nscd returned stale data to system processes. This update\nadds a system of inotify-based monitoring and stat-based backup\nmonitoring for nscd configuration files. As a result, nscd now detects\nchanges to its configuration files and reloads the data properly,\nwhich prevents it from returning stale data. (BZ#1194149)\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-April/021081.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6b3a395c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-1781\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-common-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-devel-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-headers-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-static-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-utils-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nscd-2.12-1.149.el6_6.7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T01:40:30", "description": "A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.\n(CVE-2015-1781)\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.\n(CVE-2013-7423)", "cvss3": {"score": null, "vector": null}, "published": "2015-04-27T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : glibc (ALAS-2015-513)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2015-1781"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:glibc", "p-cpe:/a:amazon:linux:glibc-common", "p-cpe:/a:amazon:linux:glibc-debuginfo", "p-cpe:/a:amazon:linux:glibc-debuginfo-common", "p-cpe:/a:amazon:linux:glibc-devel", "p-cpe:/a:amazon:linux:glibc-headers", "p-cpe:/a:amazon:linux:glibc-static", "p-cpe:/a:amazon:linux:glibc-utils", "p-cpe:/a:amazon:linux:nscd", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-513.NASL", "href": "https://www.tenable.com/plugins/nessus/83056", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-513.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83056);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2015-1781\");\n script_xref(name:\"ALAS\", value:\"2015-513\");\n script_xref(name:\"RHSA\", value:\"2015:0863\");\n\n script_name(english:\"Amazon Linux AMI : glibc (ALAS-2015-513)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was found in the way glibc's gethostbyname_r()\nand other related functions computed the size of a buffer when passed\na misaligned buffer as input. An attacker able to make an application\ncall any of these functions with a misaligned buffer could use this\nflaw to crash the application or, potentially, execute arbitrary code\nwith the permissions of the user running the application.\n(CVE-2015-1781)\n\nIt was discovered that, under certain circumstances, glibc's\ngetaddrinfo() function would send DNS queries to random file\ndescriptors. An attacker could potentially use this flaw to send DNS\nqueries to unintended recipients, resulting in information disclosure\nor data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-513.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update glibc' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"glibc-2.17-55.142.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-common-2.17-55.142.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-2.17-55.142.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-common-2.17-55.142.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-devel-2.17-55.142.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-headers-2.17-55.142.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-static-2.17-55.142.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-utils-2.17-55.142.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nscd-2.17-55.142.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:46:16", "description": "A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.\n(CVE-2015-1781)\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nThis update also fixes the following bug :\n\n - Previously, the nscd daemon did not properly reload modified data when the user edited monitored nscd configuration files. As a consequence, nscd returned stale data to system processes. This update adds a system of inotify-based monitoring and stat-based backup monitoring for nscd configuration files. As a result, nscd now detects changes to its configuration files and reloads the data properly, which prevents it from returning stale data.", "cvss3": {"score": null, "vector": null}, "published": "2015-04-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20150421)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2015-1781"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:glibc-headers", "p-cpe:/a:fermilab:scientific_linux:glibc-static", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:nscd", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150421_GLIBC_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/82987", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82987);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2015-1781\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20150421)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was found in the way glibc's gethostbyname_r()\nand other related functions computed the size of a buffer when passed\na misaligned buffer as input. An attacker able to make an application\ncall any of these functions with a misaligned buffer could use this\nflaw to crash the application or, potentially, execute arbitrary code\nwith the permissions of the user running the application.\n(CVE-2015-1781)\n\nIt was discovered that, under certain circumstances, glibc's\ngetaddrinfo() function would send DNS queries to random file\ndescriptors. An attacker could potentially use this flaw to send DNS\nqueries to unintended recipients, resulting in information disclosure\nor data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nThis update also fixes the following bug :\n\n - Previously, the nscd daemon did not properly reload\n modified data when the user edited monitored nscd\n configuration files. As a consequence, nscd returned\n stale data to system processes. This update adds a\n system of inotify-based monitoring and stat-based backup\n monitoring for nscd configuration files. As a result,\n nscd now detects changes to its configuration files and\n reloads the data properly, which prevents it from\n returning stale data.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1504&L=scientific-linux-errata&T=0&P=2169\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc3c8938\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"glibc-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-common-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-debuginfo-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-debuginfo-common-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-devel-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-headers-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-static-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-utils-2.12-1.149.el6_6.7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nscd-2.12-1.149.el6_6.7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:47:18", "description": "An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817)\n\nThis update also fixes the following bugs :\n\n - Previously, when an address lookup using the getaddrinfo() function for the AF_UNSPEC value was performed on a defective DNS server, the server in some cases responded with a valid response for the A record, but a referral response for the AAAA record, which resulted in a lookup failure. A prior update was implemented for getaddrinfo() to return the valid response, but it contained a typographical error, due to which the lookup could under some circumstances still fail. This error has been corrected and getaddrinfo() now returns a valid response in the described circumstances.\n\n - An error in the dlopen() library function previously caused recursive calls to dlopen() to terminate unexpectedly or to abort with a library assertion. This error has been fixed and recursive calls to dlopen() no longer crash or abort.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-08T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20150107)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:glibc-headers", "p-cpe:/a:fermilab:scientific_linux:glibc-static", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:nscd", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150107_GLIBC_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/80409", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80409);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-7817\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20150107)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command\nsubstitution even when the WRDE_NOCMD flag was specified. An attacker\nable to provide specially crafted input to an application using the\nwordexp() function, and not sanitizing the input correctly, could\npotentially use this flaw to execute arbitrary commands with the\ncredentials of the user running that application. (CVE-2014-7817)\n\nThis update also fixes the following bugs :\n\n - Previously, when an address lookup using the\n getaddrinfo() function for the AF_UNSPEC value was\n performed on a defective DNS server, the server in some\n cases responded with a valid response for the A record,\n but a referral response for the AAAA record, which\n resulted in a lookup failure. A prior update was\n implemented for getaddrinfo() to return the valid\n response, but it contained a typographical error, due to\n which the lookup could under some circumstances still\n fail. This error has been corrected and getaddrinfo()\n now returns a valid response in the described\n circumstances.\n\n - An error in the dlopen() library function previously\n caused recursive calls to dlopen() to terminate\n unexpectedly or to abort with a library assertion. This\n error has been fixed and recursive calls to dlopen() no\n longer crash or abort.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1501&L=scientific-linux-errata&T=0&P=532\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3edcc27a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"glibc-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-common-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-debuginfo-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-debuginfo-common-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-devel-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-headers-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-static-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-utils-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nscd-2.12-1.149.el6_6.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:47:01", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Fix recursive dlopen (#1173469).\n\n - Fix typo in res_send and res_query (#rh1172023).\n\n - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, #1139571).\n\n - Fix wordexp to honour WRDE_NOCMD (CVE-2014-7817, #1170121).", "cvss3": {"score": null, "vector": null}, "published": "2015-01-09T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : glibc (OVMSA-2015-0003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:glibc", "p-cpe:/a:oracle:vm:glibc-common", "p-cpe:/a:oracle:vm:nscd", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2015-0003.NASL", "href": "https://www.tenable.com/plugins/nessus/80439", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0003.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80439);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-7817\");\n script_bugtraq_id(69472, 71216);\n\n script_name(english:\"OracleVM 3.3 : glibc (OVMSA-2015-0003)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Fix recursive dlopen (#1173469).\n\n - Fix typo in res_send and res_query (#rh1172023).\n\n - Fix crashes on invalid input in IBM gconv modules\n (CVE-2014-6040, #1139571).\n\n - Fix wordexp to honour WRDE_NOCMD (CVE-2014-7817,\n #1170121).\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2015-January/000255.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2033fa93\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc / glibc-common / nscd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"glibc-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"glibc-common-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"nscd-2.12-1.149.el6_6.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / nscd\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T01:44:04", "description": "An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817)", "cvss3": {"score": null, "vector": null}, "published": "2015-01-09T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : glibc (ALAS-2015-468)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:glibc", "p-cpe:/a:amazon:linux:glibc-common", "p-cpe:/a:amazon:linux:glibc-debuginfo", "p-cpe:/a:amazon:linux:glibc-debuginfo-common", "p-cpe:/a:amazon:linux:glibc-devel", "p-cpe:/a:amazon:linux:glibc-headers", "p-cpe:/a:amazon:linux:glibc-static", "p-cpe:/a:amazon:linux:glibc-utils", "p-cpe:/a:amazon:linux:nscd", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-468.NASL", "href": "https://www.tenable.com/plugins/nessus/80419", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-468.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80419);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-7817\");\n script_xref(name:\"ALAS\", value:\"2015-468\");\n script_xref(name:\"RHSA\", value:\"2015:0016\");\n\n script_name(english:\"Amazon Linux AMI : glibc (ALAS-2015-468)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command\nsubstitution even when the WRDE_NOCMD flag was specified. An attacker\nable to provide specially crafted input to an application using the\nwordexp() function, and not sanitizing the input correctly, could\npotentially use this flaw to execute arbitrary commands with the\ncredentials of the user running that application. (CVE-2014-7817)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-468.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update glibc' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"glibc-2.17-55.92.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-common-2.17-55.92.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-2.17-55.92.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-common-2.17-55.92.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-devel-2.17-55.92.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-headers-2.17-55.92.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-static-2.17-55.92.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-utils-2.17-55.92.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nscd-2.17-55.92.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:47:01", "description": "From Red Hat Security Advisory 2015:0016 :\n\nUpdated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat Developer Experience Team.\n\nThis update also fixes the following bugs :\n\n* Previously, when an address lookup using the getaddrinfo() function for the AF_UNSPEC value was performed on a defective DNS server, the server in some cases responded with a valid response for the A record, but a referral response for the AAAA record, which resulted in a lookup failure. A prior update was implemented for getaddrinfo() to return the valid response, but it contained a typographical error, due to which the lookup could under some circumstances still fail. This error has been corrected and getaddrinfo() now returns a valid response in the described circumstances. (BZ#1172023)\n\n* An error in the dlopen() library function previously caused recursive calls to dlopen() to terminate unexpectedly or to abort with a library assertion. This error has been fixed and recursive calls to dlopen() no longer crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-08T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : glibc (ELSA-2015-0016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-static", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2015-0016.NASL", "href": "https://www.tenable.com/plugins/nessus/80407", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0016 and \n# Oracle Linux Security Advisory ELSA-2015-0016 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80407);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-7817\");\n script_bugtraq_id(69472, 71216);\n script_xref(name:\"RHSA\", value:\"2015:0016\");\n\n script_name(english:\"Oracle Linux 6 : glibc (ELSA-2015-0016)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0016 :\n\nUpdated glibc packages that fix two security issues and two bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command\nsubstitution even when the WRDE_NOCMD flag was specified. An attacker\nable to provide specially crafted input to an application using the\nwordexp() function, and not sanitizing the input correctly, could\npotentially use this flaw to execute arbitrary commands with the\ncredentials of the user running that application. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs :\n\n* Previously, when an address lookup using the getaddrinfo() function\nfor the AF_UNSPEC value was performed on a defective DNS server, the\nserver in some cases responded with a valid response for the A record,\nbut a referral response for the AAAA record, which resulted in a\nlookup failure. A prior update was implemented for getaddrinfo() to\nreturn the valid response, but it contained a typographical error, due\nto which the lookup could under some circumstances still fail. This\nerror has been corrected and getaddrinfo() now returns a valid\nresponse in the described circumstances. (BZ#1172023)\n\n* An error in the dlopen() library function previously caused\nrecursive calls to dlopen() to terminate unexpectedly or to abort with\na library assertion. This error has been fixed and recursive calls to\ndlopen() no longer crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-January/004773.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"glibc-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-common-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-devel-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-headers-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-static-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-utils-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nscd-2.12-1.149.el6_6.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:46:52", "description": "- Fix CVE-2014-6040: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)\n\n - Fix CVE-2014-7817: command execution in wordexp() with WRDE_NOCMD specified\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-03-05T00:00:00", "type": "nessus", "title": "Fedora 20 : glibc-2.18-19.fc20 (2015-2845)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:glibc", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2015-2845.NASL", "href": "https://www.tenable.com/plugins/nessus/81616", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-2845.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81616);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-7817\");\n script_bugtraq_id(69472, 71216);\n script_xref(name:\"FEDORA\", value:\"2015-2845\");\n\n script_name(english:\"Fedora 20 : glibc-2.18-19.fc20 (2015-2845)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix CVE-2014-6040: crash in code page decoding functions\n (IBM933, IBM935, IBM937, IBM939, IBM1364)\n\n - Fix CVE-2014-7817: command execution in wordexp() with\n WRDE_NOCMD specified\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1135841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1157689\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/150631.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c564838b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"glibc-2.18-19.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:47:13", "description": "Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat Developer Experience Team.\n\nThis update also fixes the following bugs :\n\n* Previously, when an address lookup using the getaddrinfo() function for the AF_UNSPEC value was performed on a defective DNS server, the server in some cases responded with a valid response for the A record, but a referral response for the AAAA record, which resulted in a lookup failure. A prior update was implemented for getaddrinfo() to return the valid response, but it contained a typographical error, due to which the lookup could under some circumstances still fail. This error has been corrected and getaddrinfo() now returns a valid response in the described circumstances. (BZ#1172023)\n\n* An error in the dlopen() library function previously caused recursive calls to dlopen() to terminate unexpectedly or to abort with a library assertion. This error has been fixed and recursive calls to dlopen() no longer crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-08T00:00:00", "type": "nessus", "title": "CentOS 6 : glibc (CESA-2015:0016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc-static", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2015-0016.NASL", "href": "https://www.tenable.com/plugins/nessus/80400", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0016 and \n# CentOS Errata and Security Advisory 2015:0016 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80400);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-7817\");\n script_bugtraq_id(69472, 71216);\n script_xref(name:\"RHSA\", value:\"2015:0016\");\n\n script_name(english:\"CentOS 6 : glibc (CESA-2015:0016)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix two security issues and two bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command\nsubstitution even when the WRDE_NOCMD flag was specified. An attacker\nable to provide specially crafted input to an application using the\nwordexp() function, and not sanitizing the input correctly, could\npotentially use this flaw to execute arbitrary commands with the\ncredentials of the user running that application. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs :\n\n* Previously, when an address lookup using the getaddrinfo() function\nfor the AF_UNSPEC value was performed on a defective DNS server, the\nserver in some cases responded with a valid response for the A record,\nbut a referral response for the AAAA record, which resulted in a\nlookup failure. A prior update was implemented for getaddrinfo() to\nreturn the valid response, but it contained a typographical error, due\nto which the lookup could under some circumstances still fail. This\nerror has been corrected and getaddrinfo() now returns a valid\nresponse in the described circumstances. (BZ#1172023)\n\n* An error in the dlopen() library function previously caused\nrecursive calls to dlopen() to terminate unexpectedly or to abort with\na library assertion. This error has been fixed and recursive calls to\ndlopen() no longer crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-January/020863.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f8c20447\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-6040\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-common-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-devel-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-headers-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-static-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-utils-2.12-1.149.el6_6.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nscd-2.12-1.149.el6_6.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:47:18", "description": "Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat Developer Experience Team.\n\nThis update also fixes the following bugs :\n\n* Previously, when an address lookup using the getaddrinfo() function for the AF_UNSPEC value was performed on a defective DNS server, the server in some cases responded with a valid response for the A record, but a referral response for the AAAA record, which resulted in a lookup failure. A prior update was implemented for getaddrinfo() to return the valid response, but it contained a typographical error, due to which the lookup could under some circumstances still fail. This error has been corrected and getaddrinfo() now returns a valid response in the described circumstances. (BZ#1172023)\n\n* An error in the dlopen() library function previously caused recursive calls to dlopen() to terminate unexpectedly or to abort with a library assertion. This error has been fixed and recursive calls to dlopen() no longer crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-08T00:00:00", "type": "nessus", "title": "RHEL 6 : glibc (RHSA-2015:0016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "modified": "2021-02-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.6"], "id": "REDHAT-RHSA-2015-0016.NASL", "href": "https://www.tenable.com/plugins/nessus/80408", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0016. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80408);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-7817\");\n script_bugtraq_id(69472, 71216);\n script_xref(name:\"RHSA\", value:\"2015:0016\");\n\n script_name(english:\"RHEL 6 : glibc (RHSA-2015:0016)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated glibc packages that fix two security issues and two bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv()\nfunction converted certain encoded data to UTF-8. An attacker able to\nmake an application call the iconv() function with a specially crafted\nargument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command\nsubstitution even when the WRDE_NOCMD flag was specified. An attacker\nable to provide specially crafted input to an application using the\nwordexp() function, and not sanitizing the input correctly, could\npotentially use this flaw to execute arbitrary commands with the\ncredentials of the user running that application. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs :\n\n* Previously, when an address lookup using the getaddrinfo() function\nfor the AF_UNSPEC value was performed on a defective DNS server, the\nserver in some cases responded with a valid response for the A record,\nbut a referral response for the AAAA record, which resulted in a\nlookup failure. A prior update was implemented for getaddrinfo() to\nreturn the valid response, but it contained a typographical error, due\nto which the lookup could under some circumstances still fail. This\nerror has been corrected and getaddrinfo() now returns a valid\nresponse in the described circumstances. (BZ#1172023)\n\n* An error in the dlopen() library function previously caused\nrecursive calls to dlopen() to terminate unexpectedly or to abort with\na library assertion. This error has been fixed and recursive calls to\ndlopen() no longer crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6040\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0016\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-common-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-common-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-common-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-devel-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-headers-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-headers-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-static-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-utils-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-utils-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"nscd-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"nscd-2.12-1.149.el6_6.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"nscd-2.12-1.149.el6_6.4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:35:49", "description": "According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.(CVE-2014-9402)\n\n - glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.(CVE-2017-1000366)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : glibc (EulerOS-SA-2017-1146)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402", "CVE-2017-1000366"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:glibc-static", "p-cpe:/a:huawei:euleros:glibc-utils", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1146.NASL", "href": "https://www.tenable.com/plugins/nessus/102233", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102233);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-9402\",\n \"CVE-2017-1000366\"\n );\n script_bugtraq_id(\n 71670\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : glibc (EulerOS-SA-2017-1146)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The nss_dns implementation of getnetbyname in GNU C\n Library (aka glibc) before 2.21, when the DNS backend\n in the Name Service Switch configuration is enabled,\n allows remote attackers to cause a denial of service\n (infinite loop) by sending a positive answer while a\n network name is being process.(CVE-2014-9402)\n\n - glibc contains a vulnerability that allows specially\n crafted LD_LIBRARY_PATH values to manipulate the\n heap/stack, causing them to alias, potentially\n resulting in arbitrary code execution. Please note that\n additional hardening changes have been made to glibc to\n prevent manipulation of stack and heap memory but these\n issues are not directly exploitable, as such they have\n not been given a CVE. This affects glibc 2.25 and\n earlier.(CVE-2017-1000366)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1146\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8da671fe\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.17-111.h15\",\n \"glibc-common-2.17-111.h15\",\n \"glibc-devel-2.17-111.h15\",\n \"glibc-headers-2.17-111.h15\",\n \"glibc-static-2.17-111.h15\",\n \"glibc-utils-2.17-111.h15\",\n \"nscd-2.17-111.h15\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:51", "description": "According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.(CVE-2014-9402)\n\n - glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.(CVE-2017-1000366)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : glibc (EulerOS-SA-2017-1147)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402", "CVE-2017-1000366"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:glibc-static", "p-cpe:/a:huawei:euleros:glibc-utils", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1147.NASL", "href": "https://www.tenable.com/plugins/nessus/102234", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102234);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-9402\",\n \"CVE-2017-1000366\"\n );\n script_bugtraq_id(\n 71670\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : glibc (EulerOS-SA-2017-1147)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The nss_dns implementation of getnetbyname in GNU C\n Library (aka glibc) before 2.21, when the DNS backend\n in the Name Service Switch configuration is enabled,\n allows remote attackers to cause a denial of service\n (infinite loop) by sending a positive answer while a\n network name is being process.(CVE-2014-9402)\n\n - glibc contains a vulnerability that allows specially\n crafted LD_LIBRARY_PATH values to manipulate the\n heap/stack, causing them to alias, potentially\n resulting in arbitrary code execution. Please note that\n additional hardening changes have been made to glibc to\n prevent manipulation of stack and heap memory but these\n issues are not directly exploitable, as such they have\n not been given a CVE. This affects glibc 2.25 and\n earlier.(CVE-2017-1000366)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1147\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0b5a3465\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.17-111.h15\",\n \"glibc-common-2.17-111.h15\",\n \"glibc-devel-2.17-111.h15\",\n \"glibc-headers-2.17-111.h15\",\n \"glibc-static-2.17-111.h15\",\n \"glibc-utils-2.17-111.h15\",\n \"nscd-2.17-111.h15\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:54:51", "description": "Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library :\n\n - CVE-2012-3406 The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not 'properly restrict the use of' the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.\n\n - CVE-2013-7424 An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support.\n\n - CVE-2014-4043 The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.\n\n - CVE-2014-9402 The getnetbyname function in glibc 2.21 or earlier will enter an infinite loop if the DNS backend is activated in the system Name Service Switch configuration, and the DNS resolver receives a positive answer while processing the network name.\n\n - CVE-2015-1472 / CVE-2015-1473 Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer. The incorrect use of '__libc_use_alloca (newsize)' caused a different (and weaker) policy to be enforced which could allow a denial of service attack.", "cvss3": {"score": null, "vector": null}, "published": "2015-02-24T00:00:00", "type": "nessus", "title": "Debian DSA-3169-1 : eglibc - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3404", "CVE-2012-3405", "CVE-2012-3406", "CVE-2013-7424", "CVE-2014-4043", "CVE-2014-9402", "CVE-2015-1472", "CVE-2015-1473"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:eglibc", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3169.NASL", "href": "https://www.tenable.com/plugins/nessus/81448", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3169. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81448);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3406\", \"CVE-2013-7424\", \"CVE-2014-4043\", \"CVE-2014-9402\", \"CVE-2015-1472\", \"CVE-2015-1473\");\n script_bugtraq_id(54374, 68006, 71670, 72428, 72499, 72710);\n script_xref(name:\"DSA\", value:\"3169\");\n\n script_name(english:\"Debian DSA-3169-1 : eglibc - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been fixed in eglibc, Debian's version of\nthe GNU C library :\n\n - CVE-2012-3406\n The vfprintf function in stdio-common/vfprintf.c in GNU\n C Library (aka glibc) 2.5, 2.12, and probably other\n versions does not 'properly restrict the use of' the\n alloca function when allocating the SPECS array, which\n allows context-dependent attackers to bypass the\n FORTIFY_SOURCE format-string protection mechanism and\n cause a denial of service (crash) or possibly execute\n arbitrary code via a crafted format string using\n positional parameters and a large number of format\n specifiers, a different vulnerability than CVE-2012-3404\n and CVE-2012-3405.\n\n - CVE-2013-7424\n An invalid free flaw was found in glibc's getaddrinfo()\n function when used with the AI_IDN flag. A remote\n attacker able to make an application call this function\n could use this flaw to execute arbitrary code with the\n permissions of the user running the application. Note\n that this flaw only affected applications using glibc\n compiled with libidn support.\n\n - CVE-2014-4043\n The posix_spawn_file_actions_addopen function in glibc\n before 2.20 does not copy its path argument in\n accordance with the POSIX specification, which allows\n context-dependent attackers to trigger use-after-free\n vulnerabilities.\n\n - CVE-2014-9402\n The getnetbyname function in glibc 2.21 or earlier will\n enter an infinite loop if the DNS backend is activated\n in the system Name Service Switch configuration, and the\n DNS resolver receives a positive answer while processing\n the network name.\n\n - CVE-2015-1472 / CVE-2015-1473\n Under certain conditions wscanf can allocate too little\n memory for the to-be-scanned arguments and overflow the\n allocated buffer. The incorrect use of\n '__libc_use_alloca (newsize)' caused a different (and\n weaker) policy to be enforced which could allow a denial\n of service attack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-3406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-3404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-3405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-4043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/eglibc\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3169\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the eglibc packages.\n\nFor the stable distribution (wheezy), these issues are fixed in\nversion 2.13-38+deb7u8 of the eglibc package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:eglibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"eglibc-source\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"glibc-doc\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc-bin\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc-dev-bin\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-dbg\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-dev\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-dev-i386\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-i386\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-i686\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-pic\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-prof\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-amd64\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dbg\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-amd64\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-i386\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-mips64\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-mipsn32\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-ppc64\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-s390\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-s390x\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-sparc64\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-i386\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-i686\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-loongson2f\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-mips64\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-mipsn32\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-pic\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-ppc64\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-prof\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-s390\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-s390x\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-sparc64\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-xen\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6.1\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6.1-dbg\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6.1-dev\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6.1-pic\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6.1-prof\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"locales\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"locales-all\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"multiarch-support\", reference:\"2.13-38+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"nscd\", reference:\"2.13-38+deb7u8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:46:35", "description": "CVE-2012-6656\n\nFix validation check when converting from ibm930 to utf. When converting IBM930 code with iconv(), if IBM930 code which includes invalid multibyte character '0xffff' is specified, then iconv() segfaults.\n\nCVE-2014-6040\n\nCrashes on invalid input in IBM gconv modules [BZ #17325] These changes are based on the fix for BZ #14134 in commit 6e230d11837f3ae7b375ea69d7905f0d18eb79e5.\n\nCVE-2014-7817\n\nThe function wordexp() fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of '$((... ``))' where '...' can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD in exec_comm(), the only place that can execute a shell. All other checks for WRDE_NOCMD are superfluous and removed.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-03-26T00:00:00", "type": "nessus", "title": "Debian DLA-97-1 : eglibc security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6656", "CVE-2014-6040", "CVE-2014-7817"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:eglibc-source", "p-cpe:/a:debian:debian_linux:glibc-doc", "p-cpe:/a:debian:debian_linux:libc-bin", "p-cpe:/a:debian:debian_linux:libc-dev-bin", "p-cpe:/a:debian:debian_linux:libc6", "p-cpe:/a:debian:debian_linux:libc6-amd64", "p-cpe:/a:debian:debian_linux:libc6-dbg", "p-cpe:/a:debian:debian_linux:libc6-dev", "p-cpe:/a:debian:debian_linux:libc6-dev-amd64", "p-cpe:/a:debian:debian_linux:libc6-dev-i386", "p-cpe:/a:debian:debian_linux:libc6-i386", "p-cpe:/a:debian:debian_linux:libc6-i686", "p-cpe:/a:debian:debian_linux:libc6-pic", "p-cpe:/a:debian:debian_linux:libc6-prof", "p-cpe:/a:debian:debian_linux:libc6-udeb", "p-cpe:/a:debian:debian_linux:libc6-xen", "p-cpe:/a:debian:debian_linux:libnss-dns-udeb", "p-cpe:/a:debian:debian_linux:libnss-files-udeb", "p-cpe:/a:debian:debian_linux:locales", "p-cpe:/a:debian:debian_linux:locales-all", "p-cpe:/a:debian:debian_linux:nscd", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-97.NASL", "href": "https://www.tenable.com/plugins/nessus/82242", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-97-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82242);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-6656\", \"CVE-2014-6040\", \"CVE-2014-7817\");\n script_bugtraq_id(69470, 69472, 71216);\n\n script_name(english:\"Debian DLA-97-1 : eglibc security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2012-6656\n\nFix validation check when converting from ibm930 to utf. When\nconverting IBM930 code with iconv(), if IBM930 code which includes\ninvalid multibyte character '0xffff' is specified, then iconv()\nsegfaults.\n\nCVE-2014-6040\n\nCrashes on invalid input in IBM gconv modules [BZ #17325] These\nchanges are based on the fix for BZ #14134 in commit\n6e230d11837f3ae7b375ea69d7905f0d18eb79e5.\n\nCVE-2014-7817\n\nThe function wordexp() fails to properly handle the WRDE_NOCMD flag\nwhen processing arithmetic inputs in the form of '$((... ``))' where\n'...' can be anything valid. The backticks in the arithmetic\nepxression are evaluated by in a shell even if WRDE_NOCMD forbade\ncommand substitution. This allows an attacker to attempt to pass\ndangerous commands via constructs of the above form, and bypass the\nWRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD in\nexec_comm(), the only place that can execute a shell. All other checks\nfor WRDE_NOCMD are superfluous and removed.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/11/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/eglibc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:eglibc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc-dev-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-pic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-prof\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss-dns-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss-files-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:locales\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:locales-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"eglibc-source\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"glibc-doc\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc-bin\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc-dev-bin\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-amd64\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dbg\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dev\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dev-amd64\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dev-i386\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-i386\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-i686\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-pic\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-prof\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-udeb\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-xen\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnss-dns-udeb\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnss-files-udeb\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"locales\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"locales-all\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"nscd\", reference:\"2.11.3-4+deb6u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:47:42", "description": "Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2012-6656)\n\nAdhemerval Zanella Netto discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. (CVE-2014-6040)\n\nTim Waugh discovered that the GNU C Library incorrectly enforced the WRDE_NOCMD flag when handling the wordexp function. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2014-7817).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-12-04T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : eglibc, glibc vulnerabilities (USN-2432-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6656", "CVE-2014-6040", "CVE-2014-7817"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libc6", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:14.10"], "id": "UBUNTU_USN-2432-1.NASL", "href": "https://www.tenable.com/plugins/nessus/79718", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2432-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79718);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-6656\", \"CVE-2014-6040\", \"CVE-2014-7817\");\n script_bugtraq_id(69470, 69472, 71216);\n script_xref(name:\"USN\", value:\"2432-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : eglibc, glibc vulnerabilities (USN-2432-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Siddhesh Poyarekar discovered that the GNU C Library incorrectly\nhandled certain multibyte characters when using the iconv function. An\nattacker could possibly use this issue to cause applications to crash,\nresulting in a denial of service. This issue only affected Ubuntu\n10.04 LTS and Ubuntu 12.04 LTS. (CVE-2012-6656)\n\nAdhemerval Zanella Netto discovered that the GNU C Library incorrectly\nhandled certain multibyte characters when using the iconv function. An\nattacker could possibly use this issue to cause applications to crash,\nresulting in a denial of service. (CVE-2014-6040)\n\nTim Waugh discovered that the GNU C Library incorrectly enforced the\nWRDE_NOCMD flag when handling the wordexp function. An attacker could\npossibly use this issue to execute arbitrary commands. (CVE-2014-7817).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2432-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected libc6 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6\", pkgver:\"2.11.1-0ubuntu7.19\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libc6\", pkgver:\"2.15-0ubuntu10.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libc6\", pkgver:\"2.19-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libc6\", pkgver:\"2.19-10ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libc6\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:46:56", "description": "glibc has been updated to fix security issues and bugs :\n\n - Fix crashes on invalid input in IBM gconv modules.\n (CVE-2014-6040 / CVE-2012-6656, bsc#894553, bsc#894556, GLIBC BZ #17325, GLIBC BZ #14134)\n\n - Avoid infinite loop in nss_dns getnetbyname.\n (CVE-2014-9402)\n\n - Don't touch user-controlled stdio locks in forked child.\n (bsc#864081, GLIBC BZ #12847)\n\n - Unlock mutex before going back to waiting for PI mutexes. (bsc#891843, GLIBC BZ #14417)\n\n - Implement x86 cpuid handling of leaf4 for cache information. (bsc#903288, GLIBC BZ #12587)\n\n - Fix infinite loop in check_pf. (bsc#909053, GLIBC BZ #12926)", "cvss3": {"score": null, "vector": null}, "published": "2015-02-11T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : glibc (SAT Patch Number 10259)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6656", "CVE-2014-6040", "CVE-2014-9402"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:glibc", "p-cpe:/a:novell:suse_linux:11:glibc-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-devel", "p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-html", "p-cpe:/a:novell:suse_linux:11:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:11:glibc-info", "p-cpe:/a:novell:suse_linux:11:glibc-locale", "p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-profile", "p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit", "p-cpe:/a:novell:suse_linux:11:nscd", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_GLIBC-150129.NASL", "href": "https://www.tenable.com/plugins/nessus/81295", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81295);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-6656\", \"CVE-2014-6040\", \"CVE-2014-9402\");\n\n script_name(english:\"SuSE 11.3 Security Update : glibc (SAT Patch Number 10259)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"glibc has been updated to fix security issues and bugs :\n\n - Fix crashes on invalid input in IBM gconv modules.\n (CVE-2014-6040 / CVE-2012-6656, bsc#894553, bsc#894556,\n GLIBC BZ #17325, GLIBC BZ #14134)\n\n - Avoid infinite loop in nss_dns getnetbyname.\n (CVE-2014-9402)\n\n - Don't touch user-controlled stdio locks in forked child.\n (bsc#864081, GLIBC BZ #12847)\n\n - Unlock mutex before going back to waiting for PI\n mutexes. (bsc#891843, GLIBC BZ #14417)\n\n - Implement x86 cpuid handling of leaf4 for cache\n information. (bsc#903288, GLIBC BZ #12587)\n\n - Fix infinite loop in check_pf. (bsc#909053, GLIBC BZ\n #12926)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=891843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=894553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=894556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=903288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=909053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6656.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-6040.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9402.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10259.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-devel-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-i18ndata-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-locale-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"nscd-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i686\", reference:\"glibc-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i686\", reference:\"glibc-devel-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-i18ndata-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"nscd-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-devel-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-html-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-i18ndata-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-info-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-locale-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-profile-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"nscd-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.3-17.80.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:56:00", "description": "According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.(CVE-2014-9402)\n\n - A stack overflow vulnerability was found in\n _nss_dns_getnetbyname_r.On systems with nsswitch configured to include 'networks: dns' with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution.(CVE-2016-3075)\n\n - stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.(CVE-2018-11236)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-26T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.0 : glibc (EulerOS-SA-2018-1344)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402", "CVE-2016-3075", "CVE-2018-11236"], "modified": "2022-02-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:uvp:2.5.0"], "id": "EULEROS_SA-2018-1344.NASL", "href": "https://www.tenable.com/plugins/nessus/118432", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118432);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/03\");\n\n script_cve_id(\"CVE-2014-9402\", \"CVE-2016-3075\", \"CVE-2018-11236\");\n script_bugtraq_id(71670);\n\n script_name(english:\"EulerOS Virtualization 2.5.0 : glibc (EulerOS-SA-2018-1344)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The nss_dns implementation of getnetbyname in GNU C\n Library (aka glibc) before 2.21, when the DNS backend\n in the Name Service Switch configuration is enabled,\n allows remote attackers to cause a denial of service\n (infinite loop) by sending a positive answer while a\n network name is being process.(CVE-2014-9402)\n\n - A stack overflow vulnerability was found in\n _nss_dns_getnetbyname_r.On systems with nsswitch\n configured to include 'networks: dns' with a privileged\n or network-facing service that would attempt to resolve\n user-provided network names, an attacker could provide\n an excessively long network name, resulting in stack\n corruption and code execution.(CVE-2016-3075)\n\n - stdlib/canonicalize.c in the GNU C Library (aka glibc\n or libc6) 2.27 and earlier, when processing very long\n pathname arguments to the realpath function, could\n encounter an integer overflow on 32-bit architectures,\n leading to a stack-based buffer overflow and,\n potentially, arbitrary code execution.(CVE-2018-11236)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1344\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?150706e2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-11236\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.17-111.h12\",\n \"glibc-common-2.17-111.h12\",\n \"glibc-devel-2.17-111.h12\",\n \"glibc-headers-2.17-111.h12\",\n \"nscd-2.17-111.h12\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:22:51", "description": "According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system.(CVE-2015-5277)\n\n - A directory traveral flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application.(CVE-2014-0475)\n\n - It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure.(CVE-2015-8776)\n\n - The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.(CVE-2017-15670)\n\n - The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.(CVE-2013-4788)\n\n - An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.(CVE-2014-6040)\n\n - A stack overflow vulnerability was found in\n _nss_dns_getnetbyname_r. On systems with nsswitch configured to include ''networks: dns'' with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution.(CVE-2016-3075)\n\n - Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.(CVE-2012-4412)\n\n - A heap-based buffer overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application.(CVE-2015-1472)\n\n - It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.(CVE-2013-1914)\n\n - A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code.(CVE-2014-9761)\n\n - An out-of-bounds write flaw was found in the way the glibc's readdir_r() function handled file system entries longer than the NAME_MAX character constant. A remote attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdir_r(), would cause that application to crash or, potentially, allow the attacker to execute arbitrary code with the privileges of the user running the application.(CVE-2013-4237)\n\n - It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.(CVE-2013-7423)\n\n - A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.(CVE-2015-1781)\n\n - The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.(CVE-2014-9402)\n\n - In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.(CVE-2019-9169)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1552)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4412", "CVE-2013-1914", "CVE-2013-4237", "CVE-2013-4788", "CVE-2013-7423", "CVE-2014-0475", "CVE-2014-6040", "CVE-2014-9402", "CVE-2014-9761", "CVE-2015-1472", "CVE-2015-1781", "CVE-2015-5277", "CVE-2015-8776", "CVE-2016-3075", "CVE-2017-15670", "CVE-2019-9169"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1552.NASL", "href": "https://www.tenable.com/plugins/nessus/125005", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125005);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2012-4412\",\n \"CVE-2013-1914\",\n \"CVE-2013-4237\",\n \"CVE-2013-4788\",\n \"CVE-2013-7423\",\n \"CVE-2014-0475\",\n \"CVE-2014-6040\",\n \"CVE-2014-9402\",\n \"CVE-2014-9761\",\n \"CVE-2015-1472\",\n \"CVE-2015-1781\",\n \"CVE-2015-5277\",\n \"CVE-2015-8776\",\n \"CVE-2016-3075\",\n \"CVE-2017-15670\",\n \"CVE-2019-9169\"\n );\n script_bugtraq_id(\n 55462,\n 58839,\n 61183,\n 61729,\n 68505,\n 69472,\n 71670,\n 72428,\n 72498,\n 72844,\n 74255\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1552)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - It was discovered that the nss_files backend for the\n Name Service Switch in glibc would return incorrect\n data to applications or corrupt the heap (depending on\n adjacent heap contents). A local attacker could\n potentially use this flaw to execute arbitrary code on\n the system.(CVE-2015-5277)\n\n - A directory traveral flaw was found in the way glibc\n loaded locale files. An attacker able to make an\n application use a specially crafted locale name value\n (for example, specified in an LC_* environment\n variable) could possibly use this flaw to execute\n arbitrary code with the privileges of that\n application.(CVE-2014-0475)\n\n - It was found that out-of-range time values passed to\n the strftime() function could result in an\n out-of-bounds memory access. This could lead to\n application crash or, potentially, information\n disclosure.(CVE-2015-8776)\n\n - The GNU C Library (aka glibc or libc6) before 2.27\n contains an off-by-one error leading to a heap-based\n buffer overflow in the glob function in glob.c, related\n to the processing of home directories using the ~\n operator followed by a long string.(CVE-2017-15670)\n\n - The PTR_MANGLE implementation in the GNU C Library (aka\n glibc or libc6) 2.4, 2.17, and earlier, and Embedded\n GLIBC (EGLIBC) does not initialize the random value for\n the pointer guard, which makes it easier for\n context-dependent attackers to control execution flow\n by leveraging a buffer-overflow vulnerability in an\n application and using the known zero value pointer\n guard to calculate a pointer address.(CVE-2013-4788)\n\n - An out-of-bounds read flaw was found in the way glibc's\n iconv() function converted certain encoded data to\n UTF-8. An attacker able to make an application call the\n iconv() function with a specially crafted argument\n could use this flaw to crash that\n application.(CVE-2014-6040)\n\n - A stack overflow vulnerability was found in\n _nss_dns_getnetbyname_r. On systems with nsswitch\n configured to include ''networks: dns'' with a\n privileged or network-facing service that would attempt\n to resolve user-provided network names, an attacker\n could provide an excessively long network name,\n resulting in stack corruption and code\n execution.(CVE-2016-3075)\n\n - Integer overflow in string/strcoll_l.c in the GNU C\n Library (aka glibc or libc6) 2.17 and earlier allows\n context-dependent attackers to cause a denial of\n service (crash) or possibly execute arbitrary code via\n a long string, which triggers a heap-based buffer\n overflow.(CVE-2012-4412)\n\n - A heap-based buffer overflow flaw was found in glibc's\n swscanf() function. An attacker able to make an\n application call the swscanf() function could use this\n flaw to crash that application or, potentially, execute\n arbitrary code with the permissions of the user running\n the application.(CVE-2015-1472)\n\n - It was found that getaddrinfo() did not limit the\n amount of stack memory used during name resolution. An\n attacker able to make an application resolve an\n attacker-controlled hostname or IP address could\n possibly cause the application to exhaust all stack\n memory and crash.(CVE-2013-1914)\n\n - A stack overflow vulnerability was found in nan*\n functions that could cause applications, which process\n long strings with the nan function, to crash or,\n potentially, execute arbitrary code.(CVE-2014-9761)\n\n - An out-of-bounds write flaw was found in the way the\n glibc's readdir_r() function handled file system\n entries longer than the NAME_MAX character constant. A\n remote attacker could provide a specially crafted NTFS\n or CIFS file system that, when processed by an\n application using readdir_r(), would cause that\n application to crash or, potentially, allow the\n attacker to execute arbitrary code with the privileges\n of the user running the application.(CVE-2013-4237)\n\n - It was discovered that, under certain circumstances,\n glibc's getaddrinfo() function would send DNS queries\n to random file descriptors. An attacker could\n potentially use this flaw to send DNS queries to\n unintended recipients, resulting in information\n disclosure or data loss due to the application\n encountering corrupted data.(CVE-2013-7423)\n\n - A buffer overflow flaw was found in the way glibc's\n gethostbyname_r() and other related functions computed\n the size of a buffer when passed a misaligned buffer as\n input. An attacker able to make an application call any\n of these functions with a misaligned buffer could use\n this flaw to crash the application or, potentially,\n execute arbitrary code with the permissions of the user\n running the application.(CVE-2015-1781)\n\n - The nss_dns implementation of getnetbyname in GNU C\n Library (aka glibc) before 2.21, when the DNS backend\n in the Name Service Switch configuration is enabled,\n allows remote attackers to cause a denial of service\n (infinite loop) by sending a positive answer while a\n network name is being process.(CVE-2014-9402)\n\n - In the GNU C Library (aka glibc or libc6) through 2.29,\n proceed_next_node in posix/regexec.c has a heap-based\n buffer over-read via an attempted case-insensitive\n regular-expression match.(CVE-2019-9169)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1552\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ad6abb72\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9169\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.17-222.h11\",\n \"glibc-common-2.17-222.h11\",\n \"glibc-devel-2.17-222.h11\",\n \"glibc-headers-2.17-222.h11\",\n \"nscd-2.17-222.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-11T01:42:01", "description": "Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library :\n\n - CVE-2015-0235 Qualys discovered that the gethostbyname and gethostbyname2 functions were subject to a buffer overflow if provided with a crafted IP address argument.\n This could be used by an attacker to execute arbitrary code in processes which called the affected functions.\n\n The original glibc bug was reported by Peter Klotz.\n\n - CVE-2014-7817 Tim Waugh of Red Hat discovered that the WRDE_NOCMD option of the wordexp function did not suppress command execution in all cases. This allows a context-dependent attacker to execute shell commands.\n\n - CVE-2012-6656 CVE-2014-6040 The charset conversion code for certain IBM multi-byte code pages could perform an out-of-bounds array access, causing the process to crash. In some scenarios, this allows a remote attacker to cause a persistent denial of service.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-28T00:00:00", "type": "nessus", "title": "Debian DSA-3142-1 : eglibc - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6656", "CVE-2014-6040", "CVE-2014-7817", "CVE-2015-0235"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:eglibc", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3142.NASL", "href": "https://www.tenable.com/plugins/nessus/81029", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3142. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81029);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-6656\", \"CVE-2014-6040\", \"CVE-2014-7817\", \"CVE-2015-0235\");\n script_bugtraq_id(69472, 71216, 72325);\n script_xref(name:\"CERT\", value:\"967332\");\n script_xref(name:\"DSA\", value:\"3142\");\n\n script_name(english:\"Debian DSA-3142-1 : eglibc - security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been fixed in eglibc, Debian's version of\nthe GNU C library :\n\n - CVE-2015-0235\n Qualys discovered that the gethostbyname and\n gethostbyname2 functions were subject to a buffer\n overflow if provided with a crafted IP address argument.\n This could be used by an attacker to execute arbitrary\n code in processes which called the affected functions.\n\n The original glibc bug was reported by Peter Klotz.\n\n - CVE-2014-7817\n Tim Waugh of Red Hat discovered that the WRDE_NOCMD\n option of the wordexp function did not suppress command\n execution in all cases. This allows a context-dependent\n attacker to execute shell commands.\n\n - CVE-2012-6656 CVE-2014-6040\n The charset conversion code for certain IBM multi-byte\n code pages could perform an out-of-bounds array access,\n causing the process to crash. In some scenarios, this\n allows a remote attacker to cause a persistent denial of\n service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-0235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-7817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-6656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-6040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-0235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3142\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the eglibc packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 2.13-38+deb7u7.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), the CVE-2015-0235 issue has been fixed in version\n2.18-1 of the glibc package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:eglibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"eglibc\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc-bin\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc-dev-bin\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-dev\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-dev-i386\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-i386\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-i686\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-pic\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-prof\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-amd64\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-amd64\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-i386\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-mips64\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-mipsn32\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-ppc64\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-s390\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-s390x\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-sparc64\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-i386\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-i686\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-loongson2f\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-mips64\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-mipsn32\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-pic\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-ppc64\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-prof\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-s390\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-s390x\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-sparc64\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-xen\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6.1\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6.1-dev\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6.1-pic\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6.1-prof\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"locales\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"locales-all\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"multiarch-support\", reference:\"2.13-38+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"nscd\", reference:\"2.13-38+deb7u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T13:20:15", "description": "From Red Hat Security Advisory 2018:0805 :\n\nAn update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es) :\n\n* glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation (CVE-2018-1000001)\n\n* glibc: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670)\n\n* glibc: Buffer overflow during unescaping of user names with the ~ operator (CVE-2017-15804)\n\n* glibc: denial of service in getnetbyname function (CVE-2014-9402)\n\n* glibc: DNS resolver NULL pointer dereference with crafted record type (CVE-2015-5180)\n\n* glibc: Fragmentation attacks possible when EDNS0 is enabled (CVE-2017-12132)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank halfdog for reporting CVE-2018-1000001.\nThe CVE-2015-5180 issue was discovered by Florian Weimer (Red Hat Product Security).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-04-18T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : glibc (ELSA-2018-0805)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402", "CVE-2015-5180", "CVE-2017-12132", "CVE-2017-15670", "CVE-2017-15804", "CVE-2018-1000001"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-static", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2018-0805.NASL", "href": "https://www.tenable.com/plugins/nessus/109105", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:0805 and \n# Oracle Linux Security Advisory ELSA-2018-0805 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109105);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2014-9402\", \"CVE-2015-5180\", \"CVE-2017-12132\", \"CVE-2017-15670\", \"CVE-2017-15804\", \"CVE-2018-1000001\");\n script_xref(name:\"RHSA\", value:\"2018:0805\");\n\n script_name(english:\"Oracle Linux 7 : glibc (ELSA-2018-0805)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:0805 :\n\nAn update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nname service cache daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nSecurity Fix(es) :\n\n* glibc: realpath() buffer underflow when getcwd() returns relative\npath allows privilege escalation (CVE-2018-1000001)\n\n* glibc: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670)\n\n* glibc: Buffer overflow during unescaping of user names with the ~\noperator (CVE-2017-15804)\n\n* glibc: denial of service in getnetbyname function (CVE-2014-9402)\n\n* glibc: DNS resolver NULL pointer dereference with crafted record\ntype (CVE-2015-5180)\n\n* glibc: Fragmentation attacks possible when EDNS0 is enabled\n(CVE-2017-12132)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank halfdog for reporting CVE-2018-1000001.\nThe CVE-2015-5180 issue was discovered by Florian Weimer (Red Hat\nProduct Security).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.5 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-April/007611.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"realpath()\" Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nscd-2.17-222.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:32:48", "description": "An update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es) :\n\n* glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation (CVE-2018-1000001)\n\n* glibc: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670)\n\n* glibc: Buffer overflow during unescaping of user names with the ~ operator (CVE-2017-15804)\n\n* glibc: denial of service in getnetbyname function (CVE-2014-9402)\n\n* glibc: DNS resolver NULL pointer dereference with crafted record type (CVE-2015-5180)\n\n* glibc: Fragmentation attacks possible when EDNS0 is enabled (CVE-2017-12132)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank halfdog for reporting CVE-2018-1000001.\nThe CVE-2015-5180 issue was discovered by Florian Weimer (Red Hat Product Security).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-04-11T00:00:00", "type": "nessus", "title": "RHEL 7 : glibc (RHSA-2018:0805)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402", "CVE-2015-5180", "CVE-2017-12132", "CVE-2017-15670", "CVE-2017-15804", "CVE-2018-1000001"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2018-0805.NASL", "href": "https://www.tenable.com/plugins/nessus/108985", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0805. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108985);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2014-9402\", \"CVE-2015-5180\", \"CVE-2017-12132\", \"CVE-2017-15670\", \"CVE-2017-15804\", \"CVE-2018-1000001\");\n script_xref(name:\"RHSA\", value:\"2018:0805\");\n\n script_name(english:\"RHEL 7 : glibc (RHSA-2018:0805)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nname service cache daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nSecurity Fix(es) :\n\n* glibc: realpath() buffer underflow when getcwd() returns relative\npath allows privilege escalation (CVE-2018-1000001)\n\n* glibc: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670)\n\n* glibc: Buffer overflow during unescaping of user names with the ~\noperator (CVE-2017-15804)\n\n* glibc: denial of service in getnetbyname function (CVE-2014-9402)\n\n* glibc: DNS resolver NULL pointer dereference with crafted record\ntype (CVE-2015-5180)\n\n* glibc: Fragmentation attacks possible when EDNS0 is enabled\n(CVE-2017-12132)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank halfdog for reporting CVE-2018-1000001.\nThe CVE-2015-5180 issue was discovered by Florian Weimer (Red Hat\nProduct Security).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.5 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/7/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dde41582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-12132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-15670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-15804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-1000001\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"realpath()\" Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0805\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-2.17-222.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-common-2.17-222.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-222.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-debuginfo-2.17-222.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-debuginfo-common-2.17-222.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-devel-2.17-222.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-headers-2.17-222.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-222.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-static-2.17-222.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-utils-2.17-222.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-222.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"nscd-2.17-222.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"nscd-2.17-222.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:32:31", "description": "Security Fix(es) :\n\n - glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation (CVE-2018-1000001)\n\n - glibc: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670)\n\n - glibc: Buffer overflow during unescaping of user names with the ~ operator (CVE-2017-15804)\n\n - glibc: denial of service in getnetbyname function (CVE-2014-9402)\n\n - glibc: DNS resolver NULL pointer dereference with crafted record type (CVE-2015-5180)\n\n - glibc: Fragmentation attacks possible when EDNS0 is enabled (CVE-2017-12132)\n\nAdditional Changes :", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL7.x x86_64 (20180410)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402", "CVE-2015-5180", "CVE-2017-12132", "CVE-2017-15670", "CVE-2017-15804", "CVE-2018-1000001"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:glibc-headers", "p-cpe:/a:fermilab:scientific_linux:glibc-static", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:nscd", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20180410_GLIBC_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/109447", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109447);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2014-9402\", \"CVE-2015-5180\", \"CVE-2017-12132\", \"CVE-2017-15670\", \"CVE-2017-15804\", \"CVE-2018-1000001\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL7.x x86_64 (20180410)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - glibc: realpath() buffer underflow when getcwd() returns\n relative path allows privilege escalation\n (CVE-2018-1000001)\n\n - glibc: Buffer overflow in glob with GLOB_TILDE\n (CVE-2017-15670)\n\n - glibc: Buffer overflow during unescaping of user names\n with the ~ operator (CVE-2017-15804)\n\n - glibc: denial of service in getnetbyname function\n (CVE-2014-9402)\n\n - glibc: DNS resolver NULL pointer dereference with\n crafted record type (CVE-2015-5180)\n\n - glibc: Fragmentation attacks possible when EDNS0 is\n enabled (CVE-2017-12132)\n\nAdditional Changes :\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1804&L=scientific-linux-errata&F=&S=&P=7441\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?262112fc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"realpath()\" Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-debuginfo-common-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nscd-2.17-222.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-16T00:55:34", "description": "An update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es) :\n\n* glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation (CVE-2018-1000001)\n\n* glibc: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670)\n\n* glibc: Buffer overflow during unescaping of user names with the ~ operator (CVE-2017-15804)\n\n* glibc: denial of service in getnetbyname function (CVE-2014-9402)\n\n* glibc: DNS resolver NULL pointer dereference with crafted record type (CVE-2015-5180)\n\n* glibc: Fragmentation attacks possible when EDNS0 is enabled (CVE-2017-12132)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank halfdog for reporting CVE-2018-1000001.\nThe CVE-2015-5180 issue was discovered by Florian Weimer (Red Hat Product Security).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-04-27T00:00:00", "type": "nessus", "title": "CentOS 7 : glibc (CESA-2018:0805)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402", "CVE-2015-5180", "CVE-2017-12132", "CVE-2017-15670", "CVE-2017-15804", "CVE-2018-1000001"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc-static", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2018-0805.NASL", "href": "https://www.tenable.com/plugins/nessus/109371", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0805 and \n# CentOS Errata and Security Advisory 2018:0805 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109371);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2014-9402\", \"CVE-2015-5180\", \"CVE-2017-12132\", \"CVE-2017-15670\", \"CVE-2017-15804\", \"CVE-2018-1000001\");\n script_xref(name:\"RHSA\", value:\"2018:0805\");\n\n script_name(english:\"CentOS 7 : glibc (CESA-2018:0805)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nname service cache daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nSecurity Fix(es) :\n\n* glibc: realpath() buffer underflow when getcwd() returns relative\npath allows privilege escalation (CVE-2018-1000001)\n\n* glibc: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670)\n\n* glibc: Buffer overflow during unescaping of user names with the ~\noperator (CVE-2017-15804)\n\n* glibc: denial of service in getnetbyname function (CVE-2014-9402)\n\n* glibc: DNS resolver NULL pointer dereference with crafted record\ntype (CVE-2015-5180)\n\n* glibc: Fragmentation attacks possible when EDNS0 is enabled\n(CVE-2017-12132)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank halfdog for reporting CVE-2018-1000001.\nThe CVE-2015-5180 issue was discovered by Florian Weimer (Red Hat\nProduct Security).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.5 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2018-April/004814.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d2876042\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-9402\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"realpath()\" Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-222.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nscd-2.17-222.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-16T00:03:59", "description": "Fragmentation attacks possible when EDNS0 is enabled\n\nThe DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.(CVE-2017-12132)\n\nBuffer overflow in glob with GLOB_TILDE\n\nThe GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.(CVE-2017-15670)\n\nDenial of service in getnetbyname function\n\nThe nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.(CVE-2014-9402)\n\nDNS resolver NULL pointer dereference with crafted record type\n\nres_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).(CVE-2015-5180)\n\nrealpath() buffer underflow when getcwd() returns relative path allows privilege escalation\n\nIn glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.(CVE-2018-1000001)\n\nBuffer overflow during unescaping of user names with the ~ operator\n\nThe glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.(CVE-2017-15804)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-11T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : glibc (ALAS-2018-1017)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402", "CVE-2015-5180", "CVE-2017-12132", "CVE-2017-15670", "CVE-2017-15804", "CVE-2018-1000001"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:glibc", "p-cpe:/a:amazon:linux:glibc-common", "p-cpe:/a:amazon:linux:glibc-debuginfo", "p-cpe:/a:amazon:linux:glibc-debuginfo-common", "p-cpe:/a:amazon:linux:glibc-devel", "p-cpe:/a:amazon:linux:glibc-headers", "p-cpe:/a:amazon:linux:glibc-static", "p-cpe:/a:amazon:linux:glibc-utils", "p-cpe:/a:amazon:linux:nscd", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-1017.NASL", "href": "https://www.tenable.com/plugins/nessus/109699", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-1017.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109699);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2014-9402\", \"CVE-2015-5180\", \"CVE-2017-12132\", \"CVE-2017-15670\", \"CVE-2017-15804\", \"CVE-2018-1000001\");\n script_xref(name:\"ALAS\", value:\"2018-1017\");\n\n script_name(english:\"Amazon Linux AMI : glibc (ALAS-2018-1017)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fragmentation attacks possible when EDNS0 is enabled\n\nThe DNS stub resolver in the GNU C Library (aka glibc or libc6) before\nversion 2.26, when EDNS support is enabled, will solicit large UDP\nresponses from name servers, potentially simplifying off-path DNS\nspoofing attacks due to IP fragmentation.(CVE-2017-12132)\n\nBuffer overflow in glob with GLOB_TILDE\n\nThe GNU C Library (aka glibc or libc6) before 2.27 contains an\noff-by-one error leading to a heap-based buffer overflow in the glob\nfunction in glob.c, related to the processing of home directories\nusing the ~ operator followed by a long string.(CVE-2017-15670)\n\nDenial of service in getnetbyname function\n\nThe nss_dns implementation of getnetbyname in GNU C Library (aka\nglibc) before 2.21, when the DNS backend in the Name Service Switch\nconfiguration is enabled, allows remote attackers to cause a denial of\nservice (infinite loop) by sending a positive answer while a network\nname is being process.(CVE-2014-9402)\n\nDNS resolver NULL pointer dereference with crafted record type\n\nres_query in libresolv in glibc before 2.25 allows remote attackers to\ncause a denial of service (NULL pointer dereference and process\ncrash).(CVE-2015-5180)\n\nrealpath() buffer underflow when getcwd() returns relative path allows\nprivilege escalation\n\nIn glibc 2.26 and earlier there is confusion in the usage of getcwd()\nby realpath() which can be used to write before the destination buffer\nleading to a buffer underflow and potential code\nexecution.(CVE-2018-1000001)\n\nBuffer overflow during unescaping of user names with the ~ operator\n\nThe glob function in glob.c in the GNU C Library (aka glibc or libc6)\nbefore 2.27 contains a buffer overflow during unescaping of user names\nwith the ~ operator.(CVE-2017-15804)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-1017.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update glibc' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"realpath()\" Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"glibc-2.17-222.173.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-common-2.17-222.173.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-2.17-222.173.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-common-2.17-222.173.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-devel-2.17-222.173.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-headers-2.17-222.173.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-static-2.17-222.173.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-utils-2.17-222.173.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nscd-2.17-222.173.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:46:24", "description": "Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library.\n\n#553206 CVE-2015-1472 CVE-2015-1473\n\nThe scanf family of functions do not properly limit stack allocation, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code.\n\nCVE-2012-3405\n\nThe printf family of functions do not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service.\n\nCVE-2012-3406\n\nThe printf family of functions do not properly limit stack allocation, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string.\n\nCVE-2012-3480\n\nMultiple integer overflows in the strtod, strtof, strtold, strtod_l, and other related functions allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.\n\nCVE-2012-4412\n\nInteger overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.\n\nCVE-2012-4424\n\nStack-based buffer overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.\n\nCVE-2013-0242\n\nBuffer overflow in the extend_buffers function in the regular expression matcher allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.\n\nCVE-2013-1914 CVE-2013-4458\n\nStack-based buffer overflow in the getaddrinfo function allows remote attackers to cause a denial of service (crash) via a hostname or IP address that triggers a large number of domain conversion results.\n\nCVE-2013-4237\n\nreaddir_r allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a malicious NTFS image or CIFS service.\n\nCVE-2013-4332\n\nMultiple integer overflows in malloc/malloc.c allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the pvalloc, valloc, posix_memalign, memalign, or aligned_alloc functions.\n\nCVE-2013-4357\n\nThe getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname, getservbyname_r, getservbyport, getservbyport_r, and glob functions do not properly limit stack allocation, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code.\n\nCVE-2013-4788\n\nWhen the GNU C library is statically linked into an executable, the PTR_MANGLE implementation does not initialize the random value for the pointer guard, so that various hardening mechanisms are not effective.\n\nCVE-2013-7423\n\nThe send_dg function in resolv/res_send.c does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.\n\nCVE-2013-7424\n\nThe getaddrinfo function may attempt to free an invalid pointer when handling IDNs (Internationalised Domain Names), which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.\n\nCVE-2014-4043\n\nThe posix_spawn_file_actions_addopen function does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in version 2.11.3-4+deb6u5.\n\nFor the stable distribution (wheezy), these problems were fixed in version 2.13-38+deb7u8 or earlier.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-03-26T00:00:00", "type": "nessus", "title": "Debian DLA-165-1 : eglibc security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480", "CVE-2012-4412", "CVE-2012-4424", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4237", "CVE-2013-4332", "CVE-2013-4357", "CVE-2013-4458", "CVE-2013-4788", "CVE-2013-7423", "CVE-2013-7424", "CVE-2014-4043", "CVE-2015-1472", "CVE-2015-1473"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:eglibc-source", "p-cpe:/a:debian:debian_linux:glibc-doc", "p-cpe:/a:debian:debian_linux:libc-bin", "p-cpe:/a:debian:debian_linux:libc-dev-bin", "p-cpe:/a:debian:debian_linux:libc6", "p-cpe:/a:debian:debian_linux:libc6-amd64", "p-cpe:/a:debian:debian_linux:libc6-dbg", "p-cpe:/a:debian:debian_linux:libc6-dev", "p-cpe:/a:debian:debian_linux:libc6-dev-amd64", "p-cpe:/a:debian:debian_linux:libc6-dev-i386", "p-cpe:/a:debian:debian_linux:libc6-i386", "p-cpe:/a:debian:debian_linux:libc6-i686", "p-cpe:/a:debian:debian_linux:libc6-pic", "p-cpe:/a:debian:debian_linux:libc6-prof", "p-cpe:/a:debian:debian_linux:libc6-udeb", "p-cpe:/a:debian:debian_linux:libc6-xen", "p-cpe:/a:debian:debian_linux:libnss-dns-udeb", "p-cpe:/a:debian:debian_linux:libnss-files-udeb", "p-cpe:/a:debian:debian_linux:locales", "p-cpe:/a:debian:debian_linux:locales-all", "p-cpe:/a:debian:debian_linux:nscd", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-165.NASL", "href": "https://www.tenable.com/plugins/nessus/82149", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-165-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82149);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3405\", \"CVE-2012-3406\", \"CVE-2012-3480\", \"CVE-2012-4412\", \"CVE-2012-4424\", \"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4237\", \"CVE-2013-4332\", \"CVE-2013-4357\", \"CVE-2013-4458\", \"CVE-2013-4788\", \"CVE-2013-7423\", \"CVE-2013-7424\", \"CVE-2014-4043\", \"CVE-2015-1472\", \"CVE-2015-1473\");\n script_bugtraq_id(54374, 54982, 55462, 55543, 57638, 58839, 61183, 61729, 62324, 63299, 67992, 68006, 72428, 72498, 72499, 72710, 72844);\n\n script_name(english:\"Debian DLA-165-1 : eglibc security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been fixed in eglibc, Debian's version of\nthe GNU C library.\n\n#553206 CVE-2015-1472 CVE-2015-1473\n\nThe scanf family of functions do not properly limit stack allocation,\nwhich allows context-dependent attackers to cause a denial of service\n(crash) or possibly execute arbitrary code.\n\nCVE-2012-3405\n\nThe printf family of functions do not properly calculate a buffer\nlength, which allows context-dependent attackers to bypass the\nFORTIFY_SOURCE format-string protection mechanism and cause a denial\nof service.\n\nCVE-2012-3406\n\nThe printf family of functions do not properly limit stack allocation,\nwhich allows context-dependent attackers to bypass the FORTIFY_SOURCE\nformat-string protection mechanism and cause a denial of service\n(crash) or possibly execute arbitrary code via a crafted format\nstring.\n\nCVE-2012-3480\n\nMultiple integer overflows in the strtod, strtof, strtold, strtod_l,\nand other related functions allow local users to cause a denial of\nservice (application crash) and possibly execute arbitrary code via a\nlong string, which triggers a stack-based buffer overflow.\n\nCVE-2012-4412\n\nInteger overflow in the strcoll and wcscoll functions allows\ncontext-dependent attackers to cause a denial of service (crash) or\npossibly execute arbitrary code via a long string, which triggers a\nheap-based buffer overflow.\n\nCVE-2012-4424\n\nStack-based buffer overflow in the strcoll and wcscoll functions\nallows context-dependent attackers to cause a denial of service\n(crash) or possibly execute arbitrary code via a long string that\ntriggers a malloc failure and use of the alloca function.\n\nCVE-2013-0242\n\nBuffer overflow in the extend_buffers function in the regular\nexpression matcher allows context-dependent attackers to cause a\ndenial of service (memory corruption and crash) via crafted multibyte\ncharacters.\n\nCVE-2013-1914 CVE-2013-4458\n\nStack-based buffer overflow in the getaddrinfo function allows remote\nattackers to cause a denial of service (crash) via a hostname or IP\naddress that triggers a large number of domain conversion results.\n\nCVE-2013-4237\n\nreaddir_r allows context-dependent attackers to cause a denial of\nservice (out-of-bounds write and crash) or possibly execute arbitrary\ncode via a malicious NTFS image or CIFS service.\n\nCVE-2013-4332\n\nMultiple integer overflows in malloc/malloc.c allow context-dependent\nattackers to cause a denial of service (heap corruption) via a large\nvalue to the pvalloc, valloc, posix_memalign, memalign, or\naligned_alloc functions.\n\nCVE-2013-4357\n\nThe getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname,\ngetservbyname_r, getservbyport, getservbyport_r, and glob functions do\nnot properly limit stack allocation, which allows context-dependent\nattackers to cause a denial of service (crash) or possibly execute\narbitrary code.\n\nCVE-2013-4788\n\nWhen the GNU C library is statically linked into an executable, the\nPTR_MANGLE implementation does not initialize the random value for the\npointer guard, so that various hardening mechanisms are not effective.\n\nCVE-2013-7423\n\nThe send_dg function in resolv/res_send.c does not properly reuse file\ndescriptors, which allows remote attackers to send DNS queries to\nunintended locations via a large number of requests that trigger a\ncall to the getaddrinfo function.\n\nCVE-2013-7424\n\nThe getaddrinfo function may attempt to free an invalid pointer when\nhandling IDNs (Internationalised Domain Names), which allows remote\nattackers to cause a denial of service (crash) or possibly execute\narbitrary code.\n\nCVE-2014-4043\n\nThe posix_spawn_file_actions_addopen function does not copy its path\nargument in accordance with the POSIX specification, which allows\ncontext-dependent attackers to trigger use-after-free vulnerabilities.\n\nFor the oldstable distribution (squeeze), these problems have been\nfixed in version 2.11.3-4+deb6u5.\n\nFor the stable distribution (wheezy), these problems were fixed in\nversion 2.13-38+deb7u8 or earlier.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/03/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/eglibc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:eglibc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc-dev-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-pic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-prof\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss-dns-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss-files-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:locales\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:locales-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"eglibc-source\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"glibc-doc\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc-bin\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc-dev-bin\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-amd64\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dbg\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dev\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dev-amd64\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dev-i386\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-i386\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-i686\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-pic\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-prof\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-udeb\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-xen\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnss-dns-udeb\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnss-files-udeb\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"locales\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"locales-all\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"nscd\", reference:\"2.11.3-4+deb6u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-24T21:59:25", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has glibc packages installed that are affected by multiple vulnerabilities:\n\n - The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. (CVE-2017-15670)\n\n - The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. (CVE-2017-12132)\n\n - The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.\n (CVE-2017-15804)\n\n - res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). (CVE-2015-5180)\n\n - The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. (CVE-2014-9402)\n\n - In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.\n (CVE-2018-1000001)\n\n - Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. (CVE-2016-3706)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4458", "CVE-2014-9402", "CVE-2015-5180", "CVE-2016-3706", "CVE-2017-12132", "CVE-2017-15670", "CVE-2017-15804", "CVE-2018-1000001"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0024_GLIBC.NASL", "href": "https://www.tenable.com/plugins/nessus/127183", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0024. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127183);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2014-9402\",\n \"CVE-2015-5180\",\n \"CVE-2016-3706\",\n \"CVE-2017-12132\",\n \"CVE-2017-15670\",\n \"CVE-2017-15804\",\n \"CVE-2018-1000001\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0024)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has glibc packages installed that are affected by\nmultiple vulnerabilities:\n\n - The GNU C Library (aka glibc or libc6) before 2.27\n contains an off-by-one error leading to a heap-based\n buffer overflow in the glob function in glob.c, related\n to the processing of home directories using the ~\n operator followed by a long string. (CVE-2017-15670)\n\n - The DNS stub resolver in the GNU C Library (aka glibc or\n libc6) before version 2.26, when EDNS support is\n enabled, will solicit large UDP responses from name\n servers, potentially simplifying off-path DNS spoofing\n attacks due to IP fragmentation. (CVE-2017-12132)\n\n - The glob function in glob.c in the GNU C Library (aka\n glibc or libc6) before 2.27 contains a buffer overflow\n during unescaping of user names with the ~ operator.\n (CVE-2017-15804)\n\n - res_query in libresolv in glibc before 2.25 allows\n remote attackers to cause a denial of service (NULL\n pointer dereference and process crash). (CVE-2015-5180)\n\n - The nss_dns implementation of getnetbyname in GNU C\n Library (aka glibc) before 2.21, when the DNS backend in\n the Name Service Switch configuration is enabled, allows\n remote attackers to cause a denial of service (infinite\n loop) by sending a positive answer while a network name\n is being process. (CVE-2014-9402)\n\n - In glibc 2.26 and earlier there is confusion in the\n usage of getcwd() by realpath() which can be used to\n write before the destination buffer leading to a buffer\n underflow and potential code execution.\n (CVE-2018-1000001)\n\n - Stack-based buffer overflow in the getaddrinfo function\n in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka\n glibc or libc6) allows remote attackers to cause a\n denial of service (crash) via vectors involving hostent\n conversion. NOTE: this vulnerability exists because of\n an incomplete fix for CVE-2013-4458. (CVE-2016-3706)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0024\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL glibc packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-15804\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc realpath() Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"glibc-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-common-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-debuginfo-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-debuginfo-common-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-devel-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-headers-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-i18n-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-iconv-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-lang-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-locale-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-static-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-tools-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-utils-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"nscd-2.17-222.el7.cgslv5lite.0.6.g0d82438\"\n ],\n \"CGSL MAIN 5.04\": [\n \"glibc-2.17-222.el7.cgslv5.0.1.gd23aea5\",\n \"glibc-common-2.17-222.el7.cgslv5.0.1.gd23aea5\",\n \"glibc-debuginfo-2.17-222.el7.cgslv5.0.1.gd23aea5\",\n \"glibc-debuginfo-common-2.17-222.el7.cgslv5.0.1.gd23aea5\",\n \"glibc-devel-2.17-222.el7.cgslv5.0.1.gd23aea5\",\n \"glibc-headers-2.17-222.el7.cgslv5.0.1.gd23aea5\",\n \"glibc-static-2.17-222.el7.cgslv5.0.1.gd23aea5\",\n \"glibc-utils-2.17-222.el7.cgslv5.0.1.gd23aea5\",\n \"nscd-2.17-222.el7.cgslv5.0.1.gd23aea5\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "description": "The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. ", "edition": 2, "cvss3": {}, "published": "2015-03-04T10:27:01", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: glibc-2.20-8.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7817", "CVE-2014-9402", "CVE-2015-1472"], "modified": "2015-03-04T10:27:01", "id": "FEDORA:B3F8860918D2", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "description": "The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. ", "edition": 2, "cvss3": {}, "published": "2015-03-04T10:25:31", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: glibc-2.18-19.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5119", "CVE-2014-6040", "CVE-2014-7817"], "modified": "2015-03-04T10:25:31", "id": "FEDORA:D6230604AFE5", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:36:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-03-05T00:00:00", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2015-2837", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402", "CVE-2014-7817", "CVE-2015-1472"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869058", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869058", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2015-2837\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869058\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-05 05:43:06 +0100 (Thu, 05 Mar 2015)\");\n script_cve_id(\"CVE-2014-7817\", \"CVE-2014-9402\", \"CVE-2015-1472\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for glibc FEDORA-2015-2837\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"glibc on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-2837\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/150644.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.20~8.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-02-27T00:00:00", "type": "openvas", "title": "Ubuntu Update for glibc USN-2519-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402", "CVE-2015-1473", "CVE-2015-1472", "CVE-2013-7423"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842104", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842104", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for glibc USN-2519-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842104\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-27 05:42:47 +0100 (Fri, 27 Feb 2015)\");\n script_cve_id(\"CVE-2013-7423\", \"CVE-2014-9402\", \"CVE-2015-1472\", \"CVE-2015-1473\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for glibc USN-2519-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Arnaud Le Blanc discovered that the GNU C\nLibrary incorrectly handled file descriptors when resolving DNS queries under high\nload. This may cause a denial of service in other applications, or an information\nleak. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04\nLTS. (CVE-2013-7423)\n\nIt was discovered that the GNU C Library incorrectly handled receiving a\npositive answer while processing the network name when performing DNS\nresolution. A remote attacker could use this issue to cause the GNU C\nLibrary to hang, resulting in a denial of service. (CVE-2014-9402)\n\nJoseph Myers discovered that the GNU C Library wscanf function incorrectly\nhandled memory. A remote attacker could possibly use this issue to cause\nthe GNU C Library to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu\n14.04 LTS and Ubuntu 14.10. (CVE-2015-1472, CVE-2015-1473)\");\n script_tag(name:\"affected\", value:\"glibc on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2519-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2519-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.19-10ubuntu2.3\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.19-0ubuntu6.6\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.15-0ubuntu10.11\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.11.1-0ubuntu7.21\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:51", "description": "Oracle Linux Local Security Checks ELSA-2015-2199", "cvss3": {}, "published": "2015-11-25T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2199", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1473", "CVE-2015-1472", "CVE-2015-1781", "CVE-2013-7423"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122787", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122787", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2199.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122787\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-25 13:18:53 +0200 (Wed, 25 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2199\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2199 - glibc security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2199\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2199.html\");\n script_cve_id(\"CVE-2013-7423\", \"CVE-2015-1781\", \"CVE-2015-1472\", \"CVE-2015-1473\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~105.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~105.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~105.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~105.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.17~105.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~105.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~105.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-11-20T00:00:00", "type": "openvas", "title": "RedHat Update for glibc RHSA-2015:2199-07", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1473", "CVE-2015-1472", "CVE-2015-1781", "CVE-2013-7423"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310871503", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871503", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2015:2199-07\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871503\");\n script_version(\"$Revision: 12380 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:03:48 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-20 06:26:16 +0100 (Fri, 20 Nov 2015)\");\n script_cve_id(\"CVE-2013-7423\", \"CVE-2015-1472\", \"CVE-2015-1473\", \"CVE-2015-1781\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for glibc RHSA-2015:2199-07\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The glibc packages provide the standard C\nlibraries (libc), POSIX thread libraries (libpthread), standard math libraries\n(libm), and the Name Server Caching Daemon (nscd) used by multiple programs on\nthe system. Without these libraries, the Linux system cannot function correctly.\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo()\nfunction would send DNS queries to random file descriptors. An attacker\ncould potentially use this flaw to send DNS queries to unintended\nrecipients, resulting in information disclosure or data loss due to the\napplication encountering corrupted data. (CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and\nother related functions computed the size of a buffer when passed a\nmisaligned buffer as input. An attacker able to make an application call\nany of these functions with a misaligned buffer could use this flaw to\ncrash the application or, potentially, execute arbitrary code with the\npermissions of the user running the application. (CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found in\nglibc's swscanf() function. An attacker able to make an application call\nthe swscanf() function could use these flaws to crash that application or,\npotentially, execute arbitrary code with the permissions of the user\nrunning the application. (CVE-2015-1472, CVE-2015-1473)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in glibc's _IO_wstr_overflow() function. An attacker able to make an\napplication call this function could use this flaw to crash that\napplication or, potentially, execute arbitrary code with the permissions of\nthe user running the application. (BZ#1195762)\n\nA flaw was found in the way glibc's fnmatch() function processed certain\nmalformed patterns. An attacker able to make an application call this\nfunction could use this flaw to crash that application. (BZ#1197730)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThese updated glibc packages also include numerous bug fixes and one\nenhancement. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes, users\nare directed to the linked article on the Red Hat Customer Portal.\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\");\n script_tag(name:\"affected\", value:\"glibc on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2199-07\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-November/msg00031.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/2050743\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~105.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~105.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.17~105.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.17~105.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~105.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~105.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~105.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~105.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:12", "description": "Gentoo Linux Local Security Checks GLSA 201602-02", "cvss3": {}, "published": "2016-02-18T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201602-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8776", "CVE-2014-5119", "CVE-2014-6040", "CVE-2014-9402", "CVE-2014-8121", "CVE-2015-8779", "CVE-2015-8778", "CVE-2014-7817", "CVE-2015-1472", "CVE-2015-1781", "CVE-2013-7423", "CVE-2014-0475", "CVE-2015-7547"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121441", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121441", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201602-02.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121441\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2016-02-18 07:28:03 +0200 (Thu, 18 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201602-02\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in the GNU C Library:\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201602-02\");\n script_cve_id(\"CVE-2015-7547\", \"CVE-2015-8776\", \"CVE-2015-8778\", \"CVE-2015-8779\", \"CVE-2013-7423\", \"CVE-2014-0475\", \"CVE-2014-5119\", \"CVE-2014-6040\", \"CVE-2014-7817\", \"CVE-2014-8121\", \"CVE-2014-9402\", \"CVE-2015-1472\", \"CVE-2015-1781\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201602-02\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"sys-libs/glibc\", unaffected: make_list(\"ge 2.21-r2\"), vulnerable: make_list(\"lt 2.21-r2\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:37:03", "description": "Oracle Linux Local Security Checks ELSA-2014-2023", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-2023", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7817"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123217", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123217", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-2023.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123217\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:00:51 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-2023\");\n script_tag(name:\"insight\", value:\"ELSA-2014-2023 - glibc security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-2023\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-2023.html\");\n script_cve_id(\"CVE-2014-7817\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~55.0.4.el7_0.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~55.0.4.el7_0.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~55.0.4.el7_0.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~55.0.4.el7_0.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.17~55.0.4.el7_0.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~55.0.4.el7_0.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~55.0.4.el7_0.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-07T18:46:41", "description": "The remote host is missing a security patch.", "cvss3": {}, "published": "2015-09-19T00:00:00", "type": "openvas", "title": "F5 BIG-IP - SOL16010 - GNU C Library (glibc) vulnerability CVE-2014-7817", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7817"], "modified": "2020-04-03T00:00:00", "id": "OPENVAS:1361412562310105372", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105372", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# F5 BIG-IP - SOL16010 - GNU C Library (glibc) vulnerability CVE-2014-7817\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105372\");\n script_cve_id(\"CVE-2014-7817\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"2020-04-03T06:15:47+0000\");\n\n script_name(\"F5 BIG-IP - SOL16010 - GNU C Library (glibc) vulnerability CVE-2014-7817\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16010.html\");\n\n script_tag(name:\"impact\", value:\"An attacker with local access and knowledge of how to make the glibc function trigger an exploit may be able to run arbitrary code. However, the risk level for this vulnerability is considered LOW because F5 product development has verified that the vulnerable code is NOT used in a way that would make an exploit possible.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing '$((`...`))'. (CVE-2014-7817)\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing a security patch.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-09-19 10:38:36 +0200 (Sat, 19 Sep 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['AAM'] = make_array( 'affected', '11.4.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['AFM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['AVR'] = make_array( 'affected', '11.0.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['APM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['ASM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['LC'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['PEM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\nif( report = f5_is_vulnerable( ca:check_f5, version:version ) ) {\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:59:24", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-12-15T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-617)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5277", "CVE-2015-1473", "CVE-2015-1472", "CVE-2015-1781", "CVE-2013-7423"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120607", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120607", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120607\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 02:51:20 +0200 (Tue, 15 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-617)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in glibc. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update glibc to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-617.html\");\n script_cve_id(\"CVE-2015-1781\", \"CVE-2015-5277\", \"CVE-2013-7423\", \"CVE-2015-1473\", \"CVE-2015-1472\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~106.163.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~106.163.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~106.163.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~106.163.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~106.163.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.17~106.163.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.17~106.163.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~106.163.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.17~106.163.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:38:51", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2018-1272)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181272", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181272", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1272\");\n script_version(\"2020-01-23T11:19:43+0000\");\n script_cve_id(\"CVE-2014-9402\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:19:43 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:19:43 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2018-1272)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1272\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1272\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'glibc' package(s) announced via the EulerOS-SA-2018-1272 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.(CVE-2014-9402)\");\n\n script_tag(name:\"affected\", value:\"'glibc' package(s) on Huawei EulerOS Virtualization 2.5.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~157.h14\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~157.h14\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~157.h14\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~157.h14\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~157.h14\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:37:01", "description": "Check the version of glibc", "cvss3": {}, "published": "2015-04-22T00:00:00", "type": "openvas", "title": "CentOS Update for glibc CESA-2015:0863 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1781", "CVE-2013-7423"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882172", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882172", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2015:0863 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882172\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-22 07:22:50 +0200 (Wed, 22 Apr 2015)\");\n script_cve_id(\"CVE-2013-7423\", \"CVE-2015-1781\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for glibc CESA-2015:0863 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of glibc\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The glibc packages provide the standard C\nlibraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name\nServer Caching Daemon (nscd) used by multiple programs on the system.\nWithout these libraries, the Linux system cannot function correctly.\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and\nother related functions computed the size of a buffer when passed a\nmisaligned buffer as input. An attacker able to make an application call\nany of these functions with a misaligned buffer could use this flaw to\ncrash the application or, potentially, execute arbitrary code with the\npermissions of the user running the application. (CVE-2015-1781)\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo()\nfunction would send DNS queries to random file descriptors. An attacker\ncould potentially use this flaw to send DNS queries to unintended\nrecipients, resulting in information disclosure or data loss due to the\napplication encountering corrupted data. (CVE-2013-7423)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThis update also fixes the following bug:\n\n * Previously, the nscd daemon did not properly reload modified data when\nthe user edited monitored nscd configuration files. As a consequence, nscd\nreturned stale data to system processes. This update adds a system of\ninotify-based monitoring and stat-based backup monitoring for nscd\nconfiguration files. As a result, nscd now detects changes to its\nconfiguration files and reloads the data properly, which prevents it from\nreturning stale data. (BZ#1194149)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\");\n script_tag(name:\"affected\", value:\"glibc on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0863\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-April/021081.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.149.el6_6.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.149.el6_6.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.149.el6_6.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.149.el6_6.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.12~1.149.el6_6.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.149.el6_6.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.149.el6_6.7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T23:00:07", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-513)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1781", "CVE-2013-7423"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120538", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120538", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120538\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:28:58 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-513)\");\n script_tag(name:\"insight\", value:\"A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1781 )It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. (CVE-2013-7423 )\");\n script_tag(name:\"solution\", value:\"Run yum update glibc to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-513.html\");\n script_cve_id(\"CVE-2015-1781\", \"CVE-2013-7423\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~55.142.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~55.142.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~55.142.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~55.142.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~55.142.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~55.142.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.17~55.142.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.17~55.142.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.17~55.142.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-04-22T00:00:00", "type": "openvas", "title": "RedHat Update for glibc RHSA-2015:0863-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1781", "CVE-2013-7423"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871360", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871360", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2015:0863-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871360\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-22 07:22:32 +0200 (Wed, 22 Apr 2015)\");\n script_cve_id(\"CVE-2013-7423\", \"CVE-2015-1781\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for glibc RHSA-2015:0863-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name\nServer Caching Daemon (nscd) used by multiple programs on the system.\nWithout these libraries, the Linux system cannot function correctly.\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and\nother related functions computed the size of a buffer when passed a\nmisaligned buffer as input. An attacker able to make an application call\nany of these functions with a misaligned buffer could use this flaw to\ncrash the application or, potentially, execute arbitrary code with the\npermissions of the user running the application. (CVE-2015-1781)\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo()\nfunction would send DNS queries to random file descriptors. An attacker\ncould potentially use this flaw to send DNS queries to unintended\nrecipients, resulting in information disclosure or data loss due to the\napplication encountering corrupted data. (CVE-2013-7423)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThis update also fixes the following bug:\n\n * Previously, the nscd daemon did not properly reload modified data when\nthe user edited monitored nscd configuration files. As a consequence, nscd\nreturned stale data to system processes. This update adds a system of\ninotify-based monitoring and stat-based backup monitoring for nscd\nconfiguration files. As a result, nscd now detects changes to its\nconfiguration files and reloads the data properly, which prevents it from\nreturning stale data. (BZ#1194149)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\");\n script_tag(name:\"affected\", value:\"glibc on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0863-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-April/msg00051.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.149.el6_6.7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.149.el6_6.7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.12~1.149.el6_6.7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.12~1.149.el6_6.7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.149.el6_6.7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.149.el6_6.7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.149.el6_6.7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.149.el6_6.7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:55", "description": "Oracle Linux Local Security Checks ELSA-2015-0863", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-0863", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1781", "CVE-2013-7423"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123128", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123128", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0863.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123128\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:42 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0863\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0863 - glibc security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0863\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0863.html\");\n script_cve_id(\"CVE-2013-7423\", \"CVE-2015-1781\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.149.el6_6.7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.149.el6_6.7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.149.el6_6.7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.149.el6_6.7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.12~1.149.el6_6.7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.149.el6_6.7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.149.el6_6.7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:21", "description": "Oracle Linux Local Security Checks ELSA-2015-0016", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-0016", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123206", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123206", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0016.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123206\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:00:43 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0016\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0016 - glibc security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0016\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0016.html\");\n script_cve_id(\"CVE-2014-7817\", \"CVE-2014-6040\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.149.el6_6.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.149.el6_6.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.149.el6_6.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.149.el6_6.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.12~1.149.el6_6.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.149.el6_6.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.149.el6_6.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T22:59:04", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-468)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120455", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120455", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120455\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:26:45 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-468)\");\n script_tag(name:\"insight\", value:\"An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. (CVE-2014-6040 )It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817 )\");\n script_tag(name:\"solution\", value:\"Run yum update glibc to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-468.html\");\n script_cve_id(\"CVE-2014-7817\", \"CVE-2014-6040\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~55.92.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~55.92.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.17~55.92.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~55.92.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.17~55.92.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~55.92.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.17~55.92.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~55.92.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~55.92.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:22", "description": "Check the version of glibc", "cvss3": {}, "published": "2015-01-23T00:00:00", "type": "openvas", "title": "CentOS Update for glibc CESA-2015:0016 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882090", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882090", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2015:0016 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882090\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:56:20 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-7817\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for glibc CESA-2015:0016 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of glibc\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function\nconverted certain encoded data to UTF-8. An attacker able to make an\napplication call the iconv() function with a specially crafted argument\ncould use this flaw to crash that application. (CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution\neven when the WRDE_NOCMD flag was specified. An attacker able to provide\nspecially crafted input to an application using the wordexp() function, and\nnot sanitizing the input correctly, could potentially use this flaw to\nexecute arbitrary commands with the credentials of the user running that\napplication. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs:\n\n * Previously, when an address lookup using the getaddrinfo() function for\nthe AF_UNSPEC value was performed on a defective DNS server, the server in\nsome cases responded with a valid response for the A record, but a referral\nresponse for the AAAA record, which resulted in a lookup failure. A prior\nupdate was implemented for getaddrinfo() to return the valid response, but\nit contained a typographical error, due to which the lookup could under\nsome circumstances still fail. This error has been corrected and\ngetaddrinfo() now returns a valid response in the described circumstances.\n(BZ#1172023)\n\n * An error in the dlopen() library function previously caused recursive\ncalls to dlopen() to terminate unexpectedly or to abort with a library\nassertion. This error has been fixed and recursive calls to dlopen() no\nlonger crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\");\n script_tag(name:\"affected\", value:\"glibc on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0016\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-January/020863.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.149.el6_6.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.149.el6_6.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.149.el6_6.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.149.el6_6.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.12~1.149.el6_6.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.149.el6_6.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.149.el6_6.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-01-23T00:00:00", "type": "openvas", "title": "RedHat Update for glibc RHSA-2015:0016-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871301", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871301", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2015:0016-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871301\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:55:28 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-7817\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for glibc RHSA-2015:0016-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function\nconverted certain encoded data to UTF-8. An attacker able to make an\napplication call the iconv() function with a specially crafted argument\ncould use this flaw to crash that application. (CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution\neven when the WRDE_NOCMD flag was specified. An attacker able to provide\nspecially crafted input to an application using the wordexp() function, and\nnot sanitizing the input correctly, could potentially use this flaw to\nexecute arbitrary commands with the credentials of the user running that\napplication. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs:\n\n * Previously, when an address lookup using the getaddrinfo() function for\nthe AF_UNSPEC value was performed on a defective DNS server, the server in\nsome cases responded with a valid response for the A record, but a referral\nresponse for the AAAA record, which resulted in a lookup failure. A prior\nupdate was implemented for getaddrinfo() to return the valid response, but\nit contained a typographical error, due to which the lookup could under\nsome circumstances still fail. This error has been corrected and\ngetaddrinfo() now returns a valid response in the described circumstances.\n(BZ#1172023)\n\n * An error in the dlopen() library function previously caused recursive\ncalls to dlopen() to terminate unexpectedly or to abort with a library\nassertion. This error has been fixed and recursive calls to dlopen() no\nlonger crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\");\n script_tag(name:\"affected\", value:\"glibc on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0016-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-January/msg00005.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.149.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.149.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.12~1.149.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.12~1.149.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.149.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.149.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.149.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.149.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:37:53", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2017-1146)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402", "CVE-2017-1000366"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171146", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171146", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1146\");\n script_version(\"2020-01-23T10:53:11+0000\");\n script_cve_id(\"CVE-2014-9402\", \"CVE-2017-1000366\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:53:11 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:53:11 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2017-1146)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1146\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1146\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'glibc' package(s) announced via the EulerOS-SA-2017-1146 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.(CVE-2014-9402)\n\nglibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.(CVE-2017-1000366)\");\n\n script_tag(name:\"affected\", value:\"'glibc' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~111.h15\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~111.h15\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~111.h15\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~111.h15\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.17~111.h15\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~111.h15\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~111.h15\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:36:50", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2017-1147)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402", "CVE-2017-1000366"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171147", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171147", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1147\");\n script_version(\"2020-01-23T10:53:13+0000\");\n script_cve_id(\"CVE-2014-9402\", \"CVE-2017-1000366\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:53:13 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:53:13 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2017-1147)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1147\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1147\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'glibc' package(s) announced via the EulerOS-SA-2017-1147 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.(CVE-2014-9402)\n\nglibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.(CVE-2017-1000366)\");\n\n script_tag(name:\"affected\", value:\"'glibc' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~111.h15\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~111.h15\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~111.h15\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~111.h15\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.17~111.h15\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~111.h15\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~111.h15\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-24T12:55:18", "description": "Several vulnerabilities have been fixed\nin eglibc, Debian", "cvss3": {}, "published": "2015-02-23T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3169-1 (eglibc - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4043", "CVE-2012-3404", "CVE-2014-9402", "CVE-2012-3405", "CVE-2015-1473", "CVE-2015-1472", "CVE-2012-3406", "CVE-2013-7424"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703169", "href": "http://plugins.openvas.org/nasl.php?oid=703169", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3169.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3169-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703169);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2012-3404\", \"CVE-2012-3405\", \"CVE-2012-3406\", \"CVE-2013-7424\",\n \"CVE-2014-4043\", \"CVE-2014-9402\", \"CVE-2015-1472\", \"CVE-2015-1473\");\n script_name(\"Debian Security Advisory DSA 3169-1 (eglibc - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-02-23 00:00:00 +0100 (Mon, 23 Feb 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3169.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"eglibc on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese issues are fixed in version 2.13-38+deb7u8 of the eglibc package.\n\nFor the unstable distribution (sid), all the above issues are fixed in version\n2.19-15 of the glibc package.\n\nWe recommend that you upgrade your eglibc packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been fixed\nin eglibc, Debian's version of the GNU C library:\n\nCVE-2012-3406The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka\nglibc) 2.5, 2.12, and probably other versions does not properly restrict\nthe use of the alloca function when allocating the SPECS array, which\nallows context-dependent attackers to bypass the FORTIFY_SOURCE\nformat-string protection mechanism and cause a denial of service (crash)\nor possibly execute arbitrary code via a crafted format string using\npositional parameters and a large number of format specifiers, a different\nvulnerability than\nCVE-2012-3404 and\nCVE-2012-3405 \n.\n\nCVE-2013-7424 \nAn invalid free flaw was found in glibc's getaddrinfo() function when used\nwith the AI_IDN flag. A remote attacker able to make an application call\nthis function could use this flaw to execute arbitrary code with the\npermissions of the user running the application. Note that this flaw only\naffected applications using glibc compiled with libidn support.\n\nCVE-2014-4043 \nThe posix_spawn_file_actions_addopen function in glibc before 2.20 does not\ncopy its path argument in accordance with the POSIX specification, which\nallows context-dependent attackers to trigger use-after-free\nvulnerabilities.\n\nCVE-2014-9402 \nThe getnetbyname function in glibc 2.21 or earlier will enter an infinite\nloop if the DNS backend is activated in the system Name Service Switch\nconfiguration, and the DNS resolver receives a positive answer while\nprocessing the network name.\n\nCVE-2015-1472 /\nCVE-2015-1473 \nUnder certain conditions wscanf can allocate too little memory for the\nto-be-scanned arguments and overflow the allocated buffer. The incorrect\nuse of '__libc_use_alloca (newsize)' caused a different (and weaker)\npolicy to be enforced which could allow a denial of service attack.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"eglibc-source\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"glibc-doc\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc-bin\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc-dev-bin\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dbg\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dev\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dev-i386\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-i386\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-i686\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-pic\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-prof\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-udeb\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6:i386\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6:amd64\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-amd64\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dbg:amd64\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dbg:i386\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev:amd64\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev:i386\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libc6-dev-amd64\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-i386\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-mips64\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-mipsn32\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-ppc64\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-s390\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-s390x\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-sparc64\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-i386\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-i686\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-loongson2f\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-mips64\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-mipsn32\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-pic\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-ppc64\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-prof\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-s390\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-s390x\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-sparc64\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-udeb\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-xen\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-dbg\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-dev\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-pic\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-prof\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-udeb\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss-dns-udeb\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss-files-udeb\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"locales\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"locales-all\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"multiarch-support\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nscd\", ver:\"2.13-38+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:50", "description": "Several vulnerabilities have been fixed\nin eglibc, Debian", "cvss3": {}, "published": "2015-02-23T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3169-1 (eglibc - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4043", "CVE-2012-3404", "CVE-2014-9402", "CVE-2012-3405", "CVE-2015-1473", "CVE-2015-1472", "CVE-2012-3406", "CVE-2013-7424"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703169", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703169", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3169.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3169-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703169\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2012-3404\", \"CVE-2012-3405\", \"CVE-2012-3406\", \"CVE-2013-7424\",\n \"CVE-2014-4043\", \"CVE-2014-9402\", \"CVE-2015-1472\", \"CVE-2015-1473\");\n script_name(\"Debian Security Advisory DSA 3169-1 (eglibc - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-23 00:00:00 +0100 (Mon, 23 Feb 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3169.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"eglibc on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese issues are fixed in version 2.13-38+deb7u8 of the eglibc package.\n\nFor the unstable distribution (sid), all the above issues are fixed in version\n2.19-15 of the glibc package.\n\nWe recommend that you upgrade your eglibc packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been fixed\nin eglibc, Debian's version of the GNU C library:\n\nCVE-2012-3406The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka\nglibc) 2.5, 2.12, and probably other versions does not properly restrict\nthe use of the alloca function when allocating the SPECS array, which\nallows context-dependent attackers to bypass the FORTIFY_SOURCE\nformat-string protection mechanism and cause a denial of service (crash)\nor possibly execute arbitrary code via a crafted format string using\npositional parameters and a large number of format specifiers, a different\nvulnerability than\nCVE-2012-3404 and\nCVE-2012-3405\n.\n\nCVE-2013-7424\nAn invalid free flaw was found in glibc's getaddrinfo() function when used\nwith the AI_IDN flag. A remote attacker able to make an application call\nthis function could use this flaw to execute arbitrary code with the\npermissions of the user running the application. Note that this flaw only\naffected applications using glibc compiled with libidn support.\n\nCVE-2014-4043\nThe posix_spawn_file_actions_addopen function in glibc before 2.20 does not\ncopy its path argument in accordance with the POSIX specification, which\nallows context-dependent attackers to trigger use-after-free\nvulnerabilities.\n\nCVE-2014-9402\nThe getnetbyname function in glibc 2.21 or earlier will enter an infinite\nloop if the DNS backend is activated in the system Name Service Switch\nconfiguration, and the DNS resolver receives a positive answer while\nprocessing the network name.\n\nCVE-2015-1472 /\nCVE-2015-1473\nUnder certain conditions wscanf can allocate too little memory for the\nto-be-scanned arguments and overflow the allocated buffer. The incorrect\nuse of '__libc_use_alloca (newsize)' caused a different (and weaker)\npolicy to be enforced which could allow a denial of service attack.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"eglibc-source\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"glibc-doc\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc-bin\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc-dev-bin\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-dbg\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-dev\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-dev-i386\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-i386\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-i686\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-pic\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-prof\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-udeb\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6:i386\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6:amd64\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-amd64\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dbg:amd64\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dbg:i386\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev:amd64\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev:i386\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libc6-dev-amd64\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-i386\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-mips64\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-mipsn32\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-ppc64\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-s390\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-s390x\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-sparc64\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-i386\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-i686\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-loongson2f\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-mips64\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-mipsn32\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-pic\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-ppc64\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-prof\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-s390\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-s390x\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-sparc64\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-udeb\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-xen\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-dbg\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-dev\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-pic\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-prof\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-udeb\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss-dns-udeb\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss-files-udeb\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"locales\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"locales-all\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"multiarch-support\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"nscd\", ver:\"2.13-38+deb7u8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:39:15", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2018-1344)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402", "CVE-2016-3075", "CVE-2018-11236"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181344", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181344", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1344\");\n script_version(\"2020-01-23T11:22:33+0000\");\n script_cve_id(\"CVE-2014-9402\", \"CVE-2016-3075\", \"CVE-2018-11236\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:22:33 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:22:33 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2018-1344)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1344\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1344\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'glibc' package(s) announced via the EulerOS-SA-2018-1344 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.(CVE-2014-9402)\n\nA stack overflow vulnerability was found in _nss_dns_getnetbyname_r.On systems with nsswitch configured to include 'networks: dns' with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution.(CVE-2016-3075)\n\nstdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.(CVE-2018-11236)\");\n\n script_tag(name:\"affected\", value:\"'glibc' package(s) on Huawei EulerOS Virtualization 2.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~111.h12\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~111.h12\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~111.h12\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~111.h12\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~111.h12\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:36:20", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1552)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8776", "CVE-2015-5277", "CVE-2014-6040", "CVE-2014-9402", "CVE-2013-4788", "CVE-2016-3075", "CVE-2017-15670", "CVE-2012-4412", "CVE-2013-1914", "CVE-2019-9169", "CVE-2014-9761", "CVE-2015-1472", "CVE-2015-1781", "CVE-2013-4237", "CVE-2013-7423", "CVE-2014-0475"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191552", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191552", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1552\");\n script_version(\"2020-01-23T14:09:13+0000\");\n script_cve_id(\"CVE-2012-4412\", \"CVE-2013-1914\", \"CVE-2013-4237\", \"CVE-2013-4788\", \"CVE-2013-7423\", \"CVE-2014-0475\", \"CVE-2014-6040\", \"CVE-2014-9402\", \"CVE-2014-9761\", \"CVE-2015-1472\", \"CVE-2015-1781\", \"CVE-2015-5277\", \"CVE-2015-8776\", \"CVE-2016-3075\", \"CVE-2017-15670\", \"CVE-2019-9169\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 14:09:13 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:12:58 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1552)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1552\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1552\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'glibc' package(s) announced via the EulerOS-SA-2019-1552 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system.(CVE-2015-5277)\n\nA directory traversal flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application.(CVE-2014-0475)\n\nIt was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure.(CVE-2015-8776)\n\nThe GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.(CVE-2017-15670)\n\nThe PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.(CVE-2013-4788)\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.(CVE-2014-6040)\n\nA stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include ''networks: dns'' with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution.(CVE-2016-3075)\n\nInteger overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.(CVE-2012-4412)\n\nA heap-based buffer overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that ap ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'glibc' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:52", "description": "Several vulnerabilities have been\nfixed in eglibc, Debian", "cvss3": {}, "published": "2015-01-27T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3142-1 (eglibc - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235", "CVE-2014-6040", "CVE-2014-7817", "CVE-2012-6656"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703142", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703142", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3142.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3142-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703142\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2012-6656\", \"CVE-2014-6040\", \"CVE-2014-7817\", \"CVE-2015-0235\");\n script_name(\"Debian Security Advisory DSA 3142-1 (eglibc - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-27 00:00:00 +0100 (Tue, 27 Jan 2015)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3142.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"eglibc on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 2.13-38+deb7u7.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), the\nCVE-2015-0235\n\nissue has been fixed in version 2.18-1 of the glibc package.\n\nWe recommend that you upgrade your eglibc packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\nfixed in eglibc, Debian's version of the GNU C library:\n\nCVE-2015-0235\nQualys discovered that the gethostbyname and gethostbyname2\nfunctions were subject to a buffer overflow if provided with a\ncrafted IP address argument. This could be used by an attacker to\nexecute arbitrary code in processes which called the affected\nfunctions.\n\nThe original glibc bug was reported by Peter Klotz.\n\nCVE-2014-7817\nTim Waugh of Red Hat discovered that the WRDE_NOCMD option of the\nwordexp function did not suppress command execution in all cases.\nThis allows a context-dependent attacker to execute shell\ncommands.\n\nCVE-2012-6656 CVE-2014-6040\nThe charset conversion code for certain IBM multi-byte code pages\ncould perform an out-of-bounds array access, causing the process\nto crash. In some scenarios, this allows a remote attacker to\ncause a persistent denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"eglibc-source\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"glibc-doc\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc-bin\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc-dev-bin\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-dbg\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-dev\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-dev-i386\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-i386\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-i686\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-pic\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-prof\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-udeb\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-amd64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dbg\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-amd64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-i386\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-mips64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-mipsn32\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-ppc64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-s390\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-s390x\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-sparc64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-i386\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-i686\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-loongson2f\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-mips64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-mipsn32\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-pic\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-ppc64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-prof\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-s390\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-s390x\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-sparc64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-udeb\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-xen\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-dbg\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-dev\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-pic\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-prof\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-udeb\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss-dns-udeb\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss-files-udeb\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"locales\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"locales-all\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"multiarch-support\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"nscd\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:53:28", "description": "Several vulnerabilities have been\nfixed in eglibc, Debian", "cvss3": {}, "published": "2015-01-27T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3142-1 (eglibc - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235", "CVE-2014-6040", "CVE-2014-7817", "CVE-2012-6656"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703142", "href": "http://plugins.openvas.org/nasl.php?oid=703142", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3142.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3142-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703142);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2012-6656\", \"CVE-2014-6040\", \"CVE-2014-7817\", \"CVE-2015-0235\");\n script_name(\"Debian Security Advisory DSA 3142-1 (eglibc - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-01-27 00:00:00 +0100 (Tue, 27 Jan 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3142.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"eglibc on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 2.13-38+deb7u7.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), the\nCVE-2015-0235\n\nissue has been fixed in version 2.18-1 of the glibc package.\n\nWe recommend that you upgrade your eglibc packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\nfixed in eglibc, Debian's version of the GNU C library:\n\nCVE-2015-0235\nQualys discovered that the gethostbyname and gethostbyname2\nfunctions were subject to a buffer overflow if provided with a\ncrafted IP address argument. This could be used by an attacker to\nexecute arbitrary code in processes which called the affected\nfunctions.\n\nThe original glibc bug was reported by Peter Klotz.\n\nCVE-2014-7817\nTim Waugh of Red Hat discovered that the WRDE_NOCMD option of the\nwordexp function did not suppress command execution in all cases.\nThis allows a context-dependent attacker to execute shell\ncommands.\n\nCVE-2012-6656 CVE-2014-6040\nThe charset conversion code for certain IBM multi-byte code pages\ncould perform an out-of-bounds array access, causing the process\nto crash. In some scenarios, this allows a remote attacker to\ncause a persistent denial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"eglibc-source\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"glibc-doc\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc-bin\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc-dev-bin\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dbg\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dev\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dev-i386\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-i386\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-i686\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-pic\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-prof\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-udeb\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-amd64\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dbg\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-amd64\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-i386\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-mips64\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-mipsn32\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-ppc64\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-s390\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-s390x\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-sparc64\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-i386\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-i686\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-loongson2f\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-mips64\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-mipsn32\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-pic\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-ppc64\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-prof\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-s390\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-s390x\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-sparc64\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-udeb\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-xen\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-dbg\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-dev\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-pic\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-prof\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-udeb\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss-dns-udeb\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss-files-udeb\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"locales\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"locales-all\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"multiarch-support\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nscd\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-03-05T00:00:00", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2015-2845", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5119", "CVE-2014-6040", "CVE-2014-7817", "CVE-2014-0475"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869060", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869060", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2015-2845\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869060\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-05 05:43:08 +0100 (Thu, 05 Mar 2015)\");\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-7817\", \"CVE-2014-5119\", \"CVE-2014-0475\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for glibc FEDORA-2015-2845\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"glibc on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-2845\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/150631.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.18~19.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T12:43:39", "description": "Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file \ndescriptors when resolving DNS queries under high load. This may cause a \ndenial of service in other applications, or an information leak. This issue \nonly affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. \n(CVE-2013-7423)\n\nIt was discovered that the GNU C Library incorrectly handled receiving a \npositive answer while processing the network name when performing DNS \nresolution. A remote attacker could use this issue to cause the GNU C \nLibrary to hang, resulting in a denial of service. (CVE-2014-9402)\n\nJoseph Myers discovered that the GNU C Library wscanf function incorrectly \nhandled memory. A remote attacker could possibly use this issue to cause \nthe GNU C Library to crash, resulting in a denial of service, or possibly \nexecute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu \n14.04 LTS and Ubuntu 14.10. (CVE-2015-1472, CVE-2015-1473)\n", "cvss3": {}, "published": "2015-02-26T00:00:00", "type": "ubuntu", "title": "GNU C Library vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9402", "CVE-2015-1472", "CVE-2013-7423", "CVE-2015-1473"], "modified": "2015-02-26T00:00:00", "id": "USN-2519-1", "href": "https://ubuntu.com/security/notices/USN-2519-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-01-04T12:46:32", "description": "Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled \ncertain multibyte characters when using the iconv function. An attacker \ncould possibly use this issue to cause applications to crash, resulting in \na denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu \n12.04 LTS. (CVE-2012-6656)\n\nAdhemerval Zanella Netto discovered that the GNU C Library incorrectly \nhandled certain multibyte characters when using the iconv function. An \nattacker could possibly use this issue to cause applications to crash, \nresulting in a denial of service. (CVE-2014-6040)\n\nTim Waugh discovered that the GNU C Library incorrectly enforced the \nWRDE_NOCMD flag when handling the wordexp function. An attacker could \npossibly use this issue to execute arbitrary commands. (CVE-2014-7817)\n", "cvss3": {}, "published": "2014-12-03T00:00:00", "type": "ubuntu", "title": "GNU C Library vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6656", "CVE-2014-6040", "CVE-2014-7817"], "modified": "2014-12-03T00:00:00", "id": "USN-2432-1", "href": "https://ubuntu.com/security/notices/USN-2432-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2021-10-21T04:45:36", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system.\nWithout these libraries, the Linux system cannot function correctly.\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo()\nfunction would send DNS queries to random file descriptors. An attacker\ncould potentially use this flaw to send DNS queries to unintended\nrecipients, resulting in information disclosure or data loss due to the\napplication encountering corrupted data. (CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and\nother related functions computed the size of a buffer when passed a\nmisaligned buffer as input. An attacker able to make an application call\nany of these functions with a misaligned buffer could use this flaw to\ncrash the application or, potentially, execute arbitrary code with the\npermissions of the user running the application. (CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found in\nglibc's swscanf() function. An attacker able to make an application call\nthe swscanf() function could use these flaws to crash that application or,\npotentially, execute arbitrary code with the permissions of the user\nrunning the application. (CVE-2015-1472, CVE-2015-1473)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in glibc's _IO_wstr_overflow() function. An attacker able to make an\napplication call this function could use this flaw to crash that\napplication or, potentially, execute arbitrary code with the permissions of\nthe user running the application. (BZ#1195762)\n\nA flaw was found in the way glibc's fnmatch() function processed certain\nmalformed patterns. An attacker able to make an application call this\nfunction could use this flaw to crash that application. (BZ#1197730)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThese updated glibc packages also include numerous bug fixes and one\nenhancement. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes, users\nare directed to the following article on the Red Hat Customer Portal:\n\nhttps://access.redhat.com/articles/2050743\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.", "cvss3": {}, "published": "2015-11-19T14:39:58", "type": "redhat", "title": "(RHSA-2015:2199) Moderate: glibc security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7423", "CVE-2015-1472", "CVE-2015-1473", "CVE-2015-1781"], "modified": "2018-04-11T23:33:20", "id": "RHSA-2015:2199", "href": "https://access.redhat.com/errata/RHSA-2015:2199", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:43:22", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es):\n\n* It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. (CVE-2013-7423)", "cvss3": {}, "published": "2016-06-07T05:18:46", "type": "redhat", "title": "(RHSA-2016:1207) Moderate: glibc security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7423"], "modified": "2016-09-03T22:14:26", "id": "RHSA-2016:1207", "href": "https://access.redhat.com/errata/RHSA-2016:1207", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-21T04:42:10", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name\nServer Caching Daemon (nscd) used by multiple programs on the system.\nWithout these libraries, the Linux system cannot function correctly.\n\nIt was found that the wordexp() function would perform command substitution\neven when the WRDE_NOCMD flag was specified. An attacker able to provide\nspecially crafted input to an application using the wordexp() function, and\nnot sanitizing the input correctly, could potentially use this flaw to\nexecute arbitrary commands with the credentials of the user running that\napplication. (CVE-2014-7817)\n\nThis issue was discovered by Tim Waugh of the Red Hat Developer Experience\nTeam.\n\nThis update also fixes the following bug:\n\n* Prior to this update, if a file stream that was opened in append mode and\nits underlying file descriptor were used at the same time and the file was\ntruncated using the ftruncate() function on the file descriptor, a\nsubsequent ftell() call on the stream incorrectly modified the file offset\nby seeking to the new end of the file. This update ensures that ftell()\nmodifies the state of the file stream only when it is in append mode and\nits buffer is not empty. As a result, the described incorrect changes to\nthe file offset no longer occur. (BZ#1170187)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "cvss3": {}, "published": "2014-12-18T00:00:00", "type": "redhat", "title": "(RHSA-2014:2023) Moderate: glibc security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7817"], "modified": "2018-04-11T23:32:51", "id": "RHSA-2014:2023", "href": "https://access.redhat.com/errata/RHSA-2014:2023", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:44:23", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name\nServer Caching Daemon (nscd) used by multiple programs on the system.\nWithout these libraries, the Linux system cannot function correctly.\n\nIt was discovered that the nss_files backend for the Name Service Switch in\nglibc would return incorrect data to applications or corrupt the heap\n(depending on adjacent heap contents). A local attacker could potentially\nuse this flaw to execute arbitrary code on the system. (CVE-2015-5277)\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo()\nfunction would send DNS queries to random file descriptors. An attacker\ncould potentially use this flaw to send DNS queries to unintended\nrecipients, resulting in information disclosure or data loss due to the\napplication encountering corrupted data. (CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and\nother related functions computed the size of a buffer when passed a\nmisaligned buffer as input. An attacker able to make an application call\nany of these functions with a misaligned buffer could use this flaw to\ncrash the application or, potentially, execute arbitrary code with the\npermissions of the user running the application. (CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found in\nglibc's swscanf() function. An attacker able to make an application call\nthe swscanf() function could use these flaws to crash that application or,\npotentially, execute arbitrary code with the permissions of the user\nrunning the application. (CVE-2015-1472, CVE-2015-1473)\n\nThe CVE-2015-5277 issue was discovered by Sumit Bose and Luk\u00e1\u0161 Slebodn\u00edk of\nRed Hat, and the CVE-2015-1781 issue was discovered by Arjun Shankar of Red\nHat.\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "cvss3": {}, "published": "2015-12-09T08:43:11", "type": "redhat", "title": "(RHSA-2015:2589) Important: glibc security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7423", "CVE-2015-1472", "CVE-2015-1473", "CVE-2015-1781", "CVE-2015-5277"], "modified": "2016-04-04T15:56:50", "id": "RHSA-2015:2589", "href": "https://access.redhat.com/errata/RHSA-2015:2589", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T18:37:54", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name\nServer Caching Daemon (nscd) used by multiple programs on the system.\nWithout these libraries, the Linux system cannot function correctly.\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and\nother related functions computed the size of a buffer when passed a\nmisaligned buffer as input. An attacker able to make an application call\nany of these functions with a misaligned buffer could use this flaw to\ncrash the application or, potentially, execute arbitrary code with the\npermissions of the user running the application. (CVE-2015-1781)\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo()\nfunction would send DNS queries to random file descriptors. An attacker\ncould potentially use this flaw to send DNS queries to unintended\nrecipients, resulting in information disclosure or data loss due to the\napplication encountering corrupted data. (CVE-2013-7423)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThis update also fixes the following bug:\n\n* Previously, the nscd daemon did not properly reload modified data when\nthe user edited monitored nscd configuration files. As a consequence, nscd\nreturned stale data to system processes. This update adds a system of\ninotify-based monitoring and stat-based backup monitoring for nscd\nconfiguration files. As a result, nscd now detects changes to its\nconfiguration files and reloads the data properly, which prevents it from\nreturning stale data. (BZ#1194149)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "cvss3": {}, "published": "2015-04-21T00:00:00", "type": "redhat", "title": "(RHSA-2015:0863) Moderate: glibc security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7423", "CVE-2015-1781"], "modified": "2018-06-06T16:24:21", "id": "RHSA-2015:0863", "href": "https://access.redhat.com/errata/RHSA-2015:0863", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T18:42:21", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function\nconverted certain encoded data to UTF-8. An attacker able to make an\napplication call the iconv() function with a specially crafted argument\ncould use this flaw to crash that application. (CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution\neven when the WRDE_NOCMD flag was specified. An attacker able to provide\nspecially crafted input to an application using the wordexp() function, and\nnot sanitizing the input correctly, could potentially use this flaw to\nexecute arbitrary commands with the credentials of the user running that\napplication. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs:\n\n* Previously, when an address lookup using the getaddrinfo() function for\nthe AF_UNSPEC value was performed on a defective DNS server, the server in\nsome cases responded with a valid response for the A record, but a referral\nresponse for the AAAA record, which resulted in a lookup failure. A prior\nupdate was implemented for getaddrinfo() to return the valid response, but\nit contained a typographical error, due to which the lookup could under\nsome circumstances still fail. This error has been corrected and\ngetaddrinfo() now returns a valid response in the described circumstances.\n(BZ#1172023)\n\n* An error in the dlopen() library function previously caused recursive\ncalls to dlopen() to terminate unexpectedly or to abort with a library\nassertion. This error has been fixed and recursive calls to dlopen() no\nlonger crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "cvss3": {}, "published": "2015-01-07T00:00:00", "type": "redhat", "title": "(RHSA-2015:0016) Moderate: glibc security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "modified": "2018-06-06T16:24:20", "id": "RHSA-2015:0016", "href": "https://access.redhat.com/errata/RHSA-2015:0016", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-21T04:43:33", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es):\n\n* glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation (CVE-2018-1000001)\n\n* glibc: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670)\n\n* glibc: Buffer overflow during unescaping of user names with the ~ operator (CVE-2017-15804)\n\n* glibc: denial of service in getnetbyname function (CVE-2014-9402)\n\n* glibc: DNS resolver NULL pointer dereference with crafted record type (CVE-2015-5180)\n\n* glibc: Fragmentation attacks possible when EDNS0 is enabled (CVE-2017-12132)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank halfdog for reporting CVE-2018-1000001. The CVE-2015-5180 issue was discovered by Florian Weimer (Red Hat Product Security).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-10T05:01:26", "type": "redhat", "title": "(RHSA-2018:0805) Moderate: glibc security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9402", "CVE-2015-5180", "CVE-2017-12132", "CVE-2017-15670", "CVE-2017-15804", "CVE-2018-1000001"], "modified": "2018-04-10T06:46:53", "id": "RHSA-2018:0805", "href": "https://access.redhat.com/errata/RHSA-2018:0805", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2021-06-04T20:21:08", "description": "[2.17-105.0.1]\n- Remove strstr and strcasestr implementations using sse4.2 instructions.\n- Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and\n 1818483b15d22016b0eae41d37ee91cc87b37510 backported.\n[2.17-105]\n- Fix up test case for initial-exec fix (#1248208).\n[2.17-104]\n- Mark all TLS variables in libc.so as initial-exec (#1248208).\n[2.17-103]\n- Apply correct fix for #1195672.\n[2.17-102]\n- Remove workaround for kernel netlink bug (#1089836).\n- Use only 32-bit instructions in optimized 32-bit POWER functions (#1240796).\n[2.17-101]\n- Correct the AArch64 ABI baseline for libpthread (#1234622).\n[2.17-100]\n- Prevent tst-rec-dlopen from intermittently failing in parallel\n builds due to a missing makefile dependency (#1225959).\n[2.17-99]\n- Increase AArch64 TLS descriptor performance (#1202952).\n[2.17-98]\n- Move arch-specific header files from glibc-headers to glibc-devel (#1230328).\n[2.17-97]\n- Rebase high-precision timing support for microbenchmark (#1214326).\n[2.17-96]\n- Rebase microbenchmarks from upstream for performance testing (#1214326)\n- Fix running microbenchmark script bench.pl from source (#1084395)\n[2.17-95]\n- Enable systemtap support for all architectures (#1225490).\n[2.17-94]\n- Fix ruserok API scalability issues (#1216246).\n[2.17-93]\n- Backport fixes and enhancements for ppc64 and ppc64le (#1162895).\n - Correct DT_PPC64_NUM in elf/elf.h.\n - Correct IBM long double frexpl.\n - Correct IBM long double nextafterl.\n[2.17-92]\n- Backport fixes for various security flaws (#1209107):\n - Prevent heap buffer overflow in swscanf (CVE-2015-1472, CVE-2015-1473,\n - Prevent integer overflow in _IO_wstr_overflow (#1195762).\n - Prevent potential denial of service in internal_fnmatch (#1197730).\n - Prevent buffer overflow in gethostbyname_r and related functions\n with misaligned buffer (CVE-2015-1781, #1199525).\n[2.17-91]\n- Allow more shared libraries with static TLS to be loaded (#1227699).\n[2.17-90]\n- Work around kernel netlink bug on some specialized hardware setup (#1089836).\n- Fix invalid file descriptor reuse when sending DNS query\n (CVE-2013-7423, #1194143).\n- Sync netinet/tcp.h with the kernel (#1219891).\n[2.17-89]\n- Avoid deadlock in malloc on backtrace (#1207032).\n- Actually test iconv modules (#1176906).\n- Use calloc to allocate xports (#1159169).\n- Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1098042).\n[2.17-88]\n- Add librtkaio.abilist generated by make update-abi (#1173238).\n[2.18-87]\n- Enhance nscd inotify support (#1193797).\n[2.17-86]\n- Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1173537).\n[2.17-85]\n- Skip logging for DNSSEC responses (#1186620).\n- Also apply the RHEL6.7 Makerules patch (#1189278).\n[2.17-84]\n- Initialize nscd stats data (#1183456).\n[2.17-83]\n- Resize DTV if the current DTV isn't big enough (#1189278).\n[2.17-82]\n- Backport an alternate implementation of strstr and strcasestr for\n x86 that doesn't use the stack for temporaries requiring 16-byte\n alignment (#1150282).\n[2.17-81]\n- Fix recursive dlopen() (#1165212).\n- Correctly size profiling reloc table (#1144133).\n[2.17-80]\n- Work around a suspected gcc 4.8 bug (#1064066).\n[2.17-79]\n- Restructure spec file to unconditionally apply ppc64le support (#1182355).\n- Fix test failure in test-ildoubl on ppc64 (#1186491).", "cvss3": {}, "published": "2015-11-24T00:00:00", "type": "oraclelinux", "title": "glibc security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2015-1472", "CVE-2015-1473", "CVE-2015-1781"], "modified": "2015-11-24T00:00:00", "id": "ELSA-2015-2199", "href": "http://linux.oracle.com/errata/ELSA-2015-2199.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-05-13T09:23:51", "description": "[2.12-1.149.7]\n- Fix invalid file descriptor reuse while sending DNS query\n (#1207995, CVE-2013-7423).\n- Fix buffer overflow in gethostbyname_r with misaligned buffer\n (#1209375, CVE-2015-1781).\n[2.12-1.149.6]\n- Enhance nscd to detect any configuration file changes (#1194149).", "cvss3": {}, "published": "2015-04-21T00:00:00", "type": "oraclelinux", "title": "glibc security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2015-1781"], "modified": "2015-04-21T00:00:00", "id": "ELSA-2015-0863", "href": "http://linux.oracle.com/errata/ELSA-2015-0863.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:41", "description": "[2.12-1.149.4]\n- Fix recursive dlopen() (#1173469).\n[2.12-1.149.3]\n- Fix typo in res_send and res_query (#rh1172023).\n[2.12-1.149.2]\n- Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, #1139571).\n[2.12-1.149.1]\n- Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1170121).", "cvss3": {}, "published": "2015-01-07T00:00:00", "type": "oraclelinux", "title": "glibc security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "modified": "2015-01-07T00:00:00", "id": "ELSA-2015-0016", "href": "http://linux.oracle.com/errata/ELSA-2015-0016.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:58", "description": "[2.17-55.0.4.el7_0.3]\n- Remove strstr and strcasestr implementations using sse4.2 instructions.\n- Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and\n 1818483b15d22016b0eae41d37ee91cc87b37510 backported. (Jose E. Marchesi)\n[2.17-55.3]\n- Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1170118)\n[2.17-55.2]\n- ftell: seek to end only when there are unflushed bytes (#1170187).\n[2.17-55.1]\n- Remove gconv transliteration loadable modules support (CVE-2014-5119,\n - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,", "cvss3": {}, "published": "2014-12-18T00:00:00", "type": "oraclelinux", "title": "glibc security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-5119", "CVE-2014-7817", "CVE-2014-0475"], "modified": "2014-12-18T00:00:00", "id": "ELSA-2014-2023", "href": "http://linux.oracle.com/errata/ELSA-2014-2023.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:07", "description": " Oracle Linux 7: \n[2.17-55.0.4.el7_0.5]\n- Remove strstr and strcasestr implementations using sse4.2 instructions.\n- Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and\n 1818483b15d22016b0eae41d37ee91cc87b37510 backported. (Jose E. Marchesi)\n[2.17-55.5]\n- Rebuild and run regression testing.\n[2.17-55.4]\n- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183535).\n[2.17-55.3]\n- Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1170118)\n[2.17-55.2]\n- ftell: seek to end only when there are unflushed bytes (#1170187).\n[2.17-55.1]\n- Remove gconv transliteration loadable modules support (CVE-2014-5119,\n - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,\nOracle Linux 6 :\n[2.12-1.149.5]\n- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183533).", "cvss3": {}, "published": "2015-01-27T00:00:00", "type": "oraclelinux", "title": "glibc security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-0235", "CVE-2014-5119", "CVE-2014-7817", "CVE-2014-0475"], "modified": "2015-01-27T00:00:00", "id": "ELSA-2015-0092", "href": "http://linux.oracle.com/errata/ELSA-2015-0092.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:35", "description": "[2.17-78.0.1]\n- Remove strstr and strcasestr implementations using sse4.2 instructions.\n- Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and\n 1818483b15d22016b0eae41d37ee91cc87b37510 backported.\n[2.17-78]\n- Fix ppc64le builds (#1077389).\n[2.17-77]\n- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183545).\n[2.17-76]\n- Fix application crashes during calls to gettimeofday on ppc64\n when kernel exports gettimeofday via VDSO (#1077389).\n- Prevent NSS-based file backend from entering infinite loop\n when different APIs request the same service (CVE-2014-8121, #1182272).\n[2.17-75]\n- Fix permission of debuginfo source files to allow multiarch\n debuginfo packages to be installed and upgraded (#1170110).\n[2.17-74]\n- Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1170487).\n[2.17-73]\n- ftell: seek to end only when there are unflushed bytes (#1156331).\n[2.17-72]\n- [s390] Fix up _dl_argv after adjusting arguments in _dl_start_user (#1161666).\n[2.17-71]\n- Fix incorrect handling of relocations in 64-bit LE mode for Power\n (#1162847).\n[2.17-70]\n- [s390] Retain stack alignment when skipping over loader argv (#1161666).\n[2.17-69]\n- Use __int128_t in link.h to support older compiler (#1120490).\n[2.17-68]\n- Revert to defining __extern_inline only for gcc-4.3+ (#1120490).\n[2.17-67]\n- Correct a defect in the generated math error table in the manual (#786638).\n[2.17-66]\n- Include preliminary thread, signal and cancellation safety documentation\n in manual (#786638).\n[2.17-65]\n- PowerPC 32-bit and 64-bit optimized function support using STT_GNU_IFUNC\n (#731837).\n- Support running Intel MPX-enabled applications (#1132518).\n- Support running Intel AVX-512-enabled applications (#1140272).\n[2.17-64]\n- Fix crashes on invalid input in IBM gconv modules (#1140474, CVE-2014-6040).\n[2.17-63]\n- Build build-locale-archive statically (#1070611).\n- Return failure in getnetgrent only when all netgroups have been searched\n (#1085313).\n[2.17-62]\n- Don't use alloca in addgetnetgrentX (#1138520).\n- Adjust pointers to triplets in netgroup query data (#1138520).\n[2.17-61]\n- Set CS_PATH to just /use/bin (#1124453).\n- Add systemtap probe in lll_futex_wake for ppc and s390 (#1084089).\n[2.17-60]\n- Add mmap usage to malloc_info output (#1103856).\n- Fix nscd lookup for innetgr when netgroup has wildcards (#1080766).\n- Fix memory order when reading libgcc handle (#1103874).\n- Fix typo in nscd/selinux.c (#1125306).\n- Do not fail if one of the two responses to AF_UNSPEC fails (#1098047).\n[2.17-59]\n- Provide correct buffer length to netgroup queries in nscd (#1083647).\n- Return NULL for wildcard values in getnetgrent from nscd (#1085290).\n- Avoid overlapping addresses to stpcpy calls in nscd (#1083644).\n- Initialize all of datahead structure in nscd (#1083646).\n[2.17-58]\n- Remove gconv transliteration loadable modules support (CVE-2014-5119,\n - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,\n[2.17-57]\n- Merge 64-bit ARM (AArch64) support (#1027179).\n- Fix build failure for rtkaio/tst-aiod2.c and rtkaio/tst-aiod3.c.\n[2.17-56]\n- Merge LE 64-bit POWER support (#1125513).\n[2.17-55.4]\n- Fix tst-cancel4, tst-cancelx4, tst-cancel5, and tst-cancelx5 for all targets.\n- Fix tst-ildoubl, and tst-ldouble for POWER.\n- Allow LE 64-bit POWER to build with VSX if enabled (#1124048).\n[2.17-55.3]\n- Fix ppc64le ABI issue with pthread_atfork being present in libpthread.so.0.\n[2.17-55.2]\n- Add ABI baseline for 64-bit POWER LE.\n[2.17-55.1]\n- Add 64-bit POWER LE support.", "cvss3": {}, "published": "2015-03-09T00:00:00", "type": "oraclelinux", "title": "glibc security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-0235", "CVE-2014-5119", "CVE-2014-6040", "CVE-2014-8121", "CVE-2014-7817", "CVE-2014-0475"], "modified": "2015-03-09T00:00:00", "id": "ELSA-2015-0327", "href": "http://linux.oracle.com/errata/ELSA-2015-0327.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:30", "description": "[2.17-222]\n- Restore internal GLIBC_PRIVATE symbols for use during upgrades (#1523119)\n[2.17-221]\n- CVE-2018-1000001: Fix realpath() buffer underflow (#1534635)\n- i386: Fix unwinding for 32-bit C++ application (#1529982)\n- Reduce thread and dynamic loader stack usage (#1527904)\n- x86-64: Use XSAVE/XSAVEC more often during lazy symbol binding (#1528418)\n[2.17-220]\n- Update HWCAP bits for IBM POWER9 DD2.1 (#1503854)\n[2.17-219]\n- Rebuild with newer gcc for aarch64 stack probing fixes (#1500475)\n[2.17-218]\n- Improve memcpy performance for POWER9 DD2.1 (#1498925)\n[2.17-217]\n- Update Linux system call list to kernel 4.13 (#1508895)\n[2.17-216]\n- x86-64: Use XSAVE/XSAVEC in the ld.so trampoline (#1504969)\n[2.17-215]\n- CVE-2017-15670: glob: Fix one-byte overflow with GLOB_TILDE (#1504809)\n- CVE-2017-15804: glob: Fix buffer overflow in GLOB_TILDE unescaping (#1504809)\n[2.17-214]\n- Fix check-localplt test failure.\n- Include ld.so in check-localplt test. (#1440250)\n[2.17-213]\n- Fix build warning in locarchive.c (#1349964)\n[2.17-212]\n- Hide reference to mktemp in libpthread (#1349962)\n[2.17-211]\n- Implement fopencookie hardening (#1372305)\n[2.17-210]\n- x86-64: Support __tls_get_addr with an unaligned stack (#1468807)\n[2.17-209]\n- Define CLOCK_TAI in \n (#1448822)\n[2.17-208]\n- Compile glibc with -fstack-clash-protection (#1500475)\n[2.17-207]\n- aarch64: Avoid invalid relocations in the startup code (#1500908)\n[2.17-206]\n- Fix timezone test failures on large parallel builds. (#1234449, #1378329)\n[2.17-205]\n- Handle DSOs with no PLT (#1445781)\n[2.17-204]\n- libio: Implement vtable verification (#1398413)\n[2.17-203]\n- Fix socket system call selection on s390x (#1498566).\n- Use different construct for protected visibility in IFUNC tests (#1445644)\n[2.17-202]\n- Rebase the DNS stub resolver and getaddrinfo to the glibc 2.26 version\n- Support an arbitrary number of search domains in the stub resolver (#677316)\n- Detect and apply /etc/resolv.conf changes in libresolv (#1432085)\n- CVE-2017-1213: Fragmentation attacks possible when ENDS0 is enabled\n (#1487063)\n- CVE-2016-3706: Stack (frame) overflow in getaddrinfo when called\n with AF_INET, AF_INET6 (#1329674)\n- CVE-2015-5180: resolv: Fix crash with internal QTYPE (#1497131)\n- CVE-2014-9402: denial of service in getnetbyname function (#1497132)\n- Fix getaddrinfo to handle certain long lines in /etc/hosts (#1452034)\n- Make RES_ROTATE start with a random name server (#1257639)\n- Stricter IPv6 address parser (#1484034)\n- Remove noip6dotint support from the stub resolver (#1482988)\n- Remove partial bitstring label support from the stub resolver\n- Remove unsupported resolver hook functions from the API\n- Remove outdated RR type classification macros from the API\n- hesiod: Always use TLS resolver state\n- hesiod: Avoid non-trust-boundary crossing heap overflow in get_txt_records\n[2.17.201]\n- Fix hang in nscd cache prune thread (#1435615)\n[2.17-200]\n- Add binary timezone test data files (#1234449, #1378329)\n[2.17.198]\n- Add support for new IBM z14 (s390x) instructions (#1375235)\n[2.17-197]\n- Fix compile warnings in malloc (#1347277)\n- Fix occasional tst-malloc-usable failures (#1348000)\n- Additional chunk hardening in malloc (#1447556)\n- Pointer alignment fix in nss group merge (#1463692)\n- Fix SIGSEGV when LD_LIBRARY_PATH only has non-existing paths (#1443236)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-18T00:00:00", "type": "oraclelinux", "title": "glibc security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9402", "CVE-2015-5180", "CVE-2016-3706", "CVE-2017-1213", "CVE-2017-15670", "CVE-2017-15804", "CVE-2018-1000001"], "modified": "2018-04-18T00:00:00", "id": "ELSA-2018-4078", "href": "http://linux.oracle.com/errata/ELSA-2018-4078.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-30T06:24:24", "description": "[2.17-222]\n- Restore internal GLIBC_PRIVATE symbols for use during upgrades (#1523119)\n[2.17-221]\n- CVE-2018-1000001: Fix realpath() buffer underflow (#1534635)\n- i386: Fix unwinding for 32-bit C++ application (#1529982)\n- Reduce thread and dynamic loader stack usage (#1527904)\n- x86-64: Use XSAVE/XSAVEC more often during lazy symbol binding (#1528418)\n[2.17-220]\n- Update HWCAP bits for IBM POWER9 DD2.1 (#1503854)\n[2.17-219]\n- Rebuild with newer gcc for aarch64 stack probing fixes (#1500475)\n[2.17-218]\n- Improve memcpy performance for POWER9 DD2.1 (#1498925)\n[2.17-217]\n- Update Linux system call list to kernel 4.13 (#1508895)\n[2.17-216]\n- x86-64: Use XSAVE/XSAVEC in the ld.so trampoline (#1504969)\n[2.17-215]\n- CVE-2017-15670: glob: Fix one-byte overflow with GLOB_TILDE (#1504809)\n- CVE-2017-15804: glob: Fix buffer overflow in GLOB_TILDE unescaping (#1504809)\n[2.17-214]\n- Fix check-localplt test failure.\n- Include ld.so in check-localplt test. (#1440250)\n[2.17-213]\n- Fix build warning in locarchive.c (#1349964)\n[2.17-212]\n- Hide reference to mktemp in libpthread (#1349962)\n[2.17-211]\n- Implement fopencookie hardening (#1372305)\n[2.17-210]\n- x86-64: Support __tls_get_addr with an unaligned stack (#1468807)\n[2.17-209]\n- Define CLOCK_TAI in \n (#1448822)\n[2.17-208]\n- Compile glibc with -fstack-clash-protection (#1500475)\n[2.17-207]\n- aarch64: Avoid invalid relocations in the startup code (#1500908)\n[2.17-206]\n- Fix timezone test failures on large parallel builds. (#1234449, #1378329)\n[2.17-205]\n- Handle DSOs with no PLT (#1445781)\n[2.17-204]\n- libio: Implement vtable verification (#1398413)\n[2.17-203]\n- Fix socket system call selection on s390x (#1498566).\n- Use different construct for protected visibility in IFUNC tests (#1445644)\n[2.17-202]\n- Rebase the DNS stub resolver and getaddrinfo to the glibc 2.26 version\n- Support an arbitrary number of search domains in the stub resolver (#677316)\n- Detect and apply /etc/resolv.conf changes in libresolv (#1432085)\n- CVE-2017-1213: Fragmentation attacks possible when ENDS0 is enabled\n (#1487063)\n- CVE-2016-3706: Stack (frame) overflow in getaddrinfo when called\n with AF_INET, AF_INET6 (#1329674)\n- CVE-2015-5180: resolv: Fix crash with internal QTYPE (#1497131)\n- CVE-2014-9402: denial of service in getnetbyname function (#1497132)\n- Fix getaddrinfo to handle certain long lines in /etc/hosts (#1452034)\n- Make RES_ROTATE start with a random name server (#1257639)\n- Stricter IPv6 address parser (#1484034)\n- Remove noip6dotint support from the stub resolver (#1482988)\n- Remove partial bitstring label support from the stub resolver\n- Remove unsupported resolver hook functions from the API\n- Remove outdated RR type classification macros from the API\n- hesiod: Always use TLS resolver state\n- hesiod: Avoid non-trust-boundary crossing heap overflow in get_txt_records\n[2.17.201]\n- Fix hang in nscd cache prune thread (#1435615)\n[2.17-200]\n- Add binary timezone test data files (#1234449, #1378329)\n[2.17.198]\n- Add support for new IBM z14 (s390x) instructions (#1375235)\n[2.17-197]\n- Fix compile warnings in malloc (#1347277)\n- Fix occasional tst-malloc-usable failures (#1348000)\n- Additional chunk hardening in malloc (#1447556)\n- Pointer alignment fix in nss group merge (#1463692)\n- Fix SIGSEGV when LD_LIBRARY_PATH only has non-existing paths (#1443236)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-16T00:00:00", "type": "oraclelinux", "title": "glibc security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9402", "CVE-2015-5180", "CVE-2016-3706", "CVE-2017-1213", "CVE-2017-12132", "CVE-2017-15670", "CVE-2017-15804", "CVE-2018-1000001"], "modified": "2018-04-16T00:00:00", "id": "ELSA-2018-0805", "href": "http://linux.oracle.com/errata/ELSA-2018-0805.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "centos": [{"lastseen": "2022-02-27T16:06:34", "description": "**CentOS Errata and Security Advisory** CESA-2015:2199\n\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system.\nWithout these libraries, the Linux system cannot function correctly.\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo()\nfunction would send DNS queries to random file descriptors. An attacker\ncould potentially use this flaw to send DNS queries to unintended\nrecipients, resulting in information disclosure or data loss due to the\napplication encountering corrupted data. (CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and\nother related functions computed the size of a buffer when passed a\nmisaligned buffer as input. An attacker able to make an application call\nany of these functions with a misaligned buffer could use this flaw to\ncrash the application or, potentially, execute arbitrary code with the\npermissions of the user running the application. (CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found in\nglibc's swscanf() function. An attacker able to make an application call\nthe swscanf() function could use these flaws to crash that application or,\npotentially, execute arbitrary code with the permissions of the user\nrunning the application. (CVE-2015-1472, CVE-2015-1473)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in glibc's _IO_wstr_overflow() function. An attacker able to make an\napplication call this function could use this flaw to crash that\napplication or, potentially, execute arbitrary code with the permissions of\nthe user running the application. (BZ#1195762)\n\nA flaw was found in the way glibc's fnmatch() function processed certain\nmalformed patterns. An attacker able to make an application call this\nfunction could use this flaw to crash that application. (BZ#1197730)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThese updated glibc packages also include numerous bug fixes and one\nenhancement. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes, users\nare directed to the following article on the Red Hat Customer Portal:\n\nhttps://access.redhat.com/articles/2050743\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2015-November/015132.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2015:2199", "cvss3": {}, "published": "2015-11-30T19:30:07", "type": "centos", "title": "glibc, nscd security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7423", "CVE-2015-1472", "CVE-2015-1473", "CVE-2015-1781"], "modified": "2015-11-30T19:30:07", "id": "CESA-2015:2199", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2015-November/015132.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-27T11:53:42", "description": "**CentOS Errata and Security Advisory** CESA-2014:2023\n\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name\nServer Caching Daemon (nscd) used by multiple programs on the system.\nWithout these libraries, the Linux system cannot function correctly.\n\nIt was found that the wordexp() function would perform command substitution\neven when the WRDE_NOCMD flag was specified. An attacker able to provide\nspecially crafted input to an application using the wordexp() function, and\nnot sanitizing the input correctly, could potentially use this flaw to\nexecute arbitrary commands with the credentials of the user running that\napplication. (CVE-2014-7817)\n\nThis issue was discovered by Tim Waugh of the Red Hat Developer Experience\nTeam.\n\nThis update also fixes the following bug:\n\n* Prior to this update, if a file stream that was opened in append mode and\nits underlying file descriptor were used at the same time and the file was\ntruncated using the ftruncate() function on the file descriptor, a\nsubsequent ftell() call on the stream incorrectly modified the file offset\nby seeking to the new end of the file. This update ensures that ftell()\nmodifies the state of the file stream only when it is in append mode and\nits buffer is not empty. As a result, the described incorrect changes to\nthe file offset no longer occur. (BZ#1170187)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2014-December/057768.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2014:2023", "cvss3": {}, "published": "2014-12-19T12:43:11", "type": "centos", "title": "glibc, nscd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7817"], "modified": "2014-12-19T12:43:11", "id": "CESA-2014:2023", "href": "https://lists.centos.org/pipermail/centos-announce/2014-December/057768.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-27T11:53:32", "description": "**CentOS Errata and Security Advisory** CESA-2015:0863\n\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name\nServer Caching Daemon (nscd) used by multiple programs on the system.\nWithout these libraries, the Linux system cannot function correctly.\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and\nother related functions computed the size of a buffer when passed a\nmisaligned buffer as input. An attacker able to make an application call\nany of these functions with a misaligned buffer could use this flaw to\ncrash the application or, potentially, execute arbitrary code with the\npermissions of the user running the application. (CVE-2015-1781)\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo()\nfunction would send DNS queries to random file descriptors. An attacker\ncould potentially use this flaw to send DNS queries to unintended\nrecipients, resulting in information disclosure or data loss due to the\napplication encountering corrupted data. (CVE-2013-7423)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThis update also fixes the following bug:\n\n* Previously, the nscd daemon did not properly reload modified data when\nthe user edited monitored nscd configuration files. As a consequence, nscd\nreturned stale data to system processes. This update adds a system of\ninotify-based monitoring and stat-based backup monitoring for nscd\nconfiguration files. As a result, nscd now detects changes to its\nconfiguration files and reloads the data properly, which prevents it from\nreturning stale data. (BZ#1194149)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2015-April/058000.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2015:0863", "cvss3": {}, "published": "2015-04-21T13:07:39", "type": "centos", "title": "glibc, nscd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7423", "CVE-2015-1781"], "modified": "2015-04-21T13:07:39", "id": "CESA-2015:0863", "href": "https://lists.centos.org/pipermail/centos-announce/2015-April/058000.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-27T11:53:35", "description": "**CentOS Errata and Security Advisory** CESA-2015:0016\n\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function\nconverted certain encoded data to UTF-8. An attacker able to make an\napplication call the iconv() function with a specially crafted argument\ncould use this flaw to crash that application. (CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution\neven when the WRDE_NOCMD flag was specified. An attacker able to provide\nspecially crafted input to an application using the wordexp() function, and\nnot sanitizing the input correctly, could potentially use this flaw to\nexecute arbitrary commands with the credentials of the user running that\napplication. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs:\n\n* Previously, when an address lookup using the getaddrinfo() function for\nthe AF_UNSPEC value was performed on a defective DNS server, the server in\nsome cases responded with a valid response for the A record, but a referral\nresponse for the AAAA record, which resulted in a lookup failure. A prior\nupdate was implemented for getaddrinfo() to return the valid response, but\nit contained a typographical error, due to which the lookup could under\nsome circumstances still fail. This error has been corrected and\ngetaddrinfo() now returns a valid response in the described circumstances.\n(BZ#1172023)\n\n* An error in the dlopen() library function previously caused recursive\ncalls to dlopen() to terminate unexpectedly or to abort with a library\nassertion. This error has been fixed and recursive calls to dlopen() no\nlonger crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2015-January/057782.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2015:0016", "cvss3": {}, "published": "2015-01-07T22:45:41", "type": "centos", "title": "glibc, nscd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "modified": "2015-01-07T22:45:41", "id": "CESA-2015:0016", "href": "https://lists.centos.org/pipermail/centos-announce/2015-January/057782.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-02-27T16:05:59", "description": "**CentOS Errata and Security Advisory** CESA-2018:0805\n\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es):\n\n* glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation (CVE-2018-1000001)\n\n* glibc: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670)\n\n* glibc: Buffer overflow during unescaping of user names with the ~ operator (CVE-2017-15804)\n\n* glibc: denial of service in getnetbyname function (CVE-2014-9402)\n\n* glibc: DNS resolver NULL pointer dereference with crafted record type (CVE-2015-5180)\n\n* glibc: Fragmentation attacks possible when EDNS0 is enabled (CVE-2017-12132)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank halfdog for reporting CVE-2018-1000001. The CVE-2015-5180 issue was discovered by Florian Weimer (Red Hat Product Security).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2018-April/017704.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2018:0805", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-26T17:41:43", "type": "centos", "title": "glibc, nscd security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9402", "CVE-2015-5180", "CVE-2017-12132", "CVE-2017-15670", "CVE-2017-15804", "CVE-2018-1000001"], "modified": "2018-04-26T17:41:43", "id": "CESA-2018:0805", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2018-April/017704.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:06:43", "description": "### Background\n\nThe GNU C library is the standard C library used by Gentoo Linux systems. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the GNU C Library:\n\n * The Google Security Team and Red Hat discovered a stack-based buffer overflow in the send_dg() and send_vc() functions due to a buffer mismanagement when getaddrinfo() is called with AF_UNSPEC (CVE-2015-7547). \n * The strftime() function access invalid memory when passed out-of-range data, resulting in a crash (CVE-2015-8776). \n * An integer overflow was found in the __hcreate_r() function (CVE-2015-8778). \n * Multiple unbounded stack allocations were found in the catopen() function (CVE-2015-8779). \n\nPlease review the CVEs referenced below for additional vulnerabilities that had already been fixed in previous versions of sys-libs/glibc, for which we have not issued a GLSA before. \n\n### Impact\n\nA remote attacker could exploit any application which performs host name resolution using getaddrinfo() in order to execute arbitrary code or crash the application. The other vulnerabilities can possibly be exploited to cause a Denial of Service or leak information. \n\n### Workaround\n\nA number of mitigating factors for CVE-2015-7547 have been identified. Please review the upstream advisory and references below. \n\n### Resolution\n\nAll GNU C Library users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-libs/glibc-2.21-r2\"\n \n\nIt is important to ensure that no running process uses the old glibc anymore. The easiest way to achieve that is by rebooting the machine after updating the sys-libs/glibc package. \n\nNote: Should you run into compilation failures while updating, please see bug 574948.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-17T00:00:00", "type": "gentoo", "title": "GNU C Library: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7423", "CVE-2014-0475", "CVE-2014-5119", "CVE-2014-6040", "CVE-2014-7817", "CVE-2014-8121", "CVE-2014-9402", "CVE-2015-1472", "CVE-2015-1781", "CVE-2015-7547", "CVE-2015-8776", "CVE-2015-8778", "CVE-2015-8779"], "modified": "2016-02-17T00:00:00", "id": "GLSA-201602-02", "href": "https://security.gentoo.org/glsa/201602-02", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ibm": [{"lastseen": "2022-01-16T19:27:58", "description": "## Summary\n\nIBM SONAS is shipped with GNU glibc, for which a fix is available for a security vulnerability.\n\n## Vulnerability Details\n\n \n**CVEID:** [CVE-2013-7423](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7423>) \n \n**DESCRIPTION:** GNU glibc could allow a local attacker to obtain sensitive information, caused by an issue that could occur under high load. An attacker could exploit this vulnerability to obtain sensitive information. \n \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100647> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM SONAS \nThe product is affected when running a code releases 1.5.0.0 to 1.5.2.1\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.2 of IBM SONAS. Customers running an affected version of SONAS should upgrade to 1.5.2.2 or a later version, so that the fix gets applied. \n \nPlease contact IBM support for assistance in upgrading your system.\n\n## Workarounds and Mitigations\n\nWorkaround(s): None \n \nMitigation(s): None\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n16 July 2015: First draft\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Internal Use Only\n\nCQ S1058616 [PSIRT 2810] IBM product record 49568 for SONAS and 49587 for IFS - Open Source GNU glibc vulnerability - Reported in 02/01/2015 X-Force Report\n\n[{\"Product\":{\"code\":\"STAV45\",\"label\":\"Network Attached Storage (NAS)-&gt;Scale Out Network Attached Storage\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"1.5.2.0\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"1.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {}, "published": "2018-06-18T00:09:54", "type": "ibm", "title": "Security Bulletin: GNU C library (glibc) vulnerability affects IBM SONAS (CVE-2013-7423)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7423"], "modified": "2018-06-18T00:09:54", "id": "40757940D0054030B6297C248ABB540ADB302DD9F89B94DDB202585009632F53", "href": "https://www.ibm.com/support/pages/node/690575", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-30T21:40:07", "description": "## Summary\n\nGNU glibc could allow a local attacker to obtain sensitive information, caused by the writing of DNS queries to random file descriptors under high load by the getaddrinfo() function. An attacker could exploit this vulnerability to obtain sensitive information.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2013-7423_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7423>) \n**DESCRIPTION:** GNU glibc could allow a local attacker to obtain sensitive information, caused by the writing of DNS queries to random file descriptors under high load by the getaddrinfo() function. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100647_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100647>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Netezza Host Management 5.3.5.0 and prior\n\n## Remediation/Fixes\n\nIBM Netezza Host Management\n\n| _5.3.5.1_| [Link to Fix Central](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/Netezza+Platform&release=HOSTMGMT_5&platform=All&function=fixId&fixids=5.3.5.1-IM-Netezza-HOSTMGMT-fp96953&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>) \n---|---|--- \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n18 December 2015: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSULQD\",\"label\":\"IBM PureData System\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Component\":\"Administration\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"1.0.0\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {}, "published": "2019-10-18T03:10:29", "type": "ibm", "title": "Security Bulletin: IBM Netezza Host Management is vulnerable to a published glibc vulnerability (CVE-2013-7423)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7423"], "modified": "2019-10-18T03:10:29", "id": "AE21B16579A39A7500DE184D914C70B4ACB78A6622A77B295BE56BEEC705B523", "href": "https://www.ibm.com/support/pages/node/274975", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-02-24T00:46:00", "description": "## Summary\n\nThe GNU glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Security vulnerabilities have been discovered in glibc used with IBM Security Network Protection.\n\n## Vulnerability Details\n\n**CVE ID:** [_CVE-2013-7423_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7423>)\n\n**DESCRIPTION:** GNU glibc could allow a local attacker to obtain sensitive information, caused by the writing of DNS queries to random file descriptors under high load by the getaddrinfo() function. An attacker could exploit this vulnerability to obtain sensitive information. \n\n \n \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100647> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:P/I:N/A:N) \n\n\n**CVE ID:** [_CVE-2015-1781_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1781>)\n\n**DESCRIPTION:** GNU C Library (glibc) is vulnerable to a buffer overflow, caused by improper bounds checking by the gethostbyname_r() and other related functions. By sending a specially-crafted argument, a remote attacker could overflow a buffer and execute arbitrary code on the system elevated privileges or cause the application to crash. \n\n \n \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P) \n\n## Affected Products and Versions\n\nIBM Security Network Protection 5.2 \nIBM Security Network Protection 5.3 \n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Network Protection | Firmware version 5.2| Download 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0009 from [_IBM Fix Central_](<http://www-933.ibm.com/support/fixcentral/>) and upload and install via the Available Updates page of the local management interface. \nIBM Security Network Protection| Firmware version 5.3| Install Fixpack 5.3.1.1 from the Available Updates page of the local management interface, or by performing a One Time Scheduled Installation from SiteProtector. \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n1 July 2015: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSHLHV\",\"label\":\"IBM Security Network Protection\"},\"Business Unit\":{\"code\":\"BU008\",\"label\":\"Security\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"5.2.0;5.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {}, "published": "2018-06-16T21:25:43", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in GNU glibc affect IBM Security Network Protection (CVE-2013-7423, and CVE-2015-1781)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7423", "CVE-2015-1781"], "modified": "2018-06-16T21:25:43", "id": "3D3EE58E80C8983DECD0C51663BD74CB8497D9389FE462B6FD769F37D1357F58", "href": "https://www.ibm.com/support/pages/node/531333", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-01T00:00:00", "description": "## Summary\n\nIBM DataPower Gateways has addressed a vulnerability in the standard C library that it uses to access DNS.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2013-7423_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7423>)** \nDESCRIPTION:** GNU glibc could allow a local attacker to obtain sensitive information, caused by the writing of DNS queries to random file descriptors under high load by the getaddrinfo() function. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100647_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100647>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [_CVE-2015-1781_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1781>)** \nDESCRIPTION:** GNU C Library (glibc) is vulnerable to a buffer overflow, caused by improper bounds checking by the gethostbyname_r() and other related functions. By sending a specially-crafted argument, a remote attacker could overflow a buffer and execute arbitrary code on the system elevated privileges or cause the application to crash. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102500_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102500>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nIBM DataPower Gateways appliances all versions through 6.0.0.15, 6.0.1.11, 7.0.0.8, 7.1.0.5, 7.2.0.0\n\n## Remediation/Fixes\n\nFix is available in versions 6.0.0.16, 6.0.1.12, 7.0.0.9, 7.1.0.6, 7.2.0.1. Refer to [APAR IT10055](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT10055>) for URLs to download the fix. \n \nYou should verify applying this fix does not cause any compatibility issues. \n\n_For DataPower customers using versions 5.x and older versions, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SS9H2Y\",\"label\":\"IBM DataPower Gateway\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"6.0.0;6.0.1;7.0.0;7.1;7.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {}, "published": "2021-06-08T22:18:27", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in standard C library affect IBM DataPower Gateways (CVE-2013-7423, CVE-2015-1781)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7423", "CVE-2015-1781"], "modified": "2021-06-08T22:18:27", "id": "D2DEA5F45A3AB17EC5600C76D66BFE53D1F0214B38862EDBEA32FD76E6762B3A", "href": "https://www.ibm.com/support/pages/node/265443", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-30T21:49:58", "description": "## Summary\n\nPowerKVM is affected by several vulnerabilities in GNU glibc. These vulnerabilities are now fixed.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-7547_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547>)** \nDESCRIPTION:** GNU C Library (glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nss_dns backend for the getaddrinfo() function when performing dual A/AAAA DNS queries. By sending a specially crafted DNS response, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110662_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110662>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2013-7423_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7423>)** \nDESCRIPTION:** GNU glibc could allow a local attacker to obtain sensitive information, caused by the writing of DNS queries to random file descriptors under high load by the getaddrinfo() function. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100647_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100647>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [_CVE-2015-1472_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472>)** \nDESCRIPTION:** GNU glibc is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by stdio-common/vfscanf.c. By sending an overly long string, a local attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100635_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100635>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-1473_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1473>)** \nDESCRIPTION:** GNU glibc is vulnerable to a denial of service, caused by a stack-based buffer overflow in stdio-common/vfscanf.c. A remote attacker could exploit this vulnerability to trigger a failed alloca and cause a denial of service. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100636_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100636>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1781_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1781>)** \nDESCRIPTION:** GNU C Library (glibc) is vulnerable to a buffer overflow, caused by improper bounds checking by the gethostbyname_r() and other related functions. By sending a specially-crafted argument, a remote attacker could overflow a buffer and execute arbitrary code on the system elevated privileges or cause the application to crash. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102500_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102500>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-5229_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5229>)** \nDESCRIPTION:** GNU C Library (glibc) is vulnerable to a denial of service, caused by the return of memory areas containing non-zero bytes by the calloc implementation. A remote attacker could exploit this vulnerability to cause the application to crash or hang. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/110711](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/110711>) [](<https://psirt.raleigh.ibm.com/teamworks/fauxRedirect.lsw?applicationInstanceId=null&zWorkflowState=2&zTaskId=t16322897&applicationId=1&coachDebugTrace=none&zComponentName=CoachNG&zComponentId=3028.3afd0162-546e-4771-a009-189cbc153d2a&zDbg=0>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-5277_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5277>)** \nDESCRIPTION:** GNU C Library (glibc) could allow a local attacker to gain elevated privileges on the system, caused by a heap corruption error in the nss_files backend for the Name Service Switch. An attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/108484_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108484>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nPowerKVM 2.1 and PowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n \nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>) for 3.1 service build 3 or later. \n \nFor version 2.1, the fix is made available via Fix Central ([_https://ibm.biz/BdEnT8_](<https://ibm.biz/BdEnT8>)) in 2.1.1 Build 65.6 and all later 2.1.1 SP3 service builds and 2.1.1 service packs. Customers running v2.1 are, in any case, encouraged to upgrade to v3.1. \n \nFor v2.1 systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n19 February 2016 - Initial Version\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.1;3.1\",\"Edition\":\"KVM\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-18T01:30:38", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in the GNU C Library (glibc) affect PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7423", "CVE-2015-1472", "CVE-2015-1473", "CVE-2015-1781", "CVE-2015-5229", "CVE-2015-5277", "CVE-2015-7547"], "modified": "2018-06-18T01:30:38", "id": "37A8EA79DB0196D216B0D013B92E7DAD84ADF24BB48ABABFFEE092ACB6E91917", "href": "https://www.ibm.com/support/pages/node/628313", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-01T21:43:11", "description": "## Summary\n\nPowerKVM is affected by multiple glibc vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6040_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040>)** \nDESCRIPTION:** The GNU C Library (glibc) is vulnerable to a denial of service, caused by the improper validation of input by the iconv() function when converting IBM933, IBM935, IBM937, IBM939 or IBM1364 encoded data to UTF-8. An attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/95616_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/95616>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-8121_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8121>)** \nDESCRIPTION:** GNU C Library (glibc) is vulnerable to a denial of service, caused by the failure to properly check if a file is open by DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS). By performing a look-up on a database while iterating over it, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102652_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102652>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-7817_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7817>)** \nDESCRIPTION:** GNU C Library (glibc) could allow a local attacker to execute arbitrary commands on the system, caused by an error in the wordexp() function. An attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/98852_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/98852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n\n## Affected Products and Versions\n\nPowerKVM 2.1\n\n## Remediation/Fixes\n\nFix is made available via Fix Central ([_https://ibm.biz/BdEnT8_](<https://ibm.biz/BdEnT8>)) in 2.1.1 SP2 (build 51) and all later builds and fix packs. For systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions. Customers can also update from 2.1.1 (GA and later levels) by using \"yum update\".\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n26 May 2015: Initial version \n5 June 2016 - Updated remediation plan\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Internal Use Only\n\n**CVEID:** [_CVE-2014-6040_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040>)** \nDESCRIPTION:** The GNU C Library (glibc) is vulnerable to a denial of service, caused by the improper validation of input by the iconv() function when converting IBM933, IBM935, IBM937, IBM939 or IBM1364 encoded data to UTF-8. An attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/95616_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/95616>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-8121_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8121>)** \nDESCRIPTION:** GNU C Library (glibc) is vulnerable to a denial of service, caused by the failure to properly check if a file is open by DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS). By performing a look-up on a database while iterating over it, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102652_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102652>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-7817_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7817>)** \nDESCRIPTION:** GNU C Library (glibc) could allow a local attacker to execute arbitrary commands on the system, caused by an error in the wordexp() function. An attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/98852_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/98852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P)\n\n \n \nEffective CVSS Score: 5.00 \n\n[{\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.1\",\"Edition\":\"KVM\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {}, "published": "2018-06-18T01:28:19", "type": "ibm", "title": "Security Bulletin: PowerKVM is affected by glibc vulnerabilities (Multiple CVEs)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6040", "CVE-2014-7817", "CVE-2014-8121"], "modified": "2018-06-18T01:28:19", "id": "0394AE8846493A479931BE19E38194F4270977F6FA36B6193A75C2ACA0EAD8B8", "href": "https://www.ibm.com/support/pages/node/680807", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-30T21:40:50", "description": "## Summary\n\nIBM Netezza Host Management is affected by multiple Open Source security vulnerabilities in: GNU glibc, NTP address spoofing and NTP, NTPd and ntp_crypto.c disclosure.\n\n## Vulnerability Details\n\n \n**CVE-ID**: [CVE-2014-9297](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297>) \n**Description**: Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to conduct spoofing attacks, caused by insufficient entropy in PRNG. An attacker could exploit this vulnerability to spoof the IPv6 address ::1 to bypass ACLs and launch further attacks on the system. \nCVSS Base Score: 5.000 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/100004> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n**CVE-ID**: [CVE-2014-9298](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9298>) \n**Description**: Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to obtain sensitive information, caused by the improper validation of the length value in extension field pointers. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.000 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/100005> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n**CVEID**: [CVE-2014-7817](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7817>) \n**D****escription**: GNU C Library (glibc) could allow a local attacker to execute arbitrary commands on the system, caused by an error in the wordexp() function. An attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/98852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/98852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n**CVE-ID**: [CVE-2014-9750](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750>) \n**Description**: NTP NTPd could allow a remote attacker to obtain sensitive information, caused by an error in ntp_crypto.c when Autokey Authentication is enabled. By sending a malformed packet, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. \nCVSS Base Score: 4.800 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/109527> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n**CVE-ID**: [CVE-2014-9751](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9751>) \n**Description**: Network Time Protocol (NTP) could allow a remote attacker to conduct spoofing attacks, caused by the failure to properly determine whether a source IP address is an IPv6 loopback address by the read_network_packet function. By sending a specially crafted packet, an attacker could exploit this vulnerability to spoof restricted packets. \nCVSS Base Score: 5.300 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/109548> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\n**Affected Version **\n\n| **CVE** \n---|--- \nIBM Netezza Host Management 5.3.2.1 (and prior releases)| CVE-2014-9297 \nCVE-2014-9298 \nIBM Netezza Host Management 5.3.3.0 (and prior releases)| CVE-2014-7817 \nIBM Netezza Host Management 5.3.10.1 (and prior releases)| CVE-2014-9750 \nCVE-2014-9751 \n \n## Remediation/Fixes\n\nTo resolve the reported CVEs for Red Hat Enterprise Linux (RHEL) 6.x, and for the most up-to-date software for the Netezza host operating system, update to the latest IBM Netezza Host Management release: \n \nIBM Netezza Host Management 5.4.2.0 [_Link to Fix Central_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/Netezza+Platform&release=HOSTMGMT_5&platform=Linux&function=fixId&fixids=5.4.2.0-IM-Netezza-HOSTMGMT-fp106042&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>) \n \nThe Netezza Host Management software contains the latest RHEL updates for the operating systems certified for use on IBM Netezza/PureData System for Analytics appliances. IBM recommends upgrading to the latest Netezza Host Management version to ensure that your hosts have the latest fixes, security changes, and operating system updates. IBM Support can assist you with planning for the Netezza Host Management and operating system upgrades to your appliances. \n\nFor more details on IBM Netezza Host Management security patching: \n\n * [_Red Hat Enterprise Linux (RHEL) Security Patching for IBM PureData System for Analytics appliances_](<http://www-01.ibm.com/support/docview.wss?uid=swg21615012>)\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n2 March 2016 Original Version Published \n24 January 2017: Corrected typo in 1615012 URL\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSULQD\",\"label\":\"IBM PureData System\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"1.0.0\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {}, "published": "2019-10-18T03:10:29", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities affecting IBM Netezza Host Management", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7817", "CVE-2014-9297", "CVE-2014-9298", "CVE-2014-9750", "CVE-2014-9751"], "modified": "2019-10-18T03:10:29", "id": "C07B22EADF090CC9AAC7EB1364B467F03118CFA06DA1B103743ADFC12C0BE972", "href": "https://www.ibm.com/support/pages/node/543341", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-30T21:43:00", "description": "## Summary\n\nIBM QRadar Network Security has addressed the following vulnerabilities. \n\n## Vulnerability Details\n\n**CVEID: **[CVE-2018-1000001](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001>) \n**DESCRIPTION: **Glibc could allow a local attacker to execute arbitrary code on the system, caused by a buffer underflow in the __realpath() function in stdlib/canonicalize.c. An attacker could exploit this vulnerability to execute arbitrary code on the system and obtain privileges. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137516> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2017-15804](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15804>) \n**DESCRIPTION: **GNU C Library (aka glibc or libc6) is vulnerable to a buffer overflow, caused by improper bounds checking by glob function in glob.c. By using a specially-crafted file, a local attacker could overflow a buffer. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133996> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2017-15670](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670>) \n**DESCRIPTION: **GNU C Library is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the glob function in glob.c. By sending a specially-crafted string, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133915> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2017-12132](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132>) \n**DESCRIPTION: **GNU C Library (aka glibc or libc6) could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the DNS stub resolver. An attacker could exploit this vulnerability to perform off-path DNS spoofing attacks. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/129949> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2015-5180](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5180>) \n**DESCRIPTION: **glibc is vulnerable to a denial of service, caused by a NULL pointer dereference in the res_query function in libresolv. By using a malformed pattern, a remote attacker could cause the process to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130620> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2014-9402](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9402>) \n**DESCRIPTION: **glibc is vulnerable to a denial of service, caused by an error in the getanswer_r() function. If the DNS backend is activated, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99289> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nAffected Products | Affected Versions \n---|--- \nIBM QRadar Network Security | 5.4.0 \n \n## Remediation/Fixes\n\n_Product_ | _VRMF_ | _Remediation/First Fix_ \n---|---|--- \nIBM QRadar Network Security | Firmware version 5.4.0 | Install Firmware 5.4.0.5 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. \nOr \nDownload Firmware 5.4.0.5 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n25 July 2018: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.