Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2023-2024 Canonical, Inc. / NASL script (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-6409-1.NASL
HistoryOct 03, 2023 - 12:00 a.m.

Ubuntu 22.04 LTS / 23.04 : GNU C Library vulnerabilities (USN-6409-1)

2023-10-0300:00:00
Ubuntu Security Notice (C) 2023-2024 Canonical, Inc. / NASL script (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
71
ubuntu
gnu c library
vulnerabilities
usn-6409-1
getaddrinfo
buffer overflow
ld.so
cve-2023-4527
cve-2023-4911
nessus
application version
security scanner

8.2 High

AI Score

Confidence

High

JSON

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6409-1 advisory.

  • A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. (CVE-2023-4527)

  • A buffer overflow was discovered in the GNU C Library’s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. (CVE-2023-4911)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-6409-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(182468);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/29");

  script_cve_id("CVE-2023-4527", "CVE-2023-4911");
  script_xref(name:"USN", value:"6409-1");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/12/12");

  script_name(english:"Ubuntu 22.04 LTS / 23.04 : GNU C Library vulnerabilities (USN-6409-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in
the USN-6409-1 advisory.

  - A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and
    the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048
    bytes can potentially disclose stack contents through the function returned address data, and may cause a
    crash. (CVE-2023-4527)

  - A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the
    GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted
    GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with
    elevated privileges. (CVE-2023-4911)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-6409-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-4911");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/09/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/10/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:23.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:glibc-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc-dev-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc-devtools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-i386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-s390");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-x32");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-i386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-prof");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-s390");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6-x32");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:locales");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:locales-all");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nscd");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2023-2024 Canonical, Inc. / NASL script (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('22.04' >< os_release || '23.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04 / 23.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '22.04', 'pkgname': 'glibc-source', 'pkgver': '2.35-0ubuntu3.4'},
    {'osver': '22.04', 'pkgname': 'libc-bin', 'pkgver': '2.35-0ubuntu3.4'},
    {'osver': '22.04', 'pkgname': 'libc-dev-bin', 'pkgver': '2.35-0ubuntu3.4'},
    {'osver': '22.04', 'pkgname': 'libc-devtools', 'pkgver': '2.35-0ubuntu3.4'},
    {'osver': '22.04', 'pkgname': 'libc6', 'pkgver': '2.35-0ubuntu3.4'},
    {'osver': '22.04', 'pkgname': 'libc6-amd64', 'pkgver': '2.35-0ubuntu3.4'},
    {'osver': '22.04', 'pkgname': 'libc6-dev', 'pkgver': '2.35-0ubuntu3.4'},
    {'osver': '22.04', 'pkgname': 'libc6-dev-amd64', 'pkgver': '2.35-0ubuntu3.4'},
    {'osver': '22.04', 'pkgname': 'libc6-dev-i386', 'pkgver': '2.35-0ubuntu3.4'},
    {'osver': '22.04', 'pkgname': 'libc6-dev-s390', 'pkgver': '2.35-0ubuntu3.4'},
    {'osver': '22.04', 'pkgname': 'libc6-dev-x32', 'pkgver': '2.35-0ubuntu3.4'},
    {'osver': '22.04', 'pkgname': 'libc6-i386', 'pkgver': '2.35-0ubuntu3.4'},
    {'osver': '22.04', 'pkgname': 'libc6-prof', 'pkgver': '2.35-0ubuntu3.4'},
    {'osver': '22.04', 'pkgname': 'libc6-s390', 'pkgver': '2.35-0ubuntu3.4'},
    {'osver': '22.04', 'pkgname': 'libc6-x32', 'pkgver': '2.35-0ubuntu3.4'},
    {'osver': '22.04', 'pkgname': 'locales', 'pkgver': '2.35-0ubuntu3.4'},
    {'osver': '22.04', 'pkgname': 'locales-all', 'pkgver': '2.35-0ubuntu3.4'},
    {'osver': '22.04', 'pkgname': 'nscd', 'pkgver': '2.35-0ubuntu3.4'},
    {'osver': '23.04', 'pkgname': 'glibc-source', 'pkgver': '2.37-0ubuntu2.1'},
    {'osver': '23.04', 'pkgname': 'libc-bin', 'pkgver': '2.37-0ubuntu2.1'},
    {'osver': '23.04', 'pkgname': 'libc-dev-bin', 'pkgver': '2.37-0ubuntu2.1'},
    {'osver': '23.04', 'pkgname': 'libc-devtools', 'pkgver': '2.37-0ubuntu2.1'},
    {'osver': '23.04', 'pkgname': 'libc6', 'pkgver': '2.37-0ubuntu2.1'},
    {'osver': '23.04', 'pkgname': 'libc6-amd64', 'pkgver': '2.37-0ubuntu2.1'},
    {'osver': '23.04', 'pkgname': 'libc6-dev', 'pkgver': '2.37-0ubuntu2.1'},
    {'osver': '23.04', 'pkgname': 'libc6-dev-amd64', 'pkgver': '2.37-0ubuntu2.1'},
    {'osver': '23.04', 'pkgname': 'libc6-dev-i386', 'pkgver': '2.37-0ubuntu2.1'},
    {'osver': '23.04', 'pkgname': 'libc6-dev-s390', 'pkgver': '2.37-0ubuntu2.1'},
    {'osver': '23.04', 'pkgname': 'libc6-dev-x32', 'pkgver': '2.37-0ubuntu2.1'},
    {'osver': '23.04', 'pkgname': 'libc6-i386', 'pkgver': '2.37-0ubuntu2.1'},
    {'osver': '23.04', 'pkgname': 'libc6-prof', 'pkgver': '2.37-0ubuntu2.1'},
    {'osver': '23.04', 'pkgname': 'libc6-s390', 'pkgver': '2.37-0ubuntu2.1'},
    {'osver': '23.04', 'pkgname': 'libc6-x32', 'pkgver': '2.37-0ubuntu2.1'},
    {'osver': '23.04', 'pkgname': 'locales', 'pkgver': '2.37-0ubuntu2.1'},
    {'osver': '23.04', 'pkgname': 'locales-all', 'pkgver': '2.37-0ubuntu2.1'},
    {'osver': '23.04', 'pkgname': 'nscd', 'pkgver': '2.37-0ubuntu2.1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc-source / libc-bin / libc-dev-bin / libc-devtools / libc6 / etc');
}
VendorProductVersionCPE
canonicalubuntu_linux22.04cpe:/o:canonical:ubuntu_linux:22.04:-:lts
canonicalubuntu_linux23.04cpe:/o:canonical:ubuntu_linux:23.04
canonicalubuntu_linuxglibc-sourcep-cpe:/a:canonical:ubuntu_linux:glibc-source
canonicalubuntu_linuxlibc-binp-cpe:/a:canonical:ubuntu_linux:libc-bin
canonicalubuntu_linuxlibc-dev-binp-cpe:/a:canonical:ubuntu_linux:libc-dev-bin
canonicalubuntu_linuxlibc-devtoolsp-cpe:/a:canonical:ubuntu_linux:libc-devtools
canonicalubuntu_linuxlibc6p-cpe:/a:canonical:ubuntu_linux:libc6
canonicalubuntu_linuxlibc6-amd64p-cpe:/a:canonical:ubuntu_linux:libc6-amd64
canonicalubuntu_linuxlibc6-devp-cpe:/a:canonical:ubuntu_linux:libc6-dev
canonicalubuntu_linuxlibc6-dev-amd64p-cpe:/a:canonical:ubuntu_linux:libc6-dev-amd64
Rows per page:
1-10 of 201

Related

ubuntu 1
osv 7
cloudfoundry 1
openvas 11
nessus 31
debian 1
oraclelinux 8
fedora 3
rocky 1
gentoo 1
rosalinux 2
almalinux 2
redhat 67
ubuntucve 2
redhatcve 2
cvelist 2
prion 2
debiancve 2
cgr 2
ibm 8
wolfi 2
cve 2
broadcom 1
zdt 2
githubexploit 16
mageia 2
cbl_mariner 1
attackerkb 1
cisa_kev 1
packetstorm 2
metasploit 1
hivepro 2
qualysblog 1
f5 1
kitploit 1
photon 1
github 1
thn 3
rapid7blog 1
avleonov 1
ubuntu
ubuntu
GNU C Library vulnerabilities
2023-10-03 00:00:00
osv
osv
glibc vulnerabilities
2023-10-03 18:04:23
Important: glibc security update
2023-10-05 00:00:00
Important: glibc security update
2023-10-06 22:57:06
cloudfoundry
cloudfoundry
USN-6409-1: GNU C Library vulnerabilities | Cloud Foundry
2024-03-18 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6409-1)
2023-10-04 00:00:00
Debian: Security Advisory (DSA-5514-1)
2023-10-04 00:00:00
Fedora: Security Advisory for glibc (FEDORA-2023-63e5a77522)
2023-10-05 00:00:00
nessus
nessus
Debian DSA-5514-1 : glibc - security update
2023-10-03 00:00:00
Fedora 37 : glibc (2023-028062484e)
2023-10-04 00:00:00
Fedora 38 : glibc (2023-2b8c11ee75)
2023-10-04 00:00:00
debian
debian
[SECURITY] [DSA 5514-1] glibc security update
2023-10-03 17:26:37
oraclelinux
oraclelinux
glibc security update
2023-10-12 00:00:00
glibc security update
2023-10-10 00:00:00
glibc security update
2023-10-12 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: glibc-2.36-14.fc37
2023-10-04 15:49:21
[SECURITY] Fedora 38 Update: glibc-2.37-10.fc38
2023-10-04 15:52:08
[SECURITY] Fedora 39 Update: glibc-2.38-6.fc39
2023-10-04 17:16:19
rocky
rocky
glibc security update
2023-10-06 22:57:06
gentoo
gentoo
glibc: Multiple vulnerabilities
2023-10-04 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2332
2024-01-30 08:26:13
Advisory ROSA-SA-2024-2331
2024-01-30 08:06:33
almalinux
almalinux
Important: glibc security update
2023-10-05 00:00:00
Important: glibc security update
2023-10-05 00:00:00
redhat
redhat
(RHSA-2023:5453) Important: glibc security update
2023-10-05 10:04:00
(RHSA-2023:5455) Important: glibc security update
2023-10-05 10:08:32
(RHSA-2023:5454) Important: glibc security update
2023-10-05 10:06:44
ubuntucve
ubuntucve
CVE-2023-4527
2023-09-18 00:00:00
CVE-2023-4911
2023-10-03 00:00:00
redhatcve
redhatcve
CVE-2023-4527
2023-09-12 14:54:17
CVE-2023-4911
2023-10-03 17:24:53
cvelist
cvelist
CVE-2023-4527 Glibc: stack read overflow in getaddrinfo in no-aaaa mode
2023-09-18 16:32:18
CVE-2023-4911 Glibc: buffer overflow in ld.so leading to privilege escalation
2023-10-03 17:25:08
prion
prion
Design/Logic Flaw
2023-09-18 17:15:00
Buffer overflow
2023-10-03 18:15:00
debiancve
debiancve
CVE-2023-4527
2023-09-18 16:32:18
CVE-2023-4911
2023-10-03 17:25:08
cgr
cgr
CVE-2023-4527 vulnerabilities
2024-05-16 21:07:09
CVE-2023-4911 vulnerabilities
2024-05-16 21:07:09
ibm
ibm
Security Bulletin: IBM Storage Ceph is vulnerable to Out-of-bounds Read in the RHEL UBI (CVE-2023-4527)
2024-01-19 22:15:16
Security Bulletin: glibc vulnerability affects IBM Elastic Storage System (CVE-2023-4911)
2023-12-04 10:46:37
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-4806, CVE-2023-4155, CVE-2023-4527)
2024-01-24 19:00:38
wolfi
wolfi
CVE-2023-4527 vulnerabilities
2024-05-16 21:07:10
CVE-2023-4911 vulnerabilities
2024-05-16 21:07:10
cve
cve
CVE-2023-4527
2023-09-18 16:32:18
CVE-2023-4911
2023-10-03 17:25:08
broadcom
broadcom
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so
2024-01-17 00:00:00
zdt
zdt
Glibc Tunables Privilege Escalation Exploit
2023-12-21 00:00:00
glibc ld.so Local Privilege Escalation Vulnerability
2023-10-08 00:00:00
githubexploit
githubexploit
Exploit for CVE-2023-4911
2023-10-04 14:12:16
Exploit for CVE-2023-4911
2023-10-25 11:59:34
Exploit for CVE-2023-4911
2023-10-28 20:05:30
mageia
mageia
Updated glibc packages fix a security vulnerability
2023-10-12 00:04:02
Updated glibc packages fix security and other bugs
2023-09-27 19:31:30
cbl_mariner
cbl_mariner
CVE-2023-4911 affecting package glibc for versions less than 2.35-5
2023-10-11 01:41:59
attackerkb
attackerkb
CVE-2023-4911
2023-10-03 00:00:00
cisa_kev
cisa_kev
GNU C Library Buffer Overflow Vulnerability
2023-11-21 00:00:00
packetstorm
packetstorm
Glibc Tunables Privilege Escalation
2023-12-21 00:00:00
glibc ld.so Local Privilege Escalation
2023-10-06 00:00:00
metasploit
metasploit
Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)
2023-12-14 23:28:43
hivepro
hivepro
Kinsing Exploits Looney Tunables Vulnerability to Breach Cloud Environments
2023-11-07 08:23:12
‘Looney Tunables’ Flaw Enables Local Privilege Escalation in Glibc
2023-10-05 10:18:37
qualysblog
qualysblog
CVE-2023-4911: Looney Tunables – Local Privilege Escalation in the glibc’s ld.so
2023-10-03 17:21:22
f5
f5
K000137187 : GlibC vulnerability CVE-2023-4911
2023-10-09 00:00:00
kitploit
kitploit
LooneyPwner - Exploit Tool For CVE-2023-4911, Targeting The 'Looney Tunables' Glibc Vulnerability In Various Linux Distributions
2023-10-27 11:30:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-5.0-0110
2023-10-06 00:00:00
github
github
Cueing up a calculator: an introduction to exploit development on Linux
2023-12-06 17:30:42
thn
thn
Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments
2023-11-03 13:12:00
New Glibc Flaw Grants Attackers Root Access on Major Linux Distros
2024-01-31 05:44:00
Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions
2023-10-04 07:21:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-12-22 16:32:56
avleonov
avleonov
October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture
2023-11-05 18:39:59

8.2 High

AI Score

Confidence

High

JSON
Related for UBUNTU_USN-6409-1.NASL
ubuntu1osv7cloudfoundry1openvas11nessus31debian1oraclelinux8fedora3rocky1gentoo1rosalinux2almalinux2redhat67ubuntucve2redhatcve2cvelist2prion2debiancve2cgr2ibm8wolfi2cve2broadcom1zdt2githubexploit16mageia2cbl_mariner1attackerkb1cisa_kev1packetstorm2metasploit1hivepro2qualysblog1f51kitploit1photon1github1thn3rapid7blog1avleonov1