Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-2985-1.NASL
HistoryMay 26, 2016 - 12:00 a.m.

Ubuntu 14.04 LTS : GNU C Library vulnerabilities (USN-2985-1)

2016-05-2600:00:00
Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
40
JSON

Martin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information. (CVE-2013-2207, CVE-2016-2856)

Robin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not properly manage its file descriptors. An attacker could use this to cause a denial of service (infinite loop). (CVE-2014-8121)

Joseph Myers discovered that the GNU C Library did not properly handle long arguments to functions returning a representation of Not a Number (NaN). An attacker could use this to cause a denial of service (stack exhaustion leading to an application crash) or possibly execute arbitrary code. (CVE-2014-9761)

Arjun Shankar discovered that in certain situations the nss_dns code in the GNU C Library did not properly account buffer sizes when passed an unaligned buffer. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2015-1781)

Sumit Bose and Lukas Slebodnik discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not handle long lines in the files databases correctly. A local attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2015-5277)

Adam Nielsen discovered that the strftime function in the GNU C Library did not properly handle out-of-range argument data. An attacker could use this to cause a denial of service (application crash) or possibly expose sensitive information. (CVE-2015-8776)

Hector Marco and Ismael Ripoll discovered that the GNU C Library allowed the pointer-guarding protection mechanism to be disabled by honoring the LD_POINTER_GUARD environment variable across privilege boundaries. A local attacker could use this to exploit an existing vulnerability more easily. (CVE-2015-8777)

Szabolcs Nagy discovered that the hcreate functions in the GNU C Library did not properly check its size argument, leading to an integer overflow. An attacker could use to cause a denial of service (application crash) or possibly execute arbitrary code.
(CVE-2015-8778)

Maksymilian Arciemowicz discovered a stack-based buffer overflow in the catopen function in the GNU C Library when handling long catalog names. An attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code.
(CVE-2015-8779)

Florian Weimer discovered that the getnetbyname implementation in the GNU C Library did not properly handle long names passed as arguments.
An attacker could use to cause a denial of service (stack exhaustion leading to an application crash). (CVE-2016-3075).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2985-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(91334);
  script_version("2.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id(
    "CVE-2013-2207",
    "CVE-2014-8121",
    "CVE-2014-9761",
    "CVE-2015-1781",
    "CVE-2015-5277",
    "CVE-2015-8776",
    "CVE-2015-8777",
    "CVE-2015-8778",
    "CVE-2015-8779",
    "CVE-2016-2856",
    "CVE-2016-3075"
  );
  script_xref(name:"USN", value:"2985-1");

  script_name(english:"Ubuntu 14.04 LTS : GNU C Library vulnerabilities (USN-2985-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"Martin Carpenter discovered that pt_chown in the GNU C Library did not
properly check permissions for tty files. A local attacker could use
this to gain administrative privileges or expose sensitive
information. (CVE-2013-2207, CVE-2016-2856)

Robin Hack discovered that the Name Service Switch (NSS)
implementation in the GNU C Library did not properly manage its file
descriptors. An attacker could use this to cause a denial of service
(infinite loop). (CVE-2014-8121)

Joseph Myers discovered that the GNU C Library did not properly handle
long arguments to functions returning a representation of Not a Number
(NaN). An attacker could use this to cause a denial of service (stack
exhaustion leading to an application crash) or possibly execute
arbitrary code. (CVE-2014-9761)

Arjun Shankar discovered that in certain situations the nss_dns code
in the GNU C Library did not properly account buffer sizes when passed
an unaligned buffer. An attacker could use this to cause a denial of
service or possibly execute arbitrary code. (CVE-2015-1781)

Sumit Bose and Lukas Slebodnik discovered that the Name Service Switch
(NSS) implementation in the GNU C Library did not handle long lines in
the files databases correctly. A local attacker could use this to
cause a denial of service (application crash) or possibly execute
arbitrary code. (CVE-2015-5277)

Adam Nielsen discovered that the strftime function in the GNU C
Library did not properly handle out-of-range argument data. An
attacker could use this to cause a denial of service (application
crash) or possibly expose sensitive information. (CVE-2015-8776)

Hector Marco and Ismael Ripoll discovered that the GNU C Library
allowed the pointer-guarding protection mechanism to be disabled by
honoring the LD_POINTER_GUARD environment variable across privilege
boundaries. A local attacker could use this to exploit an existing
vulnerability more easily. (CVE-2015-8777)

Szabolcs Nagy discovered that the hcreate functions in the GNU C
Library did not properly check its size argument, leading to an
integer overflow. An attacker could use to cause a denial of service
(application crash) or possibly execute arbitrary code.
(CVE-2015-8778)

Maksymilian Arciemowicz discovered a stack-based buffer overflow in
the catopen function in the GNU C Library when handling long catalog
names. An attacker could use this to cause a denial of service
(application crash) or possibly execute arbitrary code.
(CVE-2015-8779)

Florian Weimer discovered that the getnetbyname implementation in the
GNU C Library did not properly handle long names passed as arguments.
An attacker could use to cause a denial of service (stack exhaustion
leading to an application crash). (CVE-2016-3075).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-2985-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-8779");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/05/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-armel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-armel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-i386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-ppc64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-x32");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-i386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-pic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-ppc64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-prof");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-udeb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-x32");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss-dns-udeb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss-files-udeb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:multiarch-support");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nscd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:eglibc-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc-dev-bin");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '14.04', 'pkgname': 'eglibc-source', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'libc-bin', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'libc-dev-bin', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'libc6', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'libc6-amd64', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'libc6-armel', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'libc6-dev', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'libc6-dev-amd64', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'libc6-dev-armel', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'libc6-dev-i386', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'libc6-dev-ppc64', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'libc6-dev-x32', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'libc6-i386', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'libc6-pic', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'libc6-ppc64', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'libc6-prof', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'libc6-udeb', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'libc6-x32', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'libnss-dns-udeb', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'libnss-files-udeb', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'multiarch-support', 'pkgver': '2.19-0ubuntu6.8'},
    {'osver': '14.04', 'pkgname': 'nscd', 'pkgver': '2.19-0ubuntu6.8'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'eglibc-source / libc-bin / libc-dev-bin / libc6 / libc6-amd64 / etc');
}
VendorProductVersionCPE
canonicalubuntu_linuxlibc6p-cpe:/a:canonical:ubuntu_linux:libc6
canonicalubuntu_linuxlibc6-amd64p-cpe:/a:canonical:ubuntu_linux:libc6-amd64
canonicalubuntu_linuxlibc6-armelp-cpe:/a:canonical:ubuntu_linux:libc6-armel
canonicalubuntu_linuxlibc6-devp-cpe:/a:canonical:ubuntu_linux:libc6-dev
canonicalubuntu_linuxlibc6-dev-amd64p-cpe:/a:canonical:ubuntu_linux:libc6-dev-amd64
canonicalubuntu_linuxlibc6-dev-armelp-cpe:/a:canonical:ubuntu_linux:libc6-dev-armel
canonicalubuntu_linuxlibc6-dev-i386p-cpe:/a:canonical:ubuntu_linux:libc6-dev-i386
canonicalubuntu_linuxlibc6-dev-ppc64p-cpe:/a:canonical:ubuntu_linux:libc6-dev-ppc64
canonicalubuntu_linuxlibc6-dev-x32p-cpe:/a:canonical:ubuntu_linux:libc6-dev-x32
canonicalubuntu_linuxlibc6-i386p-cpe:/a:canonical:ubuntu_linux:libc6-i386
Rows per page:
1-10 of 231

Related

nessus 42
ubuntu 2
cloudfoundry 1
openvas 23
centos 3
ibm 32
gentoo 2
oraclelinux 5
redhat 4
amazon 2
debian 8
suse 9
osv 5
mageia 2
fedora 3
archlinux 6
prion 9
veracode 4
cve 10
f5 10
ubuntucve 8
debiancve 8
checkpoint_advisories 1
nessus
nessus
Ubuntu 14.04 LTS : GNU C Library regression (USN-2985-2)
2016-05-27 00:00:00
EulerOS 2.0 SP2 : glibc (EulerOS-SA-2017-1200)
2017-09-11 00:00:00
CentOS 7 : glibc (CESA-2017:1916)
2017-08-25 00:00:00
ubuntu
ubuntu
GNU C Library regression
2016-05-26 00:00:00
GNU C Library vulnerabilities
2016-05-25 00:00:00
cloudfoundry
cloudfoundry
USN-2985-2 GNU C Library regression | Cloud Foundry
2016-06-13 00:00:00
openvas
openvas
Ubuntu Update for glibc USN-2985-1
2016-05-26 00:00:00
Ubuntu Update for glibc USN-2985-2
2016-05-27 00:00:00
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2017-1199)
2020-01-23 00:00:00
centos
centos
glibc, nscd security update
2017-08-24 01:37:20
glibc, nscd security update
2017-03-24 15:31:35
glibc, nscd security update
2015-12-01 22:24:31
ibm
ibm
Security Bulletin: Vulnerabilities in glibc affect PowerKVM
2018-06-18 01:38:07
Security Bulletin: IBM QRadar Network Security is affected by a vulnerability in glibc
2018-06-16 22:02:59
Security Bulletin: OpenSource GNU Glibc as used in IBM QRadar SIEM is vulnerable to multiple vulnerabilities. (CVE-2014-9761, CVE-2015-8776, CVE-2015-8778, CVE-2015-8779)
2018-06-16 22:04:36
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2017-02-19 00:00:00
GNU C Library: Multiple vulnerabilities
2016-02-17 00:00:00
oraclelinux
oraclelinux
glibc security, bug fix, and enhancement update
2017-08-07 00:00:00
glibc security and bug fix update
2017-03-27 00:00:00
glibc security update
2017-03-27 00:00:00
redhat
redhat
(RHSA-2017:1916) Moderate: glibc security, bug fix, and enhancement update
2017-08-01 05:56:24
(RHSA-2017:0680) Moderate: glibc security and bug fix update
2017-03-21 06:17:46
(RHSA-2015:2172) Important: glibc security update
2015-11-19 15:39:46
amazon
amazon
Medium: glibc
2017-08-31 15:52:00
Important: glibc
2015-12-14 10:00:00
debian
debian
[SECURITY] [DSA 3480-1] eglibc security update
2016-02-16 14:18:16
[SECURITY] [DSA 3480-1] eglibc security update
2016-02-16 14:18:16
[SECURITY] [DLA 411-1] eglibc security update
2016-02-05 16:21:21
suse
suse
Security update for glibc (important)
2016-02-16 20:15:44
Security update for glibc (important)
2016-02-16 20:30:43
Security update for glibc (important)
2016-02-16 20:22:56
osv
osv
eglibc - security update
2016-02-16 00:00:00
eglibc - regression update
2016-02-05 00:00:00
eglibc - security update
2016-02-05 00:00:00
mageia
mageia
Updated glibc packages fix security vulnerabilities
2016-02-19 11:40:43
Updated glibc packages fix security vulnerabilities
2015-05-06 18:16:01
fedora
fedora
[SECURITY] Fedora 23 Update: glibc-2.22-15.fc23
2016-05-10 18:01:37
[SECURITY] Fedora 22 Update: glibc-2.21-11.fc22
2016-02-17 12:51:37
[SECURITY] Fedora 18 Update: glibc-2.16-34.fc18
2013-09-05 01:34:33
archlinux
archlinux
glibc: multiple issues
2016-02-17 00:00:00
lib32-glibc: multiple issues
2016-02-17 00:00:00
lib32-glibc: unbound stack usage
2016-02-28 00:00:00
prion
prion
Design/Logic Flaw
2015-03-27 14:59:00
Stack overflow
2016-04-19 21:59:00
Code injection
2016-04-19 21:59:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:16:44
Denial Of Service (DoS)
2019-05-02 05:51:55
Arbitrary Code Execution
2019-05-02 06:35:59
cve
cve
CVE-2014-9761
2016-04-19 21:59:00
CVE-2014-8121
2015-03-27 14:59:00
CVE-2015-8777
2016-01-20 05:59:00
f5
f5
K23946311 : glibc vulnerability CVE-2015-8776
2016-04-01 00:00:00
SOL31211252 - glibc vulnerability CVE-2014-9761
2016-05-31 00:00:00
K31211252 : glibc vulnerability CVE-2014-9761
2016-05-31 00:00:00
ubuntucve
ubuntucve
CVE-2015-8776
2016-04-19 00:00:00
CVE-2014-9761
2016-04-19 00:00:00
CVE-2014-8121
2015-03-27 00:00:00
debiancve
debiancve
CVE-2014-8121
2015-03-27 14:59:00
CVE-2014-9761
2016-04-19 21:59:00
CVE-2015-8778
2016-04-19 21:59:00
checkpoint_advisories
checkpoint_advisories
GNU C Library glibc getanswer_r Buffer Overflow (CVE-2015-1781)
2015-05-07 00:00:00
JSON
Related for UBUNTU_USN-2985-1.NASL
nessus42ubuntu2cloudfoundry1openvas23centos3ibm32gentoo2oraclelinux5redhat4amazon2debian8suse9osv5mageia2fedora3archlinux6prion9veracode4cve10f510ubuntucve8debiancve8checkpoint_advisories1