{"id": "OPENVAS:1361412562310123634", "type": "openvas", "bulletinFamily": "scanner", "title": "Oracle Linux Local Check: ELSA-2013-0769", "description": "Oracle Linux Local Security Checks ELSA-2013-0769", "published": "2015-10-06T00:00:00", "modified": "2018-09-28T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123634", "reporter": "Eero Volotinen", "references": ["http://linux.oracle.com/errata/ELSA-2013-0769.html"], "cvelist": ["CVE-2013-0242", "CVE-2013-1914"], "lastseen": "2019-05-29T18:36:20", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2013-270"]}, {"type": "centos", "idList": ["CESA-2013:0769", "CESA-2013:1605"]}, {"type": "cve", "idList": ["CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4458"]}, {"type": "debian", "idList": ["DEBIAN:DLA-165-1:23BFE"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-0242", "DEBIANCVE:CVE-2013-1914", "DEBIANCVE:CVE-2013-4458"]}, {"type": "f5", "idList": ["F5:K15640", "SOL15640"]}, {"type": "fedora", "idList": ["FEDORA:3CE6F210A0", "FEDORA:6201120A4F", "FEDORA:8E57121104"]}, {"type": "gentoo", "idList": ["GLSA-201503-04"]}, {"type": "mageia", "idList": ["MGASA-2013-0340"]}, {"type": "nessus", "idList": ["ALA_ALAS-2013-270.NASL", "CENTOS_RHSA-2013-0769.NASL", "CENTOS_RHSA-2013-1605.NASL", "DEBIAN_DLA-165.NASL", "EULEROS_SA-2019-1551.NASL", "EULEROS_SA-2019-1552.NASL", "FEDORA_2013-15053.NASL", "FEDORA_2013-4100.NASL", "FEDORA_2013-4174.NASL", "GENTOO_GLSA-201503-04.NASL", "MANDRIVA_MDVSA-2013-163.NASL", "MANDRIVA_MDVSA-2013-283.NASL", "NEWSTART_CGSL_NS-SA-2019-0012_GLIBC.NASL", "OPENSUSE-2013-723.NASL", "ORACLELINUX_ELSA-2013-0769.NASL", "ORACLELINUX_ELSA-2013-1605.NASL", "ORACLEVM_OVMSA-2014-0017.NASL", "ORACLEVM_OVMSA-2015-0023.NASL", "ORACLEVM_OVMSA-2015-0024.NASL", "REDHAT-RHSA-2013-0769.NASL", "REDHAT-RHSA-2013-1527.NASL", "REDHAT-RHSA-2013-1605.NASL", "SL_20130424_GLIBC_ON_SL5_X.NASL", "SL_20131121_GLIBC_ON_SL6_X.NASL", "SUSE_11_GLIBC-130913.NASL", "SUSE_11_GLIBC-130917.NASL", "SUSE_GLIBC-8579.NASL", "SUSE_SU-2013-0858-1.NASL", "SUSE_SU-2013-1251-1.NASL", "SUSE_SU-2013-1287-1.NASL", "SUSE_SU-2014-1122-1.NASL", "SUSE_SU-2014-1128-1.NASL", "UBUNTU_USN-1991-1.NASL", "VMWARE_ESXI_5_1_BUILD_2323231_REMOTE.NASL", "VMWARE_ESXI_5_1_BUILD_2323236_REMOTE.NASL", "VMWARE_ESXI_5_5_BUILD_2068190_REMOTE.NASL", "VMWARE_VMSA-2014-0008.NASL", "VMWARE_VMSA-2014-0008_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105086", "OPENVAS:1361412562310105087", "OPENVAS:1361412562310105088", "OPENVAS:1361412562310120295", "OPENVAS:1361412562310121358", "OPENVAS:1361412562310123527", "OPENVAS:1361412562310841605", "OPENVAS:1361412562310850912", "OPENVAS:1361412562310865504", "OPENVAS:1361412562310865671", "OPENVAS:1361412562310866841", "OPENVAS:1361412562310866854", "OPENVAS:1361412562310866873", "OPENVAS:1361412562310866945", "OPENVAS:1361412562310868418", "OPENVAS:1361412562310870985", "OPENVAS:1361412562310871075", "OPENVAS:1361412562310881722", "OPENVAS:1361412562311220191551", "OPENVAS:1361412562311220191552", "OPENVAS:841605", "OPENVAS:865504", "OPENVAS:865671", "OPENVAS:866841", "OPENVAS:866854", "OPENVAS:866873", "OPENVAS:866945", "OPENVAS:870985", "OPENVAS:871075", "OPENVAS:881722"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0769", "ELSA-2013-1605"]}, {"type": "osv", "idList": ["OSV:DLA-165-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164014"]}, {"type": "redhat", "idList": ["RHSA-2013:0769", "RHSA-2013:1527", "RHSA-2013:1605"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29383", "SECURITYVULNS:DOC:30044", "SECURITYVULNS:VULN:13071"]}, {"type": "suse", "idList": ["SUSE-SU-2014:1122-1", "SUSE-SU-2014:1128-1"]}, {"type": "ubuntu", "idList": ["USN-1991-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-0242", "UB:CVE-2013-1914", "UB:CVE-2013-4458"]}, {"type": "vmware", "idList": ["VMSA-2014-0008", "VMSA-2014-0008.2"]}, {"type": "zdt", "idList": ["1337DAY-ID-36699"]}]}, "score": {"value": 0.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2013-270"]}, {"type": "centos", "idList": ["CESA-2013:0769"]}, {"type": "cve", "idList": ["CVE-2013-0242", "CVE-2013-1914"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-0242", "DEBIANCVE:CVE-2013-1914"]}, {"type": "f5", "idList": ["SOL15640"]}, {"type": "fedora", "idList": ["FEDORA:3CE6F210A0"]}, {"type": "nessus", "idList": ["NEWSTART_CGSL_NS-SA-2019-0012_GLIBC.NASL", "SL_20131121_GLIBC_ON_SL6_X.NASL", "SUSE_SU-2014-1122-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310870985"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0769", "ELSA-2013-1605"]}, {"type": "redhat", "idList": ["RHSA-2013:1605"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13071"]}, {"type": "suse", "idList": ["SUSE-SU-2014:1128-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-0242"]}, {"type": "vmware", "idList": ["VMSA-2014-0008"]}, {"type": "zdt", "idList": ["1337DAY-ID-36699"]}]}, "exploitation": null, "vulnersScore": 0.0}, "pluginID": "1361412562310123634", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0769.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123634\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:06:33 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0769\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0769 - glibc security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0769\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0769.html\");\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~107.el5_9.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~107.el5_9.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~107.el5_9.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~107.el5_9.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~107.el5_9.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~107.el5_9.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "naslFamily": "Oracle Linux Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1659986029, "score": 1659840693}, "_internal": {"score_hash": "21ffeaac8c69723489687833b4760bae"}}
{"nessus": [{"lastseen": "2023-01-11T15:04:48", "description": "The remote ESXi host is affected by multiple denial of service vulnerabilities in the glibc library :\n\n - A buffer overflow condition exists in the extend_buffers() function in file posix/regexec.c due to improper validation of user-supplied input when handling multibyte characters in a regular expression. An unauthenticated, remote attacker can exploit this, via a crafted regular expression, to corrupt the memory, resulting in a denial of service. (CVE-2013-0242)\n\n - A stack-based buffer overflow condition exists in the getaddrinfo() function in file posix/getaddrinfo.c due to improper validation of user-supplied input during the handling of domain conversion results. An unauthenticated, remote attacker can exploit this to cause a denial of service by using a crafted host name or IP address that triggers a large number of domain conversion results. (CVE-2013-1914)", "cvss3": {}, "published": "2015-12-30T00:00:00", "type": "nessus", "title": "VMware ESXi Multiple DoS (VMSA-2014-0008)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esxi:5.0", "cpe:/o:vmware:esxi:5.1", "cpe:/o:vmware:esxi:5.5"], "id": "VMWARE_VMSA-2014-0008_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/87679", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87679);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-0242\",\n \"CVE-2013-1914\"\n );\n script_bugtraq_id(\n 57638,\n 58839\n );\n script_xref(name:\"VMSA\", value:\"2014-0008\");\n\n script_name(english:\"VMware ESXi Multiple DoS (VMSA-2014-0008)\");\n script_summary(english:\"Checks the version and build numbers of the remote host.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote ESXi host is affected by multiple denial of service\nvulnerabilities in the glibc library :\n\n - A buffer overflow condition exists in the\n extend_buffers() function in file posix/regexec.c due to\n improper validation of user-supplied input when handling\n multibyte characters in a regular expression. An\n unauthenticated, remote attacker can exploit this, via\n a crafted regular expression, to corrupt the memory,\n resulting in a denial of service. (CVE-2013-0242)\n\n - A stack-based buffer overflow condition exists in the\n getaddrinfo() function in file posix/getaddrinfo.c due\n to improper validation of user-supplied input during the\n handling of domain conversion results. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service by using a crafted host name\n or IP address that triggers a large number of domain\n conversion results. (CVE-2013-1914)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0008\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2014/000282.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESXi version 5.0 / 5.1 / 5.5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\n\npci = FALSE;\npci = get_kb_item(\"Settings/PCI_DSS\");\n\nif (\"ESXi\" >!< rel)\n audit(AUDIT_OS_NOT, \"VMware ESXi\");\n\nesx = \"ESXi\";\n\nextract = eregmatch(pattern:\"^ESXi (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, \"VMware ESXi\");\nelse\n ver = extract[1];\n\nfixes = make_array(\n \"5.0\", \"See vendor\",\n \"5.1\", \"2323236\",\n \"5.5\", \"2068190\"\n );\n\nfix = FALSE;\nfix = fixes[ver];\n\n# get the build before checking the fix for the most complete audit trail\nextract = eregmatch(pattern:'^VMware ESXi.* build-([0-9]+)$', string:rel);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_BUILD, \"VMware ESXi\", ver);\n\nbuild = int(extract[1]);\n\n# if there is no fix in the array, fix is FALSE\nif(!fix)\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver, build);\n\nif (!pci && fix == \"See vendor\")\n audit(AUDIT_PCI);\n\nvuln = FALSE;\n\n# This is for PCI reporting\nif (pci && fix == \"See vendor\")\n vuln = TRUE;\nelse if (build < fix )\n vuln = TRUE;\n\nif (vuln)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version : ESXi ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else\n security_warning(port:port);\n\n exit(0);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver, build);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:49:16", "description": "From Red Hat Security Advisory 2013:0769 :\n\nUpdated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nIt was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914)\n\nA flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242)\n\nThis update also fixes the following bugs :\n\n* The improvements RHSA-2012:1207 made to the accuracy of floating point functions in the math library caused performance regressions for those functions. The performance regressions were analyzed and a fix was applied that retains the current accuracy but reduces the performance penalty to acceptable levels. Refer to Red Hat Knowledge solution 229993, linked to in the References, for further information.\n(BZ#950535)\n\n* It was possible that a memory location freed by the localization code could be accessed immediately after, resulting in a crash. The fix ensures that the application does not crash by avoiding the invalid memory access. (BZ#951493)\n\nUsers of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : glibc (ELSA-2013-0769)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2013-0769.NASL", "href": "https://www.tenable.com/plugins/nessus/68814", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0769 and \n# Oracle Linux Security Advisory ELSA-2013-0769 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68814);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\");\n script_bugtraq_id(57638, 58839);\n script_xref(name:\"RHSA\", value:\"2013:0769\");\n\n script_name(english:\"Oracle Linux 5 : glibc (ELSA-2013-0769)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0769 :\n\nUpdated glibc packages that fix two security issues and two bugs are\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nIt was found that getaddrinfo() did not limit the amount of stack\nmemory used during name resolution. An attacker able to make an\napplication resolve an attacker-controlled hostname or IP address\ncould possibly cause the application to exhaust all stack memory and\ncrash. (CVE-2013-1914)\n\nA flaw was found in the regular expression matching routines that\nprocess multibyte character input. If an application utilized the\nglibc regular expression matching mechanism, an attacker could provide\nspecially crafted input that, when processed, would cause the\napplication to crash. (CVE-2013-0242)\n\nThis update also fixes the following bugs :\n\n* The improvements RHSA-2012:1207 made to the accuracy of floating\npoint functions in the math library caused performance regressions for\nthose functions. The performance regressions were analyzed and a fix\nwas applied that retains the current accuracy but reduces the\nperformance penalty to acceptable levels. Refer to Red Hat Knowledge\nsolution 229993, linked to in the References, for further information.\n(BZ#950535)\n\n* It was possible that a memory location freed by the localization\ncode could be accessed immediately after, resulting in a crash. The\nfix ensures that the application does not crash by avoiding the\ninvalid memory access. (BZ#951493)\n\nUsers of glibc are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-April/003438.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"glibc-2.5-107.el5_9.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-common-2.5-107.el5_9.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-devel-2.5-107.el5_9.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-headers-2.5-107.el5_9.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-utils-2.5-107.el5_9.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nscd-2.5-107.el5_9.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:46:17", "description": "Multiple vulnerabilities has been discovered and corrected in glibc :\n\nBuffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters (CVE-2013-0242).\n\nStack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results (CVE-2013-1914).\n\nThe updated packages have been patched to correct these issues.", "cvss3": {}, "published": "2013-05-08T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : glibc (MDVSA-2013:163)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:glibc", "p-cpe:/a:mandriva:linux:glibc-devel", "p-cpe:/a:mandriva:linux:glibc-doc", "p-cpe:/a:mandriva:linux:glibc-doc-pdf", "p-cpe:/a:mandriva:linux:glibc-i18ndata", "p-cpe:/a:mandriva:linux:glibc-profile", "p-cpe:/a:mandriva:linux:glibc-static-devel", "p-cpe:/a:mandriva:linux:glibc-utils", "p-cpe:/a:mandriva:linux:nscd", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2013-163.NASL", "href": "https://www.tenable.com/plugins/nessus/66342", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:163. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66342);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\");\n script_bugtraq_id(57638, 58839);\n script_xref(name:\"MDVSA\", value:\"2013:163\");\n\n script_name(english:\"Mandriva Linux Security Advisory : glibc (MDVSA-2013:163)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in glibc :\n\nBuffer overflow in the extend_buffers function in the regular\nexpression matcher (posix/regexec.c) in glibc, possibly 2.17 and\nearlier, allows context-dependent attackers to cause a denial of\nservice (memory corruption and crash) via crafted multibyte characters\n(CVE-2013-0242).\n\nStack-based buffer overflow in the getaddrinfo function in\nsysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17\nand earlier allows remote attackers to cause a denial of service\n(crash) via a (1) hostname or (2) IP address that triggers a large\nnumber of domain conversion results (CVE-2013-1914).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-2.14.1-12.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-devel-2.14.1-12.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"glibc-doc-2.14.1-12.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"glibc-doc-pdf-2.14.1-12.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-i18ndata-2.14.1-12.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-profile-2.14.1-12.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-static-devel-2.14.1-12.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-utils-2.14.1-12.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"nscd-2.14.1-12.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:45:39", "description": "Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nIt was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914)\n\nA flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242)\n\nThis update also fixes the following bugs :\n\n* The improvements RHSA-2012:1207 made to the accuracy of floating point functions in the math library caused performance regressions for those functions. The performance regressions were analyzed and a fix was applied that retains the current accuracy but reduces the performance penalty to acceptable levels. Refer to Red Hat Knowledge solution 229993, linked to in the References, for further information.\n(BZ#950535)\n\n* It was possible that a memory location freed by the localization code could be accessed immediately after, resulting in a crash. The fix ensures that the application does not crash by avoiding the invalid memory access. (BZ#951493)\n\nUsers of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2013-04-26T00:00:00", "type": "nessus", "title": "CentOS 5 : glibc (CESA-2013:0769)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2013-0769.NASL", "href": "https://www.tenable.com/plugins/nessus/66217", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0769 and \n# CentOS Errata and Security Advisory 2013:0769 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66217);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\");\n script_bugtraq_id(57638, 58839);\n script_xref(name:\"RHSA\", value:\"2013:0769\");\n\n script_name(english:\"CentOS 5 : glibc (CESA-2013:0769)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix two security issues and two bugs are\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nIt was found that getaddrinfo() did not limit the amount of stack\nmemory used during name resolution. An attacker able to make an\napplication resolve an attacker-controlled hostname or IP address\ncould possibly cause the application to exhaust all stack memory and\ncrash. (CVE-2013-1914)\n\nA flaw was found in the regular expression matching routines that\nprocess multibyte character input. If an application utilized the\nglibc regular expression matching mechanism, an attacker could provide\nspecially crafted input that, when processed, would cause the\napplication to crash. (CVE-2013-0242)\n\nThis update also fixes the following bugs :\n\n* The improvements RHSA-2012:1207 made to the accuracy of floating\npoint functions in the math library caused performance regressions for\nthose functions. The performance regressions were analyzed and a fix\nwas applied that retains the current accuracy but reduces the\nperformance penalty to acceptable levels. Refer to Red Hat Knowledge\nsolution 229993, linked to in the References, for further information.\n(BZ#950535)\n\n* It was possible that a memory location freed by the localization\ncode could be accessed immediately after, resulting in a crash. The\nfix ensures that the application does not crash by avoiding the\ninvalid memory access. (BZ#951493)\n\nUsers of glibc are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-April/019706.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?017c7356\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0242\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-2.5-107.el5_9.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-common-2.5-107.el5_9.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-devel-2.5-107.el5_9.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-headers-2.5-107.el5_9.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-utils-2.5-107.el5_9.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"nscd-2.5-107.el5_9.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-12T15:56:47", "description": "It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914)\n\nA flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242)\n\nThis update also fixes the following bugs :\n\n - The improvements made in a previous update to the accuracy of floating point functions in the math library caused performance regressions for those functions. The performance regressions were analyzed and a fix was applied that retains the current accuracy but reduces the performance penalty to acceptable levels.\n\n - It was possible that a memory location freed by the localization code could be accessed immediately after, resulting in a crash. The fix ensures that the application does not crash by avoiding the invalid memory access.", "cvss3": {}, "published": "2013-04-26T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20130424)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:glibc-headers", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:nscd", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130424_GLIBC_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/66227", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66227);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20130424)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that getaddrinfo() did not limit the amount of stack\nmemory used during name resolution. An attacker able to make an\napplication resolve an attacker-controlled hostname or IP address\ncould possibly cause the application to exhaust all stack memory and\ncrash. (CVE-2013-1914)\n\nA flaw was found in the regular expression matching routines that\nprocess multibyte character input. If an application utilized the\nglibc regular expression matching mechanism, an attacker could provide\nspecially crafted input that, when processed, would cause the\napplication to crash. (CVE-2013-0242)\n\nThis update also fixes the following bugs :\n\n - The improvements made in a previous update to the\n accuracy of floating point functions in the math library\n caused performance regressions for those functions. The\n performance regressions were analyzed and a fix was\n applied that retains the current accuracy but reduces\n the performance penalty to acceptable levels.\n\n - It was possible that a memory location freed by the\n localization code could be accessed immediately after,\n resulting in a crash. The fix ensures that the\n application does not crash by avoiding the invalid\n memory access.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1304&L=scientific-linux-errata&T=0&P=2612\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?369f093d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"glibc-2.5-107.el5_9.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-common-2.5-107.el5_9.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-debuginfo-2.5-107.el5_9.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-debuginfo-common-2.5-107.el5_9.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-devel-2.5-107.el5_9.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-headers-2.5-107.el5_9.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-utils-2.5-107.el5_9.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nscd-2.5-107.el5_9.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-12T15:56:50", "description": "Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nIt was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914)\n\nA flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242)\n\nThis update also fixes the following bugs :\n\n* The improvements RHSA-2012:1207 made to the accuracy of floating point functions in the math library caused performance regressions for those functions. The performance regressions were analyzed and a fix was applied that retains the current accuracy but reduces the performance penalty to acceptable levels. Refer to Red Hat Knowledge solution 229993, linked to in the References, for further information.\n(BZ#950535)\n\n* It was possible that a memory location freed by the localization code could be accessed immediately after, resulting in a crash. The fix ensures that the application does not crash by avoiding the invalid memory access. (BZ#951493)\n\nUsers of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2013-04-25T00:00:00", "type": "nessus", "title": "RHEL 5 : glibc (RHSA-2013:0769)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.9"], "id": "REDHAT-RHSA-2013-0769.NASL", "href": "https://www.tenable.com/plugins/nessus/66211", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0769. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66211);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\");\n script_bugtraq_id(57638, 58839);\n script_xref(name:\"RHSA\", value:\"2013:0769\");\n\n script_name(english:\"RHEL 5 : glibc (RHSA-2013:0769)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix two security issues and two bugs are\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nIt was found that getaddrinfo() did not limit the amount of stack\nmemory used during name resolution. An attacker able to make an\napplication resolve an attacker-controlled hostname or IP address\ncould possibly cause the application to exhaust all stack memory and\ncrash. (CVE-2013-1914)\n\nA flaw was found in the regular expression matching routines that\nprocess multibyte character input. If an application utilized the\nglibc regular expression matching mechanism, an attacker could provide\nspecially crafted input that, when processed, would cause the\napplication to crash. (CVE-2013-0242)\n\nThis update also fixes the following bugs :\n\n* The improvements RHSA-2012:1207 made to the accuracy of floating\npoint functions in the math library caused performance regressions for\nthose functions. The performance regressions were analyzed and a fix\nwas applied that retains the current accuracy but reduces the\nperformance penalty to acceptable levels. Refer to Red Hat Knowledge\nsolution 229993, linked to in the References, for further information.\n(BZ#950535)\n\n* It was possible that a memory location freed by the localization\ncode could be accessed immediately after, resulting in a crash. The\nfix ensures that the application does not crash by avoiding the\ninvalid memory access. (BZ#951493)\n\nUsers of glibc are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://rhn.redhat.com/errata/RHSA-2012-1207.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/site/solutions/229993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1914\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0769\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-2.5-107.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-common-2.5-107.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-common-2.5-107.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-common-2.5-107.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-debuginfo-2.5-107.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-debuginfo-common-2.5-107.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-devel-2.5-107.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-headers-2.5-107.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-headers-2.5-107.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-headers-2.5-107.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-utils-2.5-107.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-utils-2.5-107.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-utils-2.5-107.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nscd-2.5-107.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nscd-2.5-107.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nscd-2.5-107.el5_9.4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-18T14:41:20", "description": "The remote VMware ESXi host is version 5.1 prior to build 2323231. It is, therefore, affected by the following vulnerabilities in the glibc library :\n\n - A buffer overflow flaw exists in the 'extend_buffers' function of the 'posix/regexec.c' file due to improper validation of user input. Using a specially crafted expression, a remote attacker can cause a denial of service. (CVE-2013-0242)\n\n - A buffer overflow flaw exists in the 'getaddrinfo' function of the '/sysdeps/posix/getaddrinfo.c' file due to improper validation of user input. A remote attacker can cause a denial of service by triggering a large number of domain conversions. (CVE-2013-1914)", "cvss3": {}, "published": "2014-12-15T00:00:00", "type": "nessus", "title": "ESXi 5.1 < Build 2323231 glibc Library Multiple Vulnerabilities (remote check)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/o:vmware:esxi"], "id": "VMWARE_ESXI_5_1_BUILD_2323231_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/80037", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80037);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\");\n script_bugtraq_id(57638, 58839);\n script_xref(name:\"VMSA\", value:\"2014-0008\");\n\n script_name(english:\"ESXi 5.1 < Build 2323231 glibc Library Multiple Vulnerabilities (remote check)\");\n script_summary(english:\"Checks the ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi 5.1 host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi host is version 5.1 prior to build 2323231. It\nis, therefore, affected by the following vulnerabilities in the glibc\nlibrary :\n\n - A buffer overflow flaw exists in the 'extend_buffers'\n function of the 'posix/regexec.c' file due to improper\n validation of user input. Using a specially crafted\n expression, a remote attacker can cause a denial of\n service. (CVE-2013-0242)\n\n - A buffer overflow flaw exists in the 'getaddrinfo'\n function of the '/sysdeps/posix/getaddrinfo.c' file\n due to improper validation of user input. A remote\n attacker can cause a denial of service by triggering\n a large number of domain conversions. (CVE-2013-1914)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0008.html\");\n script_set_attribute(attribute:\"solution\", value:\"Apply patch ESXi510-201412101-SG for ESXi 5.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Misc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.1\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.1\");\n\nmatch = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 2323231;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver - \"ESXi \" + \" build \" + build);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-18T14:39:32", "description": "The remote VMware ESXi host is version 5.5 prior to build 1980513. It is, therefore, affected by the following vulnerabilities in the glibc library :\n\n - A buffer overflow flaw exists in the 'extend_buffers' function of the 'posix/regexec.c' file, due to not properly validating user input. Using a specially crafted expression, a remote attacker can cause a denial of service. (CVE-2013-0242)\n\n - A buffer overflow flaw exists in the 'getaddrinfo' function of the '/sysdeps/posix/getaddrinfo.c' file, due to not properly validating user input. A remote attacker can cause a denial of service by triggering a large number of domain conversions. (CVE-2013-1914)", "cvss3": {}, "published": "2014-10-09T00:00:00", "type": "nessus", "title": "ESXi 5.5 < Build 1980513 glibc Library Multiple Vulnerabilities (remote check)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914"], "modified": "2018-08-06T00:00:00", "cpe": ["cpe:/o:vmware:esxi"], "id": "VMWARE_ESXI_5_5_BUILD_2068190_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/78108", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78108);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/08/06 14:03:15\");\n\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\");\n script_bugtraq_id(57638, 58839);\n script_xref(name:\"VMSA\", value:\"2014-0008\");\n\n script_name(english:\"ESXi 5.5 < Build 1980513 glibc Library Multiple Vulnerabilities (remote check)\");\n script_summary(english:\"Checks the ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi 5.5 host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi host is version 5.5 prior to build 1980513. It\nis, therefore, affected by the following vulnerabilities in the glibc\nlibrary :\n\n - A buffer overflow flaw exists in the 'extend_buffers'\n function of the 'posix/regexec.c' file, due to not\n properly validating user input. Using a specially\n crafted expression, a remote attacker can cause a\n denial of service. (CVE-2013-0242)\n\n - A buffer overflow flaw exists in the 'getaddrinfo'\n function of the '/sysdeps/posix/getaddrinfo.c' file,\n due to not properly validating user input. A remote\n attacker can cause a denial of service by triggering\n a large number of domain conversions. (CVE-2013-1914)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2014/000260.html\");\n script_set_attribute(attribute:\"solution\", value:\"Apply patch ESXi550-201409101-SG for ESXi 5.5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/09\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Misc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.5\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.5\");\n\nmatch = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 1980513;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver - \"ESXi \" + \" build \" + build);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:02:03", "description": "Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332)\n\nA flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242)\n\nIt was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914)", "cvss3": {}, "published": "2013-12-23T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : glibc (ALAS-2013-270)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4332"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:glibc", "p-cpe:/a:amazon:linux:glibc-common", "p-cpe:/a:amazon:linux:glibc-debuginfo", "p-cpe:/a:amazon:linux:glibc-debuginfo-common", "p-cpe:/a:amazon:linux:glibc-devel", "p-cpe:/a:amazon:linux:glibc-headers", "p-cpe:/a:amazon:linux:glibc-static", "p-cpe:/a:amazon:linux:glibc-utils", "p-cpe:/a:amazon:linux:nscd", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2013-270.NASL", "href": "https://www.tenable.com/plugins/nessus/71582", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-270.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71582);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4332\");\n script_xref(name:\"ALAS\", value:\"2013-270\");\n script_xref(name:\"RHSA\", value:\"2013:1605\");\n\n script_name(english:\"Amazon Linux AMI : glibc (ALAS-2013-270)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in glibc's memory allocator functions (pvalloc,\nvalloc, and memalign). If an application used such a function, it\ncould cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2013-4332)\n\nA flaw was found in the regular expression matching routines that\nprocess multibyte character input. If an application utilized the\nglibc regular expression matching mechanism, an attacker could provide\nspecially crafted input that, when processed, would cause the\napplication to crash. (CVE-2013-0242)\n\nIt was found that getaddrinfo() did not limit the amount of stack\nmemory used during name resolution. An attacker able to make an\napplication resolve an attacker-controlled hostname or IP address\ncould possibly cause the application to exhaust all stack memory and\ncrash. (CVE-2013-1914)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-270.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update glibc' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"glibc-2.12-1.132.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-common-2.12-1.132.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-2.12-1.132.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-common-2.12-1.132.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-devel-2.12-1.132.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-headers-2.12-1.132.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-static-2.12-1.132.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-utils-2.12-1.132.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nscd-2.12-1.132.45.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:01:05", "description": "From Red Hat Security Advisory 2013:1605 :\n\nUpdated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332)\n\nA flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242)\n\nIt was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914)\n\nAmong other changes, this update includes an important fix for the following bug :\n\n* Due to a defect in the initial release of the getaddrinfo() system call in Red Hat enterprise Linux 6.0, AF_INET and AF_INET6 queries resolved from the /etc/hosts file returned queried names as canonical names. This incorrect behavior is, however, still considered to be the expected behavior. As a result of a recent change in getaddrinfo(), AF_INET6 queries started resolving the canonical names correctly.\nHowever, this behavior was unexpected by applications that relied on queries resolved from the /etc/hosts file, and these applications could thus fail to operate properly. This update applies a fix ensuring that AF_INET6 queries resolved from /etc/hosts always return the queried name as canonical. Note that DNS lookups are resolved properly and always return the correct canonical names. A proper fix to AF_INET6 queries resolution from /etc/hosts may be applied in future releases; for now, due to a lack of standard, Red Hat suggests the first entry in the /etc/hosts file, that applies for the IP address being resolved, to be considered the canonical entry.\n(BZ#1022022)\n\nThese updated glibc packages also include additional bug fixes and various enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes.\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "cvss3": {}, "published": "2013-11-27T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : glibc (ELSA-2013-1605)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4332"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-static", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2013-1605.NASL", "href": "https://www.tenable.com/plugins/nessus/71106", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:1605 and \n# Oracle Linux Security Advisory ELSA-2013-1605 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71106);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4332\");\n script_bugtraq_id(57638, 58839, 62324);\n script_xref(name:\"RHSA\", value:\"2013:1605\");\n\n script_name(english:\"Oracle Linux 6 : glibc (ELSA-2013-1605)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:1605 :\n\nUpdated glibc packages that fix three security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nMultiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in glibc's memory allocator functions (pvalloc,\nvalloc, and memalign). If an application used such a function, it\ncould cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2013-4332)\n\nA flaw was found in the regular expression matching routines that\nprocess multibyte character input. If an application utilized the\nglibc regular expression matching mechanism, an attacker could provide\nspecially crafted input that, when processed, would cause the\napplication to crash. (CVE-2013-0242)\n\nIt was found that getaddrinfo() did not limit the amount of stack\nmemory used during name resolution. An attacker able to make an\napplication resolve an attacker-controlled hostname or IP address\ncould possibly cause the application to exhaust all stack memory and\ncrash. (CVE-2013-1914)\n\nAmong other changes, this update includes an important fix for the\nfollowing bug :\n\n* Due to a defect in the initial release of the getaddrinfo() system\ncall in Red Hat enterprise Linux 6.0, AF_INET and AF_INET6 queries\nresolved from the /etc/hosts file returned queried names as canonical\nnames. This incorrect behavior is, however, still considered to be the\nexpected behavior. As a result of a recent change in getaddrinfo(),\nAF_INET6 queries started resolving the canonical names correctly.\nHowever, this behavior was unexpected by applications that relied on\nqueries resolved from the /etc/hosts file, and these applications\ncould thus fail to operate properly. This update applies a fix\nensuring that AF_INET6 queries resolved from /etc/hosts always return\nthe queried name as canonical. Note that DNS lookups are resolved\nproperly and always return the correct canonical names. A proper fix\nto AF_INET6 queries resolution from /etc/hosts may be applied in\nfuture releases; for now, due to a lack of standard, Red Hat suggests\nthe first entry in the /etc/hosts file, that applies for the IP\naddress being resolved, to be considered the canonical entry.\n(BZ#1022022)\n\nThese updated glibc packages also include additional bug fixes and\nvarious enhancements. Space precludes documenting all of these changes\nin this advisory. Users are directed to the Red Hat Enterprise Linux\n6.5 Technical Notes, linked to in the References, for information on\nthe most significant of these changes.\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-November/003806.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"glibc-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-common-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-devel-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-headers-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-static-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-utils-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nscd-2.12-1.132.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:02:29", "description": "Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332)\n\nA flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242)\n\nIt was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914)\n\nAmong other changes, this update includes an important fix for the following bug :\n\n - Due to a defect in the initial release of the getaddrinfo() system call in Scientific Linux 6.0, AF_INET and AF_INET6 queries resolved from the /etc/hosts file returned queried names as canonical names. This incorrect behavior is, however, still considered to be the expected behavior. As a result of a recent change in getaddrinfo(), AF_INET6 queries started resolving the canonical names correctly. However, this behavior was unexpected by applications that relied on queries resolved from the /etc/hosts file, and these applications could thus fail to operate properly. This update applies a fix ensuring that AF_INET6 queries resolved from /etc/hosts always return the queried name as canonical. Note that DNS lookups are resolved properly and always return the correct canonical names.\n A proper fix to AF_INET6 queries resolution from /etc/hosts may be applied in future releases; for now, due to a lack of standard, Red Hat suggests the first entry in the /etc/hosts file, that applies for the IP address being resolved, to be considered the canonical entry.", "cvss3": {}, "published": "2013-12-04T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20131121)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4332"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:glibc-headers", "p-cpe:/a:fermilab:scientific_linux:glibc-static", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:nscd", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20131121_GLIBC_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/71193", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71193);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4332\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20131121)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in glibc's memory allocator functions (pvalloc,\nvalloc, and memalign). If an application used such a function, it\ncould cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2013-4332)\n\nA flaw was found in the regular expression matching routines that\nprocess multibyte character input. If an application utilized the\nglibc regular expression matching mechanism, an attacker could provide\nspecially crafted input that, when processed, would cause the\napplication to crash. (CVE-2013-0242)\n\nIt was found that getaddrinfo() did not limit the amount of stack\nmemory used during name resolution. An attacker able to make an\napplication resolve an attacker-controlled hostname or IP address\ncould possibly cause the application to exhaust all stack memory and\ncrash. (CVE-2013-1914)\n\nAmong other changes, this update includes an important fix for the\nfollowing bug :\n\n - Due to a defect in the initial release of the\n getaddrinfo() system call in Scientific Linux 6.0,\n AF_INET and AF_INET6 queries resolved from the\n /etc/hosts file returned queried names as canonical\n names. This incorrect behavior is, however, still\n considered to be the expected behavior. As a result of a\n recent change in getaddrinfo(), AF_INET6 queries started\n resolving the canonical names correctly. However, this\n behavior was unexpected by applications that relied on\n queries resolved from the /etc/hosts file, and these\n applications could thus fail to operate properly. This\n update applies a fix ensuring that AF_INET6 queries\n resolved from /etc/hosts always return the queried name\n as canonical. Note that DNS lookups are resolved\n properly and always return the correct canonical names.\n A proper fix to AF_INET6 queries resolution from\n /etc/hosts may be applied in future releases; for now,\n due to a lack of standard, Red Hat suggests the first\n entry in the /etc/hosts file, that applies for the IP\n address being resolved, to be considered the canonical\n entry.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1312&L=scientific-linux-errata&T=0&P=448\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ae8b87b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"glibc-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-common-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-debuginfo-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-debuginfo-common-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-devel-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-headers-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-static-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-utils-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nscd-2.12-1.132.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:01:42", "description": "Updated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332)\n\nA flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242)\n\nIt was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914)\n\nAmong other changes, this update includes an important fix for the following bug :\n\n* Due to a defect in the initial release of the getaddrinfo() system call in Red Hat enterprise Linux 6.0, AF_INET and AF_INET6 queries resolved from the /etc/hosts file returned queried names as canonical names. This incorrect behavior is, however, still considered to be the expected behavior. As a result of a recent change in getaddrinfo(), AF_INET6 queries started resolving the canonical names correctly.\nHowever, this behavior was unexpected by applications that relied on queries resolved from the /etc/hosts file, and these applications could thus fail to operate properly. This update applies a fix ensuring that AF_INET6 queries resolved from /etc/hosts always return the queried name as canonical. Note that DNS lookups are resolved properly and always return the correct canonical names. A proper fix to AF_INET6 queries resolution from /etc/hosts may be applied in future releases; for now, due to a lack of standard, Red Hat suggests the first entry in the /etc/hosts file, that applies for the IP address being resolved, to be considered the canonical entry.\n(BZ#1022022)\n\nThese updated glibc packages also include additional bug fixes and various enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes.\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "cvss3": {}, "published": "2013-11-21T00:00:00", "type": "nessus", "title": "RHEL 6 : glibc (RHSA-2013:1605)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4332"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-1605.NASL", "href": "https://www.tenable.com/plugins/nessus/71009", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1605. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71009);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4332\");\n script_bugtraq_id(57638, 58839, 62324);\n script_xref(name:\"RHSA\", value:\"2013:1605\");\n\n script_name(english:\"RHEL 6 : glibc (RHSA-2013:1605)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix three security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nMultiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in glibc's memory allocator functions (pvalloc,\nvalloc, and memalign). If an application used such a function, it\ncould cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2013-4332)\n\nA flaw was found in the regular expression matching routines that\nprocess multibyte character input. If an application utilized the\nglibc regular expression matching mechanism, an attacker could provide\nspecially crafted input that, when processed, would cause the\napplication to crash. (CVE-2013-0242)\n\nIt was found that getaddrinfo() did not limit the amount of stack\nmemory used during name resolution. An attacker able to make an\napplication resolve an attacker-controlled hostname or IP address\ncould possibly cause the application to exhaust all stack memory and\ncrash. (CVE-2013-1914)\n\nAmong other changes, this update includes an important fix for the\nfollowing bug :\n\n* Due to a defect in the initial release of the getaddrinfo() system\ncall in Red Hat enterprise Linux 6.0, AF_INET and AF_INET6 queries\nresolved from the /etc/hosts file returned queried names as canonical\nnames. This incorrect behavior is, however, still considered to be the\nexpected behavior. As a result of a recent change in getaddrinfo(),\nAF_INET6 queries started resolving the canonical names correctly.\nHowever, this behavior was unexpected by applications that relied on\nqueries resolved from the /etc/hosts file, and these applications\ncould thus fail to operate properly. This update applies a fix\nensuring that AF_INET6 queries resolved from /etc/hosts always return\nthe queried name as canonical. Note that DNS lookups are resolved\nproperly and always return the correct canonical names. A proper fix\nto AF_INET6 queries resolution from /etc/hosts may be applied in\nfuture releases; for now, due to a lack of standard, Red Hat suggests\nthe first entry in the /etc/hosts file, that applies for the IP\naddress being resolved, to be considered the canonical entry.\n(BZ#1022022)\n\nThese updated glibc packages also include additional bug fixes and\nvarious enhancements. Space precludes documenting all of these changes\nin this advisory. Users are directed to the Red Hat Enterprise Linux\n6.5 Technical Notes, linked to in the References, for information on\nthe most significant of these changes.\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6b506c4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4332\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1605\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-2.12-1.132.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-common-2.12-1.132.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-common-2.12-1.132.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.132.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-2.12-1.132.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-common-2.12-1.132.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-devel-2.12-1.132.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-headers-2.12-1.132.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-headers-2.12-1.132.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.132.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-static-2.12-1.132.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-utils-2.12-1.132.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-utils-2.12-1.132.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.132.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"nscd-2.12-1.132.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"nscd-2.12-1.132.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"nscd-2.12-1.132.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-18T14:40:00", "description": "Updated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332)\n\nA flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242)\n\nIt was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914)\n\nAmong other changes, this update includes an important fix for the following bug :\n\n* Due to a defect in the initial release of the getaddrinfo() system call in Red Hat enterprise Linux 6.0, AF_INET and AF_INET6 queries resolved from the /etc/hosts file returned queried names as canonical names. This incorrect behavior is, however, still considered to be the expected behavior. As a result of a recent change in getaddrinfo(), AF_INET6 queries started resolving the canonical names correctly.\nHowever, this behavior was unexpected by applications that relied on queries resolved from the /etc/hosts file, and these applications could thus fail to operate properly. This update applies a fix ensuring that AF_INET6 queries resolved from /etc/hosts always return the queried name as canonical. Note that DNS lookups are resolved properly and always return the correct canonical names. A proper fix to AF_INET6 queries resolution from /etc/hosts may be applied in future releases; for now, due to a lack of standard, Red Hat suggests the first entry in the /etc/hosts file, that applies for the IP address being resolved, to be considered the canonical entry.\n(BZ#1022022)\n\nThese updated glibc packages also include additional bug fixes and various enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes.\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "cvss3": {}, "published": "2014-11-12T00:00:00", "type": "nessus", "title": "CentOS 6 : glibc (CESA-2013:1605)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4332"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc-static", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2013-1605.NASL", "href": "https://www.tenable.com/plugins/nessus/79166", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1605 and \n# CentOS Errata and Security Advisory 2013:1605 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79166);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4332\");\n script_bugtraq_id(57638, 58839, 62324);\n script_xref(name:\"RHSA\", value:\"2013:1605\");\n\n script_name(english:\"CentOS 6 : glibc (CESA-2013:1605)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix three security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nMultiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in glibc's memory allocator functions (pvalloc,\nvalloc, and memalign). If an application used such a function, it\ncould cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2013-4332)\n\nA flaw was found in the regular expression matching routines that\nprocess multibyte character input. If an application utilized the\nglibc regular expression matching mechanism, an attacker could provide\nspecially crafted input that, when processed, would cause the\napplication to crash. (CVE-2013-0242)\n\nIt was found that getaddrinfo() did not limit the amount of stack\nmemory used during name resolution. An attacker able to make an\napplication resolve an attacker-controlled hostname or IP address\ncould possibly cause the application to exhaust all stack memory and\ncrash. (CVE-2013-1914)\n\nAmong other changes, this update includes an important fix for the\nfollowing bug :\n\n* Due to a defect in the initial release of the getaddrinfo() system\ncall in Red Hat enterprise Linux 6.0, AF_INET and AF_INET6 queries\nresolved from the /etc/hosts file returned queried names as canonical\nnames. This incorrect behavior is, however, still considered to be the\nexpected behavior. As a result of a recent change in getaddrinfo(),\nAF_INET6 queries started resolving the canonical names correctly.\nHowever, this behavior was unexpected by applications that relied on\nqueries resolved from the /etc/hosts file, and these applications\ncould thus fail to operate properly. This update applies a fix\nensuring that AF_INET6 queries resolved from /etc/hosts always return\nthe queried name as canonical. Note that DNS lookups are resolved\nproperly and always return the correct canonical names. A proper fix\nto AF_INET6 queries resolution from /etc/hosts may be applied in\nfuture releases; for now, due to a lack of standard, Red Hat suggests\nthe first entry in the /etc/hosts file, that applies for the IP\naddress being resolved, to be considered the canonical entry.\n(BZ#1022022)\n\nThese updated glibc packages also include additional bug fixes and\nvarious enhancements. Space precludes documenting all of these changes\nin this advisory. Users are directed to the Red Hat Enterprise Linux\n6.5 Technical Notes, linked to in the References, for information on\nthe most significant of these changes.\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-November/000947.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f77df32f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0242\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-common-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-devel-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-headers-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-static-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-utils-2.12-1.132.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nscd-2.12-1.132.el6\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-18T14:40:26", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, \n\n - Don't use alloca in addgetnetgrentX (#1087789).\n\n - Adjust pointers to triplets in netgroup query data (#1087789).\n\n - Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1098050).\n\n - Fix race in free of fastbin chunk (#1091162).\n\n - Revert the addition of gettimeofday vDSO function for ppc and ppc64 until OPD VDSO function call issues are resolved (#1026533).\n\n - Call gethostbyname4_r only for PF_UNSPEC (#1022022).\n\n - Fix integer overflows in *valloc and memalign.\n (#1008310).\n\n - Initialize res_hconf in nscd (#970090).\n\n - Update previous patch for dcigettext.c and loadmsgcat.c (#834386).\n\n - Save search paths before performing relro protection (#988931).\n\n - Correctly name the 240-bit slow path sytemtap probe slowpow_p10 for slowpow (#905575).\n\n - Align value of stacksize in nptl-init (#663641).\n\n - Renamed release engineering directory from 'fedora' to `releng' (#903754).\n\n - Backport GLIBC sched_getcpu and gettimeofday vDSO functions for ppc (#929302).\n\n - Fall back to local DNS if resolv.conf does not define nameservers (#928318).\n\n - Add systemtap probes to slowexp and slowpow (#905575).\n\n - Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951213).\n\n - Fix multibyte character processing crash in regexp (CVE-2013-0242, #951213).\n\n - Add netgroup cache support for nscd (#629823).\n\n - Fix multiple nss_compat initgroups bugs (#966778).\n\n - Don't use simple lookup for AF_INET when AI_CANONNAME is set (#863384).\n\n - Add MAP_HUGETLB and MAP_STACK support (#916986).\n\n - Update translation for stale file handle error (#970776).\n\n - Improve performance of _SC_NPROCESSORS_ONLN (#rh952422).\n\n - Fix up _init in pt-initfini to accept arguments (#663641).\n\n - Set reasonable limits on xdr requests to prevent memory leaks (#848748).\n\n - Fix mutex locking for PI mutexes on spurious wake-ups on pthread condvars (#552960).\n\n - New environment variable GLIBC_PTHREAD_STACKSIZE to set thread stack size (#663641).\n\n - Improved handling of recursive calls in backtrace (#868808).\n\n - The ttyname and ttyname_r functions on Linux now fall back to searching for the tty file descriptor in /dev/pts or /dev if /proc is not available. This allows creation of chroots without the procfs mounted on /proc.\n (#851470)\n\n - Don't free rpath strings allocated during startup until after ld.so is re-relocated. (#862094)\n\n - Consistantly MANGLE/DEMANGLE function pointers. Fix use after free in dcigettext.c (#834386).\n\n - Change rounding mode only when necessary (#966775).\n\n - Backport of code to allow incremental loading of library list (#886968).\n\n - Fix loading of audit libraries when TLS is in use (#919562)\n\n - Fix application of SIMD FP exception mask (#929388).", "cvss3": {}, "published": "2014-11-26T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : glibc (OVMSA-2014-0017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914", "CVE-2014-0475", "CVE-2014-5119"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:glibc", "p-cpe:/a:oracle:vm:glibc-common", "p-cpe:/a:oracle:vm:nscd", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2014-0017.NASL", "href": "https://www.tenable.com/plugins/nessus/79539", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2014-0017.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79539);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2014-0475\", \"CVE-2014-5119\");\n script_bugtraq_id(57638, 58839, 68505, 68983, 69738);\n\n script_name(english:\"OracleVM 3.3 : glibc (OVMSA-2014-0017)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Remove gconv transliteration loadable modules support\n (CVE-2014-5119, - _nl_find_locale: Improve handling of\n crafted locale names (CVE-2014-0475, \n\n - Don't use alloca in addgetnetgrentX (#1087789).\n\n - Adjust pointers to triplets in netgroup query data\n (#1087789).\n\n - Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN\n (#1098050).\n\n - Fix race in free of fastbin chunk (#1091162).\n\n - Revert the addition of gettimeofday vDSO function for\n ppc and ppc64 until OPD VDSO function call issues are\n resolved (#1026533).\n\n - Call gethostbyname4_r only for PF_UNSPEC (#1022022).\n\n - Fix integer overflows in *valloc and memalign.\n (#1008310).\n\n - Initialize res_hconf in nscd (#970090).\n\n - Update previous patch for dcigettext.c and loadmsgcat.c\n (#834386).\n\n - Save search paths before performing relro protection\n (#988931).\n\n - Correctly name the 240-bit slow path sytemtap probe\n slowpow_p10 for slowpow (#905575).\n\n - Align value of stacksize in nptl-init (#663641).\n\n - Renamed release engineering directory from 'fedora' to\n `releng' (#903754).\n\n - Backport GLIBC sched_getcpu and gettimeofday vDSO\n functions for ppc (#929302).\n\n - Fall back to local DNS if resolv.conf does not define\n nameservers (#928318).\n\n - Add systemtap probes to slowexp and slowpow (#905575).\n\n - Fix getaddrinfo stack overflow resulting in application\n crash (CVE-2013-1914, #951213).\n\n - Fix multibyte character processing crash in regexp\n (CVE-2013-0242, #951213).\n\n - Add netgroup cache support for nscd (#629823).\n\n - Fix multiple nss_compat initgroups bugs (#966778).\n\n - Don't use simple lookup for AF_INET when AI_CANONNAME is\n set (#863384).\n\n - Add MAP_HUGETLB and MAP_STACK support (#916986).\n\n - Update translation for stale file handle error\n (#970776).\n\n - Improve performance of _SC_NPROCESSORS_ONLN (#rh952422).\n\n - Fix up _init in pt-initfini to accept arguments\n (#663641).\n\n - Set reasonable limits on xdr requests to prevent memory\n leaks (#848748).\n\n - Fix mutex locking for PI mutexes on spurious wake-ups on\n pthread condvars (#552960).\n\n - New environment variable GLIBC_PTHREAD_STACKSIZE to set\n thread stack size (#663641).\n\n - Improved handling of recursive calls in backtrace\n (#868808).\n\n - The ttyname and ttyname_r functions on Linux now fall\n back to searching for the tty file descriptor in\n /dev/pts or /dev if /proc is not available. This allows\n creation of chroots without the procfs mounted on /proc.\n (#851470)\n\n - Don't free rpath strings allocated during startup until\n after ld.so is re-relocated. (#862094)\n\n - Consistantly MANGLE/DEMANGLE function pointers. Fix use\n after free in dcigettext.c (#834386).\n\n - Change rounding mode only when necessary (#966775).\n\n - Backport of code to allow incremental loading of library\n list (#886968).\n\n - Fix loading of audit libraries when TLS is in use\n (#919562)\n\n - Fix application of SIMD FP exception mask (#929388).\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2014-September/000218.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2eb23e08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc / glibc-common / nscd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"glibc-2.12-1.132.el6_5.4\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"glibc-common-2.12-1.132.el6_5.4\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"nscd-2.12-1.132.el6_5.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / nscd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:55:54", "description": "This collective update for the GNU C library (glibc) provides the following fixes :\n\n - Fix stack overflow in getaddrinfo with many results (bnc#813121, CVE-2013-1914)\n\n - Fix locking in _IO_cleanup (bnc#796982)\n\n - Fix buffer overflow in glob (bnc#691365)\n\n - Fix memory leak in execve (bnc#805899)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLED10 / SLES10 Security Update : glibc (SUSE-SU-2013:0858-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1914"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glibc", "p-cpe:/a:novell:suse_linux:glibc-devel", "p-cpe:/a:novell:suse_linux:glibc-html", "p-cpe:/a:novell:suse_linux:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:glibc-info", "p-cpe:/a:novell:suse_linux:glibc-locale", "p-cpe:/a:novell:suse_linux:glibc-profile", "p-cpe:/a:novell:suse_linux:nscd", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2013-0858-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83588", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2013:0858-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83588);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-1914\");\n script_bugtraq_id(58839);\n\n script_name(english:\"SUSE SLED10 / SLES10 Security Update : glibc (SUSE-SU-2013:0858-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This collective update for the GNU C library (glibc) provides the\nfollowing fixes :\n\n - Fix stack overflow in getaddrinfo with many results\n (bnc#813121, CVE-2013-1914)\n\n - Fix locking in _IO_cleanup (bnc#796982)\n\n - Fix buffer overflow in glob (bnc#691365)\n\n - Fix memory leak in execve (bnc#805899)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://download.suse.com/patch/finder/?keywords=4ca050db7cee063070fd004b2b257e13\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2dfbe98d\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1914.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/691365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/796982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/805899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/810637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/813121\"\n );\n # https://www.suse.com/support/update/announcement/2013/suse-su-20130858-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7edf911\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc packages\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED10|SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED10 / SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED10\" && (! ereg(pattern:\"^4$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED10 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES10\" && (! ereg(pattern:\"^4$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-devel-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-html-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-i18ndata-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-info-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-locale-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"nscd-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"glibc-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"glibc-devel-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"glibc-html-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"glibc-i18ndata-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"glibc-info-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"glibc-locale-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"nscd-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-devel-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-locale-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-profile-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-devel-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-html-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-i18ndata-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-info-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-locale-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-profile-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"nscd-2.4-31.109.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:47:25", "description": "This collective update for the GNU C library (glibc) provides the following fixes :\n\n - Fix stack overflow in getaddrinfo with many results.\n (bnc#813121, CVE-2013-1914)\n\n - Fix locking in _IO_cleanup. (bnc#796982)\n\n - Fix buffer overflow in glob. (bnc#691365)\n\n - Fix memory leak in execve (bnc#805899)", "cvss3": {}, "published": "2013-06-05T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : glibc (ZYPP Patch Number 8579)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1914"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GLIBC-8579.NASL", "href": "https://www.tenable.com/plugins/nessus/66802", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66802);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-1914\");\n\n script_name(english:\"SuSE 10 Security Update : glibc (ZYPP Patch Number 8579)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This collective update for the GNU C library (glibc) provides the\nfollowing fixes :\n\n - Fix stack overflow in getaddrinfo with many results.\n (bnc#813121, CVE-2013-1914)\n\n - Fix locking in _IO_cleanup. (bnc#796982)\n\n - Fix buffer overflow in glob. (bnc#691365)\n\n - Fix memory leak in execve (bnc#805899)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1914.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8579.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-devel-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-html-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-i18ndata-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-info-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-locale-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"nscd-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-devel-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-html-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-i18ndata-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-info-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-locale-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-profile-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"nscd-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.4-31.109.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:47:27", "description": "Fix multibyte character processing crash in regexp (#922889, #905874, CVE-2013-0242)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-06-02T00:00:00", "type": "nessus", "title": "Fedora 17 : glibc-2.15-59.fc17 (2013-4174)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:glibc", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2013-4174.NASL", "href": "https://www.tenable.com/plugins/nessus/66724", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-4174.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66724);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-0242\");\n script_bugtraq_id(57638);\n script_xref(name:\"FEDORA\", value:\"2013-4174\");\n\n script_name(english:\"Fedora 17 : glibc-2.15-59.fc17 (2013-4174)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix multibyte character processing crash in regexp (#922889, #905874,\nCVE-2013-0242)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=905874\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-June/107443.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e82771d7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"glibc-2.15-59.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:44:06", "description": "Fix multibyte character processing crash in regexp (CVE-2013-0242).\nFix ownership of /usr/lib[64]/audit (#894307). Rename release engineering directory to `releng' (#903754).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-04-01T00:00:00", "type": "nessus", "title": "Fedora 18 : glibc-2.16-30.fc18 (2013-4100)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:glibc", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-4100.NASL", "href": "https://www.tenable.com/plugins/nessus/65745", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-4100.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65745);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-0242\");\n script_bugtraq_id(57638);\n script_xref(name:\"FEDORA\", value:\"2013-4100\");\n\n script_name(english:\"Fedora 18 : glibc-2.16-30.fc18 (2013-4100)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix multibyte character processing crash in regexp (CVE-2013-0242).\nFix ownership of /usr/lib[64]/audit (#894307). Rename release\nengineering directory to `releng' (#903754).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=905874\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-March/101148.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dd0e1019\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"glibc-2.16-30.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:02:47", "description": "This update for glibc contains the following fixes :\n\n - Fix integer overflows in malloc. (CVE-2013-4332, bnc#839870)\n\n - Fix buffer overflow in glob. (bnc#691365)\n\n - Fix buffer overflow in strcoll. (CVE-2012-4412, bnc#779320)\n\n - Update mount flags in <sys/mount.h>. (bnc#791928)\n\n - Fix buffer overrun in regexp matcher. (CVE-2013-0242, bnc#801246)\n\n - Fix memory leaks in dlopen. (bnc#811979)\n\n - Fix stack overflow in getaddrinfo with many results.\n (CVE-2013-1914, bnc#813121)\n\n - Don't raise UNDERFLOW in tan/tanf for small but normal argument. (bnc#819347)\n\n - Properly cross page boundary in SSE4.2 implementation of strcmp. (bnc#822210)\n\n - Fix robust mutex handling after fork. (bnc#827811)\n\n - Fix missing character in IBM-943 charset. (bnc#828235)\n\n - Fix use of alloca in gaih_inet. (bnc#828637)\n\n - Initialize pointer guard also in static executables.\n (CVE-2013-4788, bnc#830268)\n\n - Fix readdir_r with long file names. (CVE-2013-4237, bnc#834594)", "cvss3": {}, "published": "2013-12-10T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : glibc (SAT Patch Number 8337)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4412", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4237", "CVE-2013-4332", "CVE-2013-4788"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:glibc", "p-cpe:/a:novell:suse_linux:11:glibc-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-devel", "p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-html", "p-cpe:/a:novell:suse_linux:11:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:11:glibc-info", "p-cpe:/a:novell:suse_linux:11:glibc-locale", "p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-profile", "p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit", "p-cpe:/a:novell:suse_linux:11:nscd", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_GLIBC-130917.NASL", "href": "https://www.tenable.com/plugins/nessus/71308", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71308);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-4412\", \"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4237\", \"CVE-2013-4332\", \"CVE-2013-4788\");\n\n script_name(english:\"SuSE 11.3 Security Update : glibc (SAT Patch Number 8337)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for glibc contains the following fixes :\n\n - Fix integer overflows in malloc. (CVE-2013-4332,\n bnc#839870)\n\n - Fix buffer overflow in glob. (bnc#691365)\n\n - Fix buffer overflow in strcoll. (CVE-2012-4412,\n bnc#779320)\n\n - Update mount flags in <sys/mount.h>. (bnc#791928)\n\n - Fix buffer overrun in regexp matcher. (CVE-2013-0242,\n bnc#801246)\n\n - Fix memory leaks in dlopen. (bnc#811979)\n\n - Fix stack overflow in getaddrinfo with many results.\n (CVE-2013-1914, bnc#813121)\n\n - Don't raise UNDERFLOW in tan/tanf for small but normal\n argument. (bnc#819347)\n\n - Properly cross page boundary in SSE4.2 implementation of\n strcmp. (bnc#822210)\n\n - Fix robust mutex handling after fork. (bnc#827811)\n\n - Fix missing character in IBM-943 charset. (bnc#828235)\n\n - Fix use of alloca in gaih_inet. (bnc#828637)\n\n - Initialize pointer guard also in static executables.\n (CVE-2013-4788, bnc#830268)\n\n - Fix readdir_r with long file names. (CVE-2013-4237,\n bnc#834594)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=691365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=779320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=801246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=811979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=813121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=819347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=822210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=827811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=828235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=828637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=830268\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=834594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=839870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4412.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0242.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1914.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4237.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4332.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4788.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 8337.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-devel-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-i18ndata-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-locale-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"nscd-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i686\", reference:\"glibc-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i686\", reference:\"glibc-devel-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-i18ndata-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"nscd-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-devel-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-html-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-i18ndata-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-info-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-locale-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-profile-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"nscd-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-32bit-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.3-17.56.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.3-17.56.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:59:49", "description": "It was discovered that the GNU C Library incorrectly handled the strcoll() function. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2012-4412, CVE-2012-4424)\n\nIt was discovered that the GNU C Library incorrectly handled multibyte characters in the regular expression matcher. An attacker could use this issue to cause a denial of service. (CVE-2013-0242)\n\nIt was discovered that the GNU C Library incorrectly handled large numbers of domain conversion results in the getaddrinfo() function. An attacker could use this issue to cause a denial of service.\n(CVE-2013-1914)\n\nIt was discovered that the GNU C Library readdir_r() function incorrectly handled crafted NTFS or CIFS images. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2013-4237)\n\nIt was discovered that the GNU C Library incorrectly handled memory allocation. An attacker could use this issue to cause a denial of service. (CVE-2013-4332).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-10-22T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : eglibc vulnerabilities (USN-1991-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4412", "CVE-2012-4424", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4237", "CVE-2013-4332"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libc6", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:13.04"], "id": "UBUNTU_USN-1991-1.NASL", "href": "https://www.tenable.com/plugins/nessus/70538", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1991-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70538);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2012-4412\", \"CVE-2012-4424\", \"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4237\", \"CVE-2013-4332\");\n script_bugtraq_id(55462, 55543, 57638, 58839, 61729, 62324);\n script_xref(name:\"USN\", value:\"1991-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : eglibc vulnerabilities (USN-1991-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the GNU C Library incorrectly handled the\nstrcoll() function. An attacker could use this issue to cause a denial\nof service, or possibly execute arbitrary code. (CVE-2012-4412,\nCVE-2012-4424)\n\nIt was discovered that the GNU C Library incorrectly handled multibyte\ncharacters in the regular expression matcher. An attacker could use\nthis issue to cause a denial of service. (CVE-2013-0242)\n\nIt was discovered that the GNU C Library incorrectly handled large\nnumbers of domain conversion results in the getaddrinfo() function. An\nattacker could use this issue to cause a denial of service.\n(CVE-2013-1914)\n\nIt was discovered that the GNU C Library readdir_r() function\nincorrectly handled crafted NTFS or CIFS images. An attacker could use\nthis issue to cause a denial of service, or possibly execute arbitrary\ncode. (CVE-2013-4237)\n\nIt was discovered that the GNU C Library incorrectly handled memory\nallocation. An attacker could use this issue to cause a denial of\nservice. (CVE-2013-4332).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1991-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected libc6 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|12\\.10|13\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 12.10 / 13.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6\", pkgver:\"2.11.1-0ubuntu7.13\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libc6\", pkgver:\"2.15-0ubuntu10.5\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libc6\", pkgver:\"2.15-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"libc6\", pkgver:\"2.17-0ubuntu5.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libc6\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:49:42", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Switch to use malloc when the input line is too long [Orabug 19951108]\n\n - Use a /sys/devices/system/cpu/online for\n _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin)\n\n - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532).\n\n - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, \n\n - Fix patch for integer overflows in *valloc and memalign.\n (CVE-2013-4332, #1011805).\n\n - Fix return code when starting an already started nscd daemon (#979413).\n\n - Fix getnameinfo for many PTR record queries (#1020486).\n\n - Return EINVAL error for negative sizees to getgroups (#995207).\n\n - Fix integer overflows in *valloc and memalign.\n (CVE-2013-4332, #1011805).\n\n - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420).\n\n - Revert incomplete fix for bug #758193.\n\n - Fix _nl_find_msg malloc failure case, and callers (#957089).\n\n - Test on init_fct, not result->__init_fct, after demangling (#816647).\n\n - Don't handle ttl == 0 specially (#929035).\n\n - Fix multibyte character processing crash in regexp (CVE-2013-0242, #951132)\n\n - Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951132)\n\n - Add missing patch to avoid use after free (#816647)\n\n - Fix race in initgroups compat_call (#706571)\n\n - Fix return value from getaddrinfo when servers are down.\n (#758193)\n\n - Fix fseek on wide character streams. Sync's seeking code with RHEL 6 (#835828)\n\n - Call feraiseexcept only if exceptions are not masked (#861871).\n\n - Always demangle function before checking for NULL value.\n (#816647).\n\n - Do not fail in ttyname if /proc is not available (#851450).\n\n - Fix errno for various overflow situations in vfprintf.\n Add missing overflow checks. (#857387)\n\n - Handle failure of _nl_explode_name in all cases (#848481)\n\n - Define the default fuzz factor to 2 to make it easier to manipulate RHEL 5 RPMs on RHEL 6 and newer systems.\n\n - Fix race in intl/* testsuite (#849202)\n\n - Fix out of bounds array access in strto* exposed by 847930 patch.\n\n - Really fix POWER4 strncmp crash (#766832).\n\n - Fix integer overflow leading to buffer overflow in strto* (#847930)\n\n - Fix race in msort/qsort (#843672)\n\n - Fix regression due to 797096 changes (#845952)\n\n - Do not use PT_IEEE_IP ptrace calls (#839572)\n\n - Update ULPs (#837852)\n\n - Fix various transcendentals in non-default rounding modes (#837852)\n\n - Fix unbound alloca in vfprintf (#826947)\n\n - Fix iconv segfault if the invalid multibyte character 0xffff is input when converting from IBM930. (#823905)\n\n - Fix fnmatch when '*' wildcard is applied on a file name containing multibyte chars. (#819430)\n\n - Fix unbound allocas use in glob_in_dir, getaddrinfo and others. (#797096)\n\n - Fix segfault when running ld.so --verify on some DSO's in current working directory. (#808342)\n\n - Incorrect initialization order for dynamic loader (#813348)\n\n - Fix return code when stopping already stopped nscd daemon (#678227)\n\n - Remove MAP_32BIT for pthread stack mappings, use MAP_STACK instead (#641094)\n\n - Fix setuid vs sighandler_setxid race (#769852)\n\n - Fix access after end of search string in regex matcher (#757887)\n\n - Fix POWER4 strncmp crash (#766832)\n\n - Fix SC_*CACHE detection for X5670 cpus (#692182)\n\n - Fix parsing IPV6 entries in /etc/resolv.conf (#703239)\n\n - Fix double-free in nss_nis code (#500767)\n\n - Add kernel VDSO support for s390x (#795896)\n\n - Fix race in malloc arena creation and make implementation match documented behaviour (#800240)\n\n - Do not override TTL of CNAME with TTL of its alias (#808014)\n\n - Fix short month names in fi_FI locale #(657266).\n\n - Fix nscd crash for group with large number of members (#788989)\n\n - Fix Slovakia currency (#799853)\n\n - Fix getent malloc failure check (#806403)\n\n - Fix short month names in zh_CN locale (#657588)\n\n - Fix decimal point symbol for Portuguese currency (#710216)\n\n - Avoid integer overflow in sbrk (#767358)\n\n - Avoid race between [,__de]allocate_stack and\n __reclaim_stacks during fork (#738665)\n\n - Fix race between IO_flush_all_lockp & pthread_cancel (#751748)\n\n - Fix memory leak in NIS endgrent (#809325)\n\n - Allow getaddr to accept SCTP socket types in hints (#765710)\n\n - Fix errno handling in vfprintf (#794814)\n\n - Filter out <built-in> when building file lists (#784646).\n\n - Avoid 'nargs' integer overflow which could be used to bypass FORTIFY_SOURCE (#794814)\n\n - Fix currency_symbol for uk_UA (#639000)", "cvss3": {}, "published": "2015-02-02T00:00:00", "type": "nessus", "title": "OracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4332", "CVE-2014-0475", "CVE-2014-5119", "CVE-2015-0235"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:glibc", "p-cpe:/a:oracle:vm:glibc-common", "p-cpe:/a:oracle:vm:nscd", "cpe:/o:oracle:vm_server:2.2"], "id": "ORACLEVM_OVMSA-2015-0024.NASL", "href": "https://www.tenable.com/plugins/nessus/81119", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0024.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81119);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4332\", \"CVE-2014-0475\", \"CVE-2014-5119\", \"CVE-2015-0235\");\n script_bugtraq_id(57638, 58839, 62324, 68505, 68983, 69738, 72325);\n\n script_name(english:\"OracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Switch to use malloc when the input line is too long\n [Orabug 19951108]\n\n - Use a /sys/devices/system/cpu/online for\n _SC_NPROCESSORS_ONLN implementation [Orabug 17642251]\n (Joe Jin)\n\n - Fix parsing of numeric hosts in gethostbyname_r\n (CVE-2015-0235, #1183532).\n\n - Remove gconv transliteration loadable modules support\n (CVE-2014-5119, - _nl_find_locale: Improve handling of\n crafted locale names (CVE-2014-0475, \n\n - Fix patch for integer overflows in *valloc and memalign.\n (CVE-2013-4332, #1011805).\n\n - Fix return code when starting an already started nscd\n daemon (#979413).\n\n - Fix getnameinfo for many PTR record queries (#1020486).\n\n - Return EINVAL error for negative sizees to getgroups\n (#995207).\n\n - Fix integer overflows in *valloc and memalign.\n (CVE-2013-4332, #1011805).\n\n - Add support for newer L3 caches on x86-64 and correctly\n count the number of hardware threads sharing a cacheline\n (#1003420).\n\n - Revert incomplete fix for bug #758193.\n\n - Fix _nl_find_msg malloc failure case, and callers\n (#957089).\n\n - Test on init_fct, not result->__init_fct, after\n demangling (#816647).\n\n - Don't handle ttl == 0 specially (#929035).\n\n - Fix multibyte character processing crash in regexp\n (CVE-2013-0242, #951132)\n\n - Fix getaddrinfo stack overflow resulting in application\n crash (CVE-2013-1914, #951132)\n\n - Add missing patch to avoid use after free (#816647)\n\n - Fix race in initgroups compat_call (#706571)\n\n - Fix return value from getaddrinfo when servers are down.\n (#758193)\n\n - Fix fseek on wide character streams. Sync's seeking code\n with RHEL 6 (#835828)\n\n - Call feraiseexcept only if exceptions are not masked\n (#861871).\n\n - Always demangle function before checking for NULL value.\n (#816647).\n\n - Do not fail in ttyname if /proc is not available\n (#851450).\n\n - Fix errno for various overflow situations in vfprintf.\n Add missing overflow checks. (#857387)\n\n - Handle failure of _nl_explode_name in all cases\n (#848481)\n\n - Define the default fuzz factor to 2 to make it easier to\n manipulate RHEL 5 RPMs on RHEL 6 and newer systems.\n\n - Fix race in intl/* testsuite (#849202)\n\n - Fix out of bounds array access in strto* exposed by\n 847930 patch.\n\n - Really fix POWER4 strncmp crash (#766832).\n\n - Fix integer overflow leading to buffer overflow in\n strto* (#847930)\n\n - Fix race in msort/qsort (#843672)\n\n - Fix regression due to 797096 changes (#845952)\n\n - Do not use PT_IEEE_IP ptrace calls (#839572)\n\n - Update ULPs (#837852)\n\n - Fix various transcendentals in non-default rounding\n modes (#837852)\n\n - Fix unbound alloca in vfprintf (#826947)\n\n - Fix iconv segfault if the invalid multibyte character\n 0xffff is input when converting from IBM930. (#823905)\n\n - Fix fnmatch when '*' wildcard is applied on a file name\n containing multibyte chars. (#819430)\n\n - Fix unbound allocas use in glob_in_dir, getaddrinfo and\n others. (#797096)\n\n - Fix segfault when running ld.so --verify on some DSO's\n in current working directory. (#808342)\n\n - Incorrect initialization order for dynamic loader\n (#813348)\n\n - Fix return code when stopping already stopped nscd\n daemon (#678227)\n\n - Remove MAP_32BIT for pthread stack mappings, use\n MAP_STACK instead (#641094)\n\n - Fix setuid vs sighandler_setxid race (#769852)\n\n - Fix access after end of search string in regex matcher\n (#757887)\n\n - Fix POWER4 strncmp crash (#766832)\n\n - Fix SC_*CACHE detection for X5670 cpus (#692182)\n\n - Fix parsing IPV6 entries in /etc/resolv.conf (#703239)\n\n - Fix double-free in nss_nis code (#500767)\n\n - Add kernel VDSO support for s390x (#795896)\n\n - Fix race in malloc arena creation and make\n implementation match documented behaviour (#800240)\n\n - Do not override TTL of CNAME with TTL of its alias\n (#808014)\n\n - Fix short month names in fi_FI locale #(657266).\n\n - Fix nscd crash for group with large number of members\n (#788989)\n\n - Fix Slovakia currency (#799853)\n\n - Fix getent malloc failure check (#806403)\n\n - Fix short month names in zh_CN locale (#657588)\n\n - Fix decimal point symbol for Portuguese currency\n (#710216)\n\n - Avoid integer overflow in sbrk (#767358)\n\n - Avoid race between [,__de]allocate_stack and\n __reclaim_stacks during fork (#738665)\n\n - Fix race between IO_flush_all_lockp & pthread_cancel\n (#751748)\n\n - Fix memory leak in NIS endgrent (#809325)\n\n - Allow getaddr to accept SCTP socket types in hints\n (#765710)\n\n - Fix errno handling in vfprintf (#794814)\n\n - Filter out <built-in> when building file lists\n (#784646).\n\n - Avoid 'nargs' integer overflow which could be used to\n bypass FORTIFY_SOURCE (#794814)\n\n - Fix currency_symbol for uk_UA (#639000)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2015-January/000261.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b908cf01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc / glibc-common / nscd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:2.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/02\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"2\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 2.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS2.2\", reference:\"glibc-2.5-123.0.1.el5_11.1\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"glibc-common-2.5-123.0.1.el5_11.1\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"nscd-2.5-123.0.1.el5_11.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / nscd\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:02:47", "description": "This update for glibc contains the following fixes :\n\n - Fix integer overflows in malloc. (CVE-2013-4332, bnc#839870)\n\n - Fix buffer overflow in glob. (bnc#691365)\n\n - Fix buffer overflow in strcoll. (CVE-2012-4412, bnc#779320)\n\n - Update mount flags in <sys/mount.h>. (bnc#791928)\n\n - Fix buffer overrun in regexp matcher. (CVE-2013-0242, bnc#801246)\n\n - Fix memory leaks in dlopen. (bnc#811979)\n\n - Fix stack overflow in getaddrinfo with many results.\n (CVE-2013-1914, bnc#813121)\n\n - Fix check for XEN build in glibc_post_upgrade that causes missing init re-exec. (bnc#818628)\n\n - Don't raise UNDERFLOW in tan/tanf for small but normal argument. (bnc#819347)\n\n - Properly cross page boundary in SSE4.2 implementation of strcmp. (bnc#822210)\n\n - Fix robust mutex handling after fork. (bnc#827811)\n\n - Fix missing character in IBM-943 charset. (bnc#828235)\n\n - Fix use of alloca in gaih_inet. (bnc#828637)\n\n - Initialize pointer guard also in static executables.\n (CVE-2013-4788, bnc#830268)\n\n - Fix readdir_r with long file names. (CVE-2013-4237, bnc#834594)", "cvss3": {}, "published": "2013-12-10T00:00:00", "type": "nessus", "title": "SuSE 11.2 Security Update : glibc (SAT Patch Number 8335)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4412", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4237", "CVE-2013-4332", "CVE-2013-4788"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:glibc", "p-cpe:/a:novell:suse_linux:11:glibc-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-devel", "p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-html", "p-cpe:/a:novell:suse_linux:11:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:11:glibc-info", "p-cpe:/a:novell:suse_linux:11:glibc-locale", "p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-profile", "p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit", "p-cpe:/a:novell:suse_linux:11:nscd", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_GLIBC-130913.NASL", "href": "https://www.tenable.com/plugins/nessus/71307", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71307);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-4412\", \"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4237\", \"CVE-2013-4332\", \"CVE-2013-4788\");\n\n script_name(english:\"SuSE 11.2 Security Update : glibc (SAT Patch Number 8335)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for glibc contains the following fixes :\n\n - Fix integer overflows in malloc. (CVE-2013-4332,\n bnc#839870)\n\n - Fix buffer overflow in glob. (bnc#691365)\n\n - Fix buffer overflow in strcoll. (CVE-2012-4412,\n bnc#779320)\n\n - Update mount flags in <sys/mount.h>. (bnc#791928)\n\n - Fix buffer overrun in regexp matcher. (CVE-2013-0242,\n bnc#801246)\n\n - Fix memory leaks in dlopen. (bnc#811979)\n\n - Fix stack overflow in getaddrinfo with many results.\n (CVE-2013-1914, bnc#813121)\n\n - Fix check for XEN build in glibc_post_upgrade that\n causes missing init re-exec. (bnc#818628)\n\n - Don't raise UNDERFLOW in tan/tanf for small but normal\n argument. (bnc#819347)\n\n - Properly cross page boundary in SSE4.2 implementation of\n strcmp. (bnc#822210)\n\n - Fix robust mutex handling after fork. (bnc#827811)\n\n - Fix missing character in IBM-943 charset. (bnc#828235)\n\n - Fix use of alloca in gaih_inet. (bnc#828637)\n\n - Initialize pointer guard also in static executables.\n (CVE-2013-4788, bnc#830268)\n\n - Fix readdir_r with long file names. (CVE-2013-4237,\n bnc#834594)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=691365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=779320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=801246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=811979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=813121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=818628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=819347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=822210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=827811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=828235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=828637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=830268\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=834594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=839870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4412.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0242.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1914.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4237.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4332.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4788.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 8335.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"glibc-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"glibc-devel-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"glibc-i18ndata-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"glibc-locale-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"nscd-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i686\", reference:\"glibc-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i686\", reference:\"glibc-devel-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"glibc-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"glibc-devel-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"glibc-i18ndata-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"glibc-locale-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"nscd-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"glibc-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"glibc-devel-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"glibc-html-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"glibc-i18ndata-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"glibc-info-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"glibc-locale-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"glibc-profile-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"nscd-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"glibc-32bit-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.3-17.45.49.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.3-17.45.49.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:37:38", "description": "a. vCenter Server Apache Struts Update\n\n The Apache Struts library is updated to address a security issue. \n\n This issue may lead to remote code execution after authentication.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-0114 to this issue.\n\n\nb. vCenter Server tc-server 2.9.5 / Apache Tomcat 7.0.52 updates\n\n tc-server has been updated to version 2.9.5 to address multiple security issues. This version of tc-server includes Apache Tomcat 7.0.52.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2013-4590, CVE-2013-4322, and CVE-2014-0050 to these issues. \n\nc. Update to ESXi glibc package\n\n glibc is updated to address multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2013-0242 and CVE-2013-1914 to these issues. \n\nd. vCenter and Update Manager, Oracle JRE 1.7 Update 55\n\n Oracle has documented the CVE identifiers that are addressed in JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update Advisory of April 2014. The References section provides a link to this advisory.", "cvss3": {}, "published": "2014-09-11T00:00:00", "type": "nessus", "title": "VMSA-2014-0008 : VMware vSphere product updates to third-party libraries", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4322", "CVE-2013-4590", "CVE-2014-0050", "CVE-2014-0114"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esxi:5.1", "cpe:/o:vmware:esxi:5.5"], "id": "VMWARE_VMSA-2014-0008.NASL", "href": "https://www.tenable.com/plugins/nessus/77630", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2014-0008. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77630);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4322\", \"CVE-2013-4590\", \"CVE-2014-0050\", \"CVE-2014-0114\");\n script_bugtraq_id(57638, 58839, 63676, 64493, 65400, 65568, 65767, 65768, 66856, 66866, 66870, 66873, 66877, 66879, 66881, 66883, 66886, 66887, 66891, 66893, 66894, 66897, 66898, 66899, 66902, 66903, 66904, 66905, 66907, 66908, 66909, 66910, 66911, 66912, 66913, 66914, 66915, 66916, 66917, 66918, 66919, 66920, 67121);\n script_xref(name:\"VMSA\", value:\"2014-0008\");\n\n script_name(english:\"VMSA-2014-0008 : VMware vSphere product updates to third-party libraries\");\n script_summary(english:\"Checks esxupdate output for the patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote VMware ESXi host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"a. vCenter Server Apache Struts Update\n\n The Apache Struts library is updated to address a security issue. \n\n This issue may lead to remote code execution after authentication.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifier CVE-2014-0114 to this issue.\n\n\nb. vCenter Server tc-server 2.9.5 / Apache Tomcat 7.0.52 updates\n\n tc-server has been updated to version 2.9.5 to address multiple \n security issues. This version of tc-server includes Apache Tomcat \n 7.0.52.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifiers CVE-2013-4590, CVE-2013-4322, and \n CVE-2014-0050 to these issues. \n\nc. Update to ESXi glibc package\n\n glibc is updated to address multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifiers CVE-2013-0242 and CVE-2013-1914 to \n these issues. \n\nd. vCenter and Update Manager, Oracle JRE 1.7 Update 55\n\n Oracle has documented the CVE identifiers that are addressed in \n JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update \n Advisory of April 2014. The References section provides a link to\n this advisory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2014/000282.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2014-09-09\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESXi 5.1\", vib:\"VMware:esx-base:5.1.0-2.47.2323231\")) flag++;\n\nif (esx_check(ver:\"ESXi 5.5\", vib:\"VMware:esx-base:5.5.0-1.30.1980513\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:34:39", "description": "This update fixes the following issues in glibc :\n\n - CVE-2012-4412: glibc: buffer overflow in strcoll\n\n - CVE-2013-0242: glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters\n\n - CVE-2013-1914: glibc: stack overflow in getaddrinfo() sorting\n\n - CVE-2013-2207: glibc: pt_chown tricked into granting access to another users pseudo-terminal\n\n - CVE-2013-4237: glibc: Buffer overwrite - NAME_MAX not enforced by readdir_r()\n\n - bnc#805054: man 1 locale mentions non-existent file\n\n - bnc#813306: glibc 2.17 fprintf(stderr, ...) triggers write of undefined values if stderr is closed\n\n - bnc#819383: pldd a process multiple times can freeze the process\n\n - bnc#819524: nscd segfault\n\n - bnc#824046: glibc: blacklist code in bindresvport doesn't release lock, results in double-lock\n\n - bnc#839870: glibc: three integer overflows in memory allocator\n\n - ARM: Support loading unmarked objects from cache", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : glibc (openSUSE-SU-2013:1510-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4412", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-2207", "CVE-2013-4237", "CVE-2013-4332"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:glibc", "p-cpe:/a:novell:opensuse:glibc-32bit", "p-cpe:/a:novell:opensuse:glibc-debuginfo", "p-cpe:/a:novell:opensuse:glibc-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-debugsource", "p-cpe:/a:novell:opensuse:glibc-devel", "p-cpe:/a:novell:opensuse:glibc-devel-32bit", "p-cpe:/a:novell:opensuse:glibc-devel-debuginfo", "p-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-devel-static", "p-cpe:/a:novell:opensuse:glibc-devel-static-32bit", "p-cpe:/a:novell:opensuse:glibc-extra", "p-cpe:/a:novell:opensuse:glibc-extra-debuginfo", "p-cpe:/a:novell:opensuse:glibc-html", "p-cpe:/a:novell:opensuse:glibc-i18ndata", "p-cpe:/a:novell:opensuse:glibc-info", "p-cpe:/a:novell:opensuse:glibc-locale", "p-cpe:/a:novell:opensuse:glibc-locale-32bit", "p-cpe:/a:novell:opensuse:glibc-locale-debuginfo", "p-cpe:/a:novell:opensuse:glibc-locale-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-obsolete", "p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo", "p-cpe:/a:novell:opensuse:glibc-profile", "p-cpe:/a:novell:opensuse:glibc-profile-32bit", "p-cpe:/a:novell:opensuse:glibc-utils", "p-cpe:/a:novell:opensuse:glibc-utils-32bit", "p-cpe:/a:novell:opensuse:glibc-utils-debuginfo", "p-cpe:/a:novell:opensuse:glibc-utils-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-utils-debugsource", "p-cpe:/a:novell:opensuse:nscd", "p-cpe:/a:novell:opensuse:nscd-debuginfo", "cpe:/o:novell:opensuse:12.3"], "id": "OPENSUSE-2013-723.NASL", "href": "https://www.tenable.com/plugins/nessus/75154", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-723.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75154);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-4412\", \"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-2207\", \"CVE-2013-4237\", \"CVE-2013-4332\");\n\n script_name(english:\"openSUSE Security Update : glibc (openSUSE-SU-2013:1510-1)\");\n script_summary(english:\"Check for the openSUSE-2013-723 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following issues in glibc :\n\n - CVE-2012-4412: glibc: buffer overflow in strcoll\n\n - CVE-2013-0242: glibc: DoS due to a buffer overrun in\n regexp matcher by processing multibyte characters\n\n - CVE-2013-1914: glibc: stack overflow in getaddrinfo()\n sorting\n\n - CVE-2013-2207: glibc: pt_chown tricked into granting\n access to another users pseudo-terminal\n\n - CVE-2013-4237: glibc: Buffer overwrite - NAME_MAX not\n enforced by readdir_r()\n\n - bnc#805054: man 1 locale mentions non-existent file\n\n - bnc#813306: glibc 2.17 fprintf(stderr, ...) triggers\n write of undefined values if stderr is closed\n\n - bnc#819383: pldd a process multiple times can freeze the\n process\n\n - bnc#819524: nscd segfault\n\n - bnc#824046: glibc: blacklist code in bindresvport\n doesn't release lock, results in double-lock\n\n - bnc#839870: glibc: three integer overflows in memory\n allocator\n\n - ARM: Support loading unmarked objects from cache\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=779320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=801246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=805054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=813121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=813306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=819383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=819524\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=824046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=830257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=834594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=839870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-09/msg00072.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-debuginfo-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-debugsource-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-devel-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-devel-debuginfo-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-devel-static-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-extra-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-extra-debuginfo-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-html-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-i18ndata-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-info-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-locale-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-locale-debuginfo-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-obsolete-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-obsolete-debuginfo-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-profile-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-utils-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-utils-debuginfo-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-utils-debugsource-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"nscd-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"nscd-debuginfo-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-32bit-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-debuginfo-32bit-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-devel-debuginfo-32bit-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-devel-static-32bit-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-locale-debuginfo-32bit-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-utils-32bit-2.17-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-utils-debuginfo-32bit-2.17-4.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:23:05", "description": "The remote NewStart CGSL host, running version MAIN 5.04, has glibc packages installed that are affected by multiple vulnerabilities:\n\n - elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. (CVE-2010-3847)\n\n - ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.\n (CVE-2010-3856)\n\n - Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.\n (CVE-2012-4412)\n\n - Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. (CVE-2012-4424)\n\n - A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially- crafted input that, when processed, would cause the application to crash. (CVE-2013-0242)\n\n - It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker- controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.\n (CVE-2013-1914, CVE-2013-4458)\n\n - pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. (CVE-2013-2207)\n\n - An out-of-bounds write flaw was found in the way the glibc's readdir_r() function handled file system entries longer than the NAME_MAX character constant. A remote attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdir_r(), would cause that application to crash or, potentially, allow the attacker to execute arbitrary code with the privileges of the user running the application. (CVE-2013-4237)\n\n - Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332)\n\n - The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context- dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. (CVE-2013-4788)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0012)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3847", "CVE-2010-3856", "CVE-2012-4412", "CVE-2012-4424", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-2207", "CVE-2013-4237", "CVE-2013-4332", "CVE-2013-4458", "CVE-2013-4788"], "modified": "2022-05-03T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0012_GLIBC.NASL", "href": "https://www.tenable.com/plugins/nessus/127161", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0012. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127161);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/03\");\n\n script_cve_id(\n \"CVE-2010-3847\",\n \"CVE-2010-3856\",\n \"CVE-2012-4412\",\n \"CVE-2012-4424\",\n \"CVE-2013-0242\",\n \"CVE-2013-1914\",\n \"CVE-2013-2207\",\n \"CVE-2013-4237\",\n \"CVE-2013-4332\",\n \"CVE-2013-4458\",\n \"CVE-2013-4788\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0012)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 5.04, has glibc packages installed that are affected by multiple\nvulnerabilities:\n\n - elf/dl-load.c in ld.so in the GNU C Library (aka glibc\n or libc6) through 2.11.2, and 2.12.x through 2.12.1,\n does not properly handle a value of $ORIGIN for the\n LD_AUDIT environment variable, which allows local users\n to gain privileges via a crafted dynamic shared object\n (DSO) located in an arbitrary directory. (CVE-2010-3847)\n\n - ld.so in the GNU C Library (aka glibc or libc6) before\n 2.11.3, and 2.12.x before 2.12.2, does not properly\n restrict use of the LD_AUDIT environment variable to\n reference dynamic shared objects (DSOs) as audit\n objects, which allows local users to gain privileges by\n leveraging an unsafe DSO located in a trusted library\n directory, as demonstrated by libpcprofile.so.\n (CVE-2010-3856)\n\n - Integer overflow in string/strcoll_l.c in the GNU C\n Library (aka glibc or libc6) 2.17 and earlier allows\n context-dependent attackers to cause a denial of service\n (crash) or possibly execute arbitrary code via a long\n string, which triggers a heap-based buffer overflow.\n (CVE-2012-4412)\n\n - Stack-based buffer overflow in string/strcoll_l.c in the\n GNU C Library (aka glibc or libc6) 2.17 and earlier\n allows context-dependent attackers to cause a denial of\n service (crash) or possibly execute arbitrary code via a\n long string that triggers a malloc failure and use of\n the alloca function. (CVE-2012-4424)\n\n - A flaw was found in the regular expression matching\n routines that process multibyte character input. If an\n application utilized the glibc regular expression\n matching mechanism, an attacker could provide specially-\n crafted input that, when processed, would cause the\n application to crash. (CVE-2013-0242)\n\n - It was found that getaddrinfo() did not limit the amount\n of stack memory used during name resolution. An attacker\n able to make an application resolve an attacker-\n controlled hostname or IP address could possibly cause\n the application to exhaust all stack memory and crash.\n (CVE-2013-1914, CVE-2013-4458)\n\n - pt_chown in GNU C Library (aka glibc or libc6) before\n 2.18 does not properly check permissions for tty files,\n which allows local users to change the permission on the\n files and obtain access to arbitrary pseudo-terminals by\n leveraging a FUSE file system. (CVE-2013-2207)\n\n - An out-of-bounds write flaw was found in the way the\n glibc's readdir_r() function handled file system entries\n longer than the NAME_MAX character constant. A remote\n attacker could provide a specially crafted NTFS or CIFS\n file system that, when processed by an application using\n readdir_r(), would cause that application to crash or,\n potentially, allow the attacker to execute arbitrary\n code with the privileges of the user running the\n application. (CVE-2013-4237)\n\n - Multiple integer overflow flaws, leading to heap-based\n buffer overflows, were found in glibc's memory allocator\n functions (pvalloc, valloc, and memalign). If an\n application used such a function, it could cause the\n application to crash or, potentially, execute arbitrary\n code with the privileges of the user running the\n application. (CVE-2013-4332)\n\n - The PTR_MANGLE implementation in the GNU C Library (aka\n glibc or libc6) 2.4, 2.17, and earlier, and Embedded\n GLIBC (EGLIBC) does not initialize the random value for\n the pointer guard, which makes it easier for context-\n dependent attackers to control execution flow by\n leveraging a buffer-overflow vulnerability in an\n application and using the known zero value pointer guard\n to calculate a pointer address. (CVE-2013-4788)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0012\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL glibc packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-4412\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc $ORIGIN Expansion Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 5.04\": [\n \"glibc-2.17-196.el7_4.2.cgslv5.0.1.gc83498c\",\n \"glibc-common-2.17-196.el7_4.2.cgslv5.0.1.gc83498c\",\n \"glibc-debuginfo-2.17-196.el7_4.2.cgslv5.0.1.gc83498c\",\n \"glibc-debuginfo-common-2.17-196.el7_4.2.cgslv5.0.1.gc83498c\",\n \"glibc-devel-2.17-196.el7_4.2.cgslv5.0.1.gc83498c\",\n \"glibc-headers-2.17-196.el7_4.2.cgslv5.0.1.gc83498c\",\n \"glibc-static-2.17-196.el7_4.2.cgslv5.0.1.gc83498c\",\n \"glibc-utils-2.17-196.el7_4.2.cgslv5.0.1.gc83498c\",\n \"nscd-2.17-196.el7_4.2.cgslv5.0.1.gc83498c\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:41:32", "description": "The remote VMware ESXi host is version 5.1 prior to build 2323236. It is, therefore, affected by the following vulnerabilities in bundled third-party libraries :\n\n - Multiple vulnerabilities exist in the bundled Python library. (CVE-2011-3389, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150, CVE-2013-1752, CVE-2013-4238)\n\n - Multiple vulnerabilities exist in the bundled GNU C Library (glibc). (CVE-2013-0242, CVE-2013-1914, CVE-2013-4332)\n\n - Multiple vulnerabilities exist in the bundled XML Parser library (libxml2). (CVE-2013-2877, CVE-2014-0191)\n\n - Multiple vulnerabilities exist in the bundled cURL library (libcurl). (CVE-2014-0015, CVE-2014-0138)", "cvss3": {}, "published": "2014-12-12T00:00:00", "type": "nessus", "title": "ESXi 5.1 < Build 2323236 Third-Party Libraries Multiple Vulnerabilities (remote check) (BEAST)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3389", "CVE-2012-0845", "CVE-2012-0876", "CVE-2012-1150", "CVE-2013-0242", "CVE-2013-1752", "CVE-2013-1914", "CVE-2013-2877", "CVE-2013-4238", "CVE-2013-4332", "CVE-2014-0015", "CVE-2014-0138", "CVE-2014-0191"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:vmware:esxi"], "id": "VMWARE_ESXI_5_1_BUILD_2323236_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/79862", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79862);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2011-3389\",\n \"CVE-2012-0845\",\n \"CVE-2012-0876\",\n \"CVE-2012-1150\",\n \"CVE-2013-0242\",\n \"CVE-2013-1752\",\n \"CVE-2013-1914\",\n \"CVE-2013-2877\",\n \"CVE-2013-4238\",\n \"CVE-2013-4332\",\n \"CVE-2014-0015\",\n \"CVE-2014-0138\",\n \"CVE-2014-0191\"\n );\n script_bugtraq_id(\n 49778,\n 51239,\n 51996,\n 52379,\n 57638,\n 58839,\n 61050,\n 61738,\n 62324,\n 63804,\n 65270,\n 66457,\n 67233\n );\n script_xref(name:\"VMSA\", value:\"2014-0008\");\n script_xref(name:\"VMSA\", value:\"2014-0012\");\n script_xref(name:\"CERT\", value:\"864643\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"ESXi 5.1 < Build 2323236 Third-Party Libraries Multiple Vulnerabilities (remote check) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi 5.1 host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi host is version 5.1 prior to build 2323236. It\nis, therefore, affected by the following vulnerabilities in bundled\nthird-party libraries :\n\n - Multiple vulnerabilities exist in the bundled Python\n library. (CVE-2011-3389, CVE-2012-0845, CVE-2012-0876,\n CVE-2012-1150, CVE-2013-1752, CVE-2013-4238)\n\n - Multiple vulnerabilities exist in the bundled GNU C\n Library (glibc). (CVE-2013-0242, CVE-2013-1914,\n CVE-2013-4332)\n\n - Multiple vulnerabilities exist in the bundled XML\n Parser library (libxml2). (CVE-2013-2877, CVE-2014-0191)\n\n - Multiple vulnerabilities exist in the bundled cURL\n library (libcurl). (CVE-2014-0015, CVE-2014-0138)\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2086288\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5994bfcf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0008.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0012.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply patch ESXi510-201412101-SG for ESXi 5.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.1\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.1\");\n\nmatch = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 2323236;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver - \"ESXi \" + \" build \" + build);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:57:23", "description": "glibc security update :\n\nCVE-2012-4412 glibc: strcoll() integer overflow leading to buffer overflow CVE-2012-4424 glibc: alloca() stack overflow in the strcoll() interface CVE-2013-1914 glibc: Stack (frame) overflow in getaddrinfo() when processing entry mapping to long list of address structures CVE-2013-2207 glibc (pt_chown): Improper pseudotty ownership and permissions changes when granting access to the slave pseudoterminal CVE-2013-4237 glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters\n\nFix for CVE-2013-2207 may break chroots if their devpts was not mounted correctly. Fix is to mount the devpts correctly with gid=5.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-08-22T00:00:00", "type": "nessus", "title": "Fedora 19 : glibc-2.17-13.fc19 (2013-15053)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4412", "CVE-2012-4424", "CVE-2013-1914", "CVE-2013-2207", "CVE-2013-4237"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:glibc", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2013-15053.NASL", "href": "https://www.tenable.com/plugins/nessus/69436", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-15053.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69436);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-4412\", \"CVE-2013-1914\", \"CVE-2013-2207\", \"CVE-2013-4237\");\n script_bugtraq_id(55462, 58839, 61729);\n script_xref(name:\"FEDORA\", value:\"2013-15053\");\n\n script_name(english:\"Fedora 19 : glibc-2.17-13.fc19 (2013-15053)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"glibc security update :\n\nCVE-2012-4412 glibc: strcoll() integer overflow leading to buffer\noverflow CVE-2012-4424 glibc: alloca() stack overflow in the strcoll()\ninterface CVE-2013-1914 glibc: Stack (frame) overflow in getaddrinfo()\nwhen processing entry mapping to long list of address structures\nCVE-2013-2207 glibc (pt_chown): Improper pseudotty ownership and\npermissions changes when granting access to the slave pseudoterminal\nCVE-2013-4237 glibc: Buffer overwrite when using readdir_r on file\nsystems returning file names longer than NAME_MAX characters\n\nFix for CVE-2013-2207 may break chroots if their devpts was not\nmounted correctly. Fix is to mount the devpts correctly with gid=5.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=855385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=947882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=976408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=995839\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114498.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4458d436\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"glibc-2.17-13.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:48:48", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Switch to use malloc when the input line is too long [Orabug 19951108]\n\n - Use a /sys/devices/system/cpu/online for\n _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin)\n\n - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532).\n\n - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, \n\n - Fix patch for integer overflows in *valloc and memalign.\n (CVE-2013-4332, #1011805).\n\n - Fix return code when starting an already started nscd daemon (#979413).\n\n - Fix getnameinfo for many PTR record queries (#1020486).\n\n - Return EINVAL error for negative sizees to getgroups (#995207).\n\n - Fix integer overflows in *valloc and memalign.\n (CVE-2013-4332, #1011805).\n\n - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420).\n\n - Revert incomplete fix for bug #758193.\n\n - Fix _nl_find_msg malloc failure case, and callers (#957089).\n\n - Test on init_fct, not result->__init_fct, after demangling (#816647).\n\n - Don't handle ttl == 0 specially (#929035).\n\n - Fix multibyte character processing crash in regexp (CVE-2013-0242, #951132)\n\n - Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951132)\n\n - Add missing patch to avoid use after free (#816647)\n\n - Fix race in initgroups compat_call (#706571)\n\n - Fix return value from getaddrinfo when servers are down.\n (#758193)\n\n - Fix fseek on wide character streams. Sync's seeking code with RHEL 6 (#835828)\n\n - Call feraiseexcept only if exceptions are not masked (#861871).\n\n - Always demangle function before checking for NULL value.\n (#816647).\n\n - Do not fail in ttyname if /proc is not available (#851450).\n\n - Fix errno for various overflow situations in vfprintf.\n Add missing overflow checks. (#857387)\n\n - Handle failure of _nl_explode_name in all cases (#848481)\n\n - Define the default fuzz factor to 2 to make it easier to manipulate RHEL 5 RPMs on RHEL 6 and newer systems.\n\n - Fix race in intl/* testsuite (#849202)\n\n - Fix out of bounds array access in strto* exposed by 847930 patch.\n\n - Really fix POWER4 strncmp crash (#766832).\n\n - Fix integer overflow leading to buffer overflow in strto* (#847930)\n\n - Fix race in msort/qsort (#843672)\n\n - Fix regression due to 797096 changes (#845952)\n\n - Do not use PT_IEEE_IP ptrace calls (#839572)\n\n - Update ULPs (#837852)\n\n - Fix various transcendentals in non-default rounding modes (#837852)\n\n - Fix unbound alloca in vfprintf (#826947)\n\n - Fix iconv segfault if the invalid multibyte character 0xffff is input when converting from IBM930. (#823905)\n\n - Fix fnmatch when '*' wildcard is applied on a file name containing multibyte chars. (#819430)\n\n - Fix unbound allocas use in glob_in_dir, getaddrinfo and others. (#797096)\n\n - Fix segfault when running ld.so --verify on some DSO's in current working directory. (#808342)\n\n - Incorrect initialization order for dynamic loader (#813348)\n\n - Fix return code when stopping already stopped nscd daemon (#678227)\n\n - Remove MAP_32BIT for pthread stack mappings, use MAP_STACK instead (#641094)\n\n - Fix setuid vs sighandler_setxid race (#769852)\n\n - Fix access after end of search string in regex matcher (#757887)\n\n - Fix POWER4 strncmp crash (#766832)\n\n - Fix SC_*CACHE detection for X5670 cpus (#692182)\n\n - Fix parsing IPV6 entries in /etc/resolv.conf (#703239)\n\n - Fix double-free in nss_nis code (#500767)\n\n - Add kernel VDSO support for s390x (#795896)\n\n - Fix race in malloc arena creation and make implementation match documented behaviour (#800240)\n\n - Do not override TTL of CNAME with TTL of its alias (#808014)\n\n - Fix short month names in fi_FI locale #(657266).\n\n - Fix nscd crash for group with large number of members (#788989)\n\n - Fix Slovakia currency (#799853)\n\n - Fix getent malloc failure check (#806403)\n\n - Fix short month names in zh_CN locale (#657588)\n\n - Fix decimal point symbol for Portuguese currency (#710216)\n\n - Avoid integer overflow in sbrk (#767358)\n\n - Avoid race between [,__de]allocate_stack and\n __reclaim_stacks during fork (#738665)\n\n - Fix race between IO_flush_all_lockp & pthread_cancel (#751748)\n\n - Fix memory leak in NIS endgrent (#809325)\n\n - Allow getaddr to accept SCTP socket types in hints (#765710)\n\n - Fix errno handling in vfprintf (#794814)\n\n - Filter out <built-in> when building file lists (#784646).\n\n - Avoid 'nargs' integer overflow which could be used to bypass FORTIFY_SOURCE (#794814)\n\n - Fix currency_symbol for uk_UA (#639000)\n\n - Correct test for detecting cycle during topo sort (#729661)\n\n - Check values from TZ file header (#767688)\n\n - Complete the numeric settings fix (#675259)\n\n - Complete the change for error codes from pthread_create (#707998)\n\n - Truncate time values in Linux futimes when falling back to utime (#758252)\n\n - Update systemtaparches\n\n - Add rules to build libresolv with SSP flags (#756453)\n\n - Fix PLT reference\n\n - Workaround misconfigured system (#702300)\n\n - Update systemtaparches\n\n - Correct cycle detection during dependency sorting (#729661)\n\n - Add gdb hooks (#711924)\n\n - Fix alloca accounting in strxfm and strcoll (#585433)\n\n - Correct cycle detection during dependency sorting (#729661)\n\n - ldd: never run file directly (#531160)\n\n - Implement greedy matching of weekday and month names (#657570)\n\n - Fix incorrect numeric settings (#675259)\n\n - Implement new mode for NIS passwd.adjunct.byname table (#678318)\n\n - Query NIS domain only when needed (#703345)\n\n - Count total processors using sysfs (#706894)\n\n - Translate clone error if necessary (#707998)\n\n - Workaround kernel clobbering robust list (#711531)\n\n - Use correct type when casting d_tag (#599056, CVE-2010-0830)\n\n - Report write error in addmnt even for cached streams (#688980, CVE-2011-1089)\n\n - Don't underestimate length of DST substitution (#694655)\n\n - Don't allocate executable stack when it cannot be allocated in the first 4G (#448011)\n\n - Initialize resolver state in nscd (#676039)\n\n - No cancel signal in unsafe places (#684808)\n\n - Check size of pattern in wide character representation in fnmatch (#681054)\n\n - Avoid too much stack use in fnmatch (#681054, CVE-2011-1071)\n\n - Properly quote output of locale (#625893, CVE-2011-1095)\n\n - Don't leave empty element in rpath when skipping the first element, ignore rpath elements containing non-isolated use of $ORIGIN when privileged (#667974, CVE-2011-0536)\n\n - Fix handling of newline in addmntent (#559579, CVE-2010-0296)\n\n - Don't ignore $ORIGIN in libraries (#670988)\n\n - Fix false assertion (#604796)\n\n - Fix ordering of DSO constructors and destructors (#604796)\n\n - Fix typo (#531576)\n\n - Fix concurrency problem between dl_open and dl_iterate_phdr (#649956)\n\n - Require suid bit on audit objects in privileged programs (#645678, CVE-2010-3856)\n\n - Never expand $ORIGIN in privileged programs (#643819, CVE-2010-3847)\n\n - Add timestamps to nscd logs (#527558)\n\n - Fix index wraparound handling in memusage (#531576)\n\n - Handle running out of buffer space with IPv6 mapping enabled (#533367)\n\n - Don't deadlock in __dl_iterate_phdr while (un)loading objects (#549813)\n\n - Avoid alloca in setenv for long strings (#559974)\n\n - Recognize POWER7 and ISA 2.06 (#563563)\n\n - Add support for AT_BASE_PLATFORM (#563599)\n\n - Restore locking in free_check (#585674)\n\n - Fix lookup of collation sequence value during regexp matching (#587360)\n\n - Fix POWER6 memcpy/memset (#579011)\n\n - Fix scope handling during dl_close (#593675)\n\n - Enable -fasynchronous-unwind-tables throughout (#593047)\n\n - Fix crash when aio thread creation fails (#566712)", "cvss3": {}, "published": "2015-02-02T00:00:00", "type": "nessus", "title": "OracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0296", "CVE-2010-0830", "CVE-2010-3847", "CVE-2010-3856", "CVE-2011-0536", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4332", "CVE-2014-0475", "CVE-2014-5119", "CVE-2015-0235"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:glibc", "p-cpe:/a:oracle:vm:glibc-common", "p-cpe:/a:oracle:vm:nscd", "cpe:/o:oracle:vm_server:3.2"], "id": "ORACLEVM_OVMSA-2015-0023.NASL", "href": "https://www.tenable.com/plugins/nessus/81118", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0023.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81118);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2010-3847\", \"CVE-2010-3856\", \"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4332\", \"CVE-2014-0475\", \"CVE-2014-5119\", \"CVE-2015-0235\");\n script_bugtraq_id(40063, 44154, 44347, 46563, 46740, 47370, 57638, 58839, 62324, 64465, 68505, 68983, 69738, 72325);\n\n script_name(english:\"OracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Switch to use malloc when the input line is too long\n [Orabug 19951108]\n\n - Use a /sys/devices/system/cpu/online for\n _SC_NPROCESSORS_ONLN implementation [Orabug 17642251]\n (Joe Jin)\n\n - Fix parsing of numeric hosts in gethostbyname_r\n (CVE-2015-0235, #1183532).\n\n - Remove gconv transliteration loadable modules support\n (CVE-2014-5119, - _nl_find_locale: Improve handling of\n crafted locale names (CVE-2014-0475, \n\n - Fix patch for integer overflows in *valloc and memalign.\n (CVE-2013-4332, #1011805).\n\n - Fix return code when starting an already started nscd\n daemon (#979413).\n\n - Fix getnameinfo for many PTR record queries (#1020486).\n\n - Return EINVAL error for negative sizees to getgroups\n (#995207).\n\n - Fix integer overflows in *valloc and memalign.\n (CVE-2013-4332, #1011805).\n\n - Add support for newer L3 caches on x86-64 and correctly\n count the number of hardware threads sharing a cacheline\n (#1003420).\n\n - Revert incomplete fix for bug #758193.\n\n - Fix _nl_find_msg malloc failure case, and callers\n (#957089).\n\n - Test on init_fct, not result->__init_fct, after\n demangling (#816647).\n\n - Don't handle ttl == 0 specially (#929035).\n\n - Fix multibyte character processing crash in regexp\n (CVE-2013-0242, #951132)\n\n - Fix getaddrinfo stack overflow resulting in application\n crash (CVE-2013-1914, #951132)\n\n - Add missing patch to avoid use after free (#816647)\n\n - Fix race in initgroups compat_call (#706571)\n\n - Fix return value from getaddrinfo when servers are down.\n (#758193)\n\n - Fix fseek on wide character streams. Sync's seeking code\n with RHEL 6 (#835828)\n\n - Call feraiseexcept only if exceptions are not masked\n (#861871).\n\n - Always demangle function before checking for NULL value.\n (#816647).\n\n - Do not fail in ttyname if /proc is not available\n (#851450).\n\n - Fix errno for various overflow situations in vfprintf.\n Add missing overflow checks. (#857387)\n\n - Handle failure of _nl_explode_name in all cases\n (#848481)\n\n - Define the default fuzz factor to 2 to make it easier to\n manipulate RHEL 5 RPMs on RHEL 6 and newer systems.\n\n - Fix race in intl/* testsuite (#849202)\n\n - Fix out of bounds array access in strto* exposed by\n 847930 patch.\n\n - Really fix POWER4 strncmp crash (#766832).\n\n - Fix integer overflow leading to buffer overflow in\n strto* (#847930)\n\n - Fix race in msort/qsort (#843672)\n\n - Fix regression due to 797096 changes (#845952)\n\n - Do not use PT_IEEE_IP ptrace calls (#839572)\n\n - Update ULPs (#837852)\n\n - Fix various transcendentals in non-default rounding\n modes (#837852)\n\n - Fix unbound alloca in vfprintf (#826947)\n\n - Fix iconv segfault if the invalid multibyte character\n 0xffff is input when converting from IBM930. (#823905)\n\n - Fix fnmatch when '*' wildcard is applied on a file name\n containing multibyte chars. (#819430)\n\n - Fix unbound allocas use in glob_in_dir, getaddrinfo and\n others. (#797096)\n\n - Fix segfault when running ld.so --verify on some DSO's\n in current working directory. (#808342)\n\n - Incorrect initialization order for dynamic loader\n (#813348)\n\n - Fix return code when stopping already stopped nscd\n daemon (#678227)\n\n - Remove MAP_32BIT for pthread stack mappings, use\n MAP_STACK instead (#641094)\n\n - Fix setuid vs sighandler_setxid race (#769852)\n\n - Fix access after end of search string in regex matcher\n (#757887)\n\n - Fix POWER4 strncmp crash (#766832)\n\n - Fix SC_*CACHE detection for X5670 cpus (#692182)\n\n - Fix parsing IPV6 entries in /etc/resolv.conf (#703239)\n\n - Fix double-free in nss_nis code (#500767)\n\n - Add kernel VDSO support for s390x (#795896)\n\n - Fix race in malloc arena creation and make\n implementation match documented behaviour (#800240)\n\n - Do not override TTL of CNAME with TTL of its alias\n (#808014)\n\n - Fix short month names in fi_FI locale #(657266).\n\n - Fix nscd crash for group with large number of members\n (#788989)\n\n - Fix Slovakia currency (#799853)\n\n - Fix getent malloc failure check (#806403)\n\n - Fix short month names in zh_CN locale (#657588)\n\n - Fix decimal point symbol for Portuguese currency\n (#710216)\n\n - Avoid integer overflow in sbrk (#767358)\n\n - Avoid race between [,__de]allocate_stack and\n __reclaim_stacks during fork (#738665)\n\n - Fix race between IO_flush_all_lockp & pthread_cancel\n (#751748)\n\n - Fix memory leak in NIS endgrent (#809325)\n\n - Allow getaddr to accept SCTP socket types in hints\n (#765710)\n\n - Fix errno handling in vfprintf (#794814)\n\n - Filter out <built-in> when building file lists\n (#784646).\n\n - Avoid 'nargs' integer overflow which could be used to\n bypass FORTIFY_SOURCE (#794814)\n\n - Fix currency_symbol for uk_UA (#639000)\n\n - Correct test for detecting cycle during topo sort\n (#729661)\n\n - Check values from TZ file header (#767688)\n\n - Complete the numeric settings fix (#675259)\n\n - Complete the change for error codes from pthread_create\n (#707998)\n\n - Truncate time values in Linux futimes when falling back\n to utime (#758252)\n\n - Update systemtaparches\n\n - Add rules to build libresolv with SSP flags (#756453)\n\n - Fix PLT reference\n\n - Workaround misconfigured system (#702300)\n\n - Update systemtaparches\n\n - Correct cycle detection during dependency sorting\n (#729661)\n\n - Add gdb hooks (#711924)\n\n - Fix alloca accounting in strxfm and strcoll (#585433)\n\n - Correct cycle detection during dependency sorting\n (#729661)\n\n - ldd: never run file directly (#531160)\n\n - Implement greedy matching of weekday and month names\n (#657570)\n\n - Fix incorrect numeric settings (#675259)\n\n - Implement new mode for NIS passwd.adjunct.byname table\n (#678318)\n\n - Query NIS domain only when needed (#703345)\n\n - Count total processors using sysfs (#706894)\n\n - Translate clone error if necessary (#707998)\n\n - Workaround kernel clobbering robust list (#711531)\n\n - Use correct type when casting d_tag (#599056,\n CVE-2010-0830)\n\n - Report write error in addmnt even for cached streams\n (#688980, CVE-2011-1089)\n\n - Don't underestimate length of DST substitution (#694655)\n\n - Don't allocate executable stack when it cannot be\n allocated in the first 4G (#448011)\n\n - Initialize resolver state in nscd (#676039)\n\n - No cancel signal in unsafe places (#684808)\n\n - Check size of pattern in wide character representation\n in fnmatch (#681054)\n\n - Avoid too much stack use in fnmatch (#681054,\n CVE-2011-1071)\n\n - Properly quote output of locale (#625893, CVE-2011-1095)\n\n - Don't leave empty element in rpath when skipping the\n first element, ignore rpath elements containing\n non-isolated use of $ORIGIN when privileged (#667974,\n CVE-2011-0536)\n\n - Fix handling of newline in addmntent (#559579,\n CVE-2010-0296)\n\n - Don't ignore $ORIGIN in libraries (#670988)\n\n - Fix false assertion (#604796)\n\n - Fix ordering of DSO constructors and destructors\n (#604796)\n\n - Fix typo (#531576)\n\n - Fix concurrency problem between dl_open and\n dl_iterate_phdr (#649956)\n\n - Require suid bit on audit objects in privileged programs\n (#645678, CVE-2010-3856)\n\n - Never expand $ORIGIN in privileged programs (#643819,\n CVE-2010-3847)\n\n - Add timestamps to nscd logs (#527558)\n\n - Fix index wraparound handling in memusage (#531576)\n\n - Handle running out of buffer space with IPv6 mapping\n enabled (#533367)\n\n - Don't deadlock in __dl_iterate_phdr while (un)loading\n objects (#549813)\n\n - Avoid alloca in setenv for long strings (#559974)\n\n - Recognize POWER7 and ISA 2.06 (#563563)\n\n - Add support for AT_BASE_PLATFORM (#563599)\n\n - Restore locking in free_check (#585674)\n\n - Fix lookup of collation sequence value during regexp\n matching (#587360)\n\n - Fix POWER6 memcpy/memset (#579011)\n\n - Fix scope handling during dl_close (#593675)\n\n - Enable -fasynchronous-unwind-tables throughout (#593047)\n\n - Fix crash when aio thread creation fails (#566712)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2015-January/000260.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?acafac78\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc / glibc-common / nscd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/02\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.2\", reference:\"glibc-2.5-123.0.1.el5_11.1\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"glibc-common-2.5-123.0.1.el5_11.1\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"nscd-2.5-123.0.1.el5_11.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / nscd\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:55:09", "description": "This collective update for the GNU C library (glibc) provides the following fixes and enhancements :\n\nSecurity issues fixed :\n\n - Fix stack overflow in getaddrinfo with many results.\n (bnc#813121, CVE-2013-1914)\n\n - Fixed another stack overflow in getaddrinfo with many results (bnc#828637)\n\n - Fix buffer overflow in glob. (bnc#691365) (CVE-2010-4756)\n\n - Fix array overflow in floating point parser [bnc#775690] (CVE-2012-3480)\n\n - Fix strtod integer/buffer overflows [bnc#775690] (CVE-2012-3480) Make addmntent return errors also for cached streams. [bnc #676178, CVE-2011-1089]\n\n - Fix overflows in vfprintf. [bnc #770891, CVE 2012-3406]\n\n - Add vfprintf-nargs.diff for possible format string overflow. [bnc #747768, CVE-2012-0864]\n\n - Check values from file header in __tzfile_read. [bnc #735850, CVE-2009-5029]\n\nAlso several bugs were fixed :\n\n - Fix locking in _IO_cleanup. (bnc#796982)\n\n - Fix memory leak in execve. (bnc#805899) Fix nscd timestamps in logging (bnc#783196)\n\n - Fix perl script error message (bnc#774467)\n\n - Fall back to localhost if no nameserver defined (bnc#818630)\n\n - Fix incomplete results from nscd. [bnc #753756]\n\n - Fix a deadlock in dlsym in case the symbol isn't found, for multithreaded programs. [bnc #760216]\n\n - Fix problem with TLS and dlopen. [#732110]\n\n - Backported regex fix for skipping of valid EUC-JP matches [bnc#743689]\n\n - Fixed false regex match on incomplete chars in EUC-JP [bnc#743689]\n\n - Add glibc-pmap-timeout.diff in order to fix useless connection attempts to NFS servers. [bnc #661460]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLES10 Security Update : glibc (SUSE-SU-2013:1287-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5029", "CVE-2010-4756", "CVE-2011-1089", "CVE-2012-0864", "CVE-2012-3480", "CVE-2013-1914"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glibc", "p-cpe:/a:novell:suse_linux:glibc-devel", "p-cpe:/a:novell:suse_linux:glibc-html", "p-cpe:/a:novell:suse_linux:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:glibc-info", "p-cpe:/a:novell:suse_linux:glibc-locale", "p-cpe:/a:novell:suse_linux:glibc-profile", "p-cpe:/a:novell:suse_linux:nscd", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2013-1287-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83597", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2013:1287-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83597);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2010-4756\", \"CVE-2011-1089\", \"CVE-2012-0864\", \"CVE-2012-3480\", \"CVE-2013-1914\");\n script_bugtraq_id(46740, 50898, 52201, 54982, 58839);\n\n script_name(english:\"SUSE SLES10 Security Update : glibc (SUSE-SU-2013:1287-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This collective update for the GNU C library (glibc) provides the\nfollowing fixes and enhancements :\n\nSecurity issues fixed :\n\n - Fix stack overflow in getaddrinfo with many results.\n (bnc#813121, CVE-2013-1914)\n\n - Fixed another stack overflow in getaddrinfo with many\n results (bnc#828637)\n\n - Fix buffer overflow in glob. (bnc#691365)\n (CVE-2010-4756)\n\n - Fix array overflow in floating point parser [bnc#775690]\n (CVE-2012-3480)\n\n - Fix strtod integer/buffer overflows [bnc#775690]\n (CVE-2012-3480) Make addmntent return errors also for\n cached streams. [bnc #676178, CVE-2011-1089]\n\n - Fix overflows in vfprintf. [bnc #770891, CVE 2012-3406]\n\n - Add vfprintf-nargs.diff for possible format string\n overflow. [bnc #747768, CVE-2012-0864]\n\n - Check values from file header in __tzfile_read. [bnc\n #735850, CVE-2009-5029]\n\nAlso several bugs were fixed :\n\n - Fix locking in _IO_cleanup. (bnc#796982)\n\n - Fix memory leak in execve. (bnc#805899) Fix nscd\n timestamps in logging (bnc#783196)\n\n - Fix perl script error message (bnc#774467)\n\n - Fall back to localhost if no nameserver defined\n (bnc#818630)\n\n - Fix incomplete results from nscd. [bnc #753756]\n\n - Fix a deadlock in dlsym in case the symbol isn't found,\n for multithreaded programs. [bnc #760216]\n\n - Fix problem with TLS and dlopen. [#732110]\n\n - Backported regex fix for skipping of valid EUC-JP\n matches [bnc#743689]\n\n - Fixed false regex match on incomplete chars in EUC-JP\n [bnc#743689]\n\n - Add glibc-pmap-timeout.diff in order to fix useless\n connection attempts to NFS servers. [bnc #661460]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://download.suse.com/patch/finder/?keywords=17c15337eaf4f28f28cdc9f9d3d731ec\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c6953c2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-5029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4756.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0864.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3480.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1914.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/661460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/676178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/691365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/732110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/735850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/743689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/747768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/753756\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/760216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/770891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/774467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/775690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/783196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/796982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/805899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/813121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/818630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/828637\"\n );\n # https://www.suse.com/support/update/announcement/2013/suse-su-20131287-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16a241e5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc packages\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! ereg(pattern:\"^3$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.77.102.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.77.102.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.77.102.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.4-31.77.102.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"glibc-32bit-2.4-31.77.102.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"glibc-devel-32bit-2.4-31.77.102.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"glibc-locale-32bit-2.4-31.77.102.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"glibc-profile-32bit-2.4-31.77.102.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-2.4-31.77.102.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-devel-2.4-31.77.102.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-html-2.4-31.77.102.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-i18ndata-2.4-31.77.102.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-info-2.4-31.77.102.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-locale-2.4-31.77.102.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-profile-2.4-31.77.102.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"nscd-2.4-31.77.102.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:56:15", "description": "This collective update for the GNU C library (glibc) provides the following fixes and enhancements :\n\nSecurity issues fixed :\n\n - Fix stack overflow in getaddrinfo with many results.\n (bnc#813121, CVE-2013-1914)\n\n - Fix a different stack overflow in getaddrinfo with many results. (bnc#828637)\n\n - Fix array overflow in floating point parser [bnc#775690] (CVE-2012-3480)\n\n - Fix strtod integer/buffer overflows [bnc#775690] (CVE-2012-3480)\n\n - Add patches for fix overflows in vfprintf. [bnc #770891, CVE-2012-3405, CVE-2012-3406]\n\n - Fix buffer overflow in glob. (bnc#691365) (CVE-2010-4756)\n\n - Flush stream in addmntent, to catch errors like reached file size limits. [bnc #676178, CVE-2011-1089]\n\nBugs fixed :\n\n - Fix locking in _IO_cleanup. (bnc#796982)\n\n - Fix resolver when first query fails, but seconds succeeds. [bnc #767266]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : glibc (SUSE-SU-2013:1251-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4756", "CVE-2011-1089", "CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480", "CVE-2013-1914"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glibc", "p-cpe:/a:novell:suse_linux:glibc-devel", "p-cpe:/a:novell:suse_linux:glibc-html", "p-cpe:/a:novell:suse_linux:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:glibc-info", "p-cpe:/a:novell:suse_linux:glibc-locale", "p-cpe:/a:novell:suse_linux:glibc-profile", "p-cpe:/a:novell:suse_linux:nscd", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2013-1251-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83594", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2013:1251-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83594);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-4756\", \"CVE-2011-1089\", \"CVE-2012-3405\", \"CVE-2012-3406\", \"CVE-2012-3480\", \"CVE-2013-1914\");\n script_bugtraq_id(46740, 54374, 54982, 58839);\n\n script_name(english:\"SUSE SLES11 Security Update : glibc (SUSE-SU-2013:1251-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This collective update for the GNU C library (glibc) provides the\nfollowing fixes and enhancements :\n\nSecurity issues fixed :\n\n - Fix stack overflow in getaddrinfo with many results.\n (bnc#813121, CVE-2013-1914)\n\n - Fix a different stack overflow in getaddrinfo with many\n results. (bnc#828637)\n\n - Fix array overflow in floating point parser [bnc#775690]\n (CVE-2012-3480)\n\n - Fix strtod integer/buffer overflows [bnc#775690]\n (CVE-2012-3480)\n\n - Add patches for fix overflows in vfprintf. [bnc #770891,\n CVE-2012-3405, CVE-2012-3406]\n\n - Fix buffer overflow in glob. (bnc#691365)\n (CVE-2010-4756)\n\n - Flush stream in addmntent, to catch errors like reached\n file size limits. [bnc #676178, CVE-2011-1089]\n\nBugs fixed :\n\n - Fix locking in _IO_cleanup. (bnc#796982)\n\n - Fix resolver when first query fails, but seconds\n succeeds. [bnc #767266]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://download.suse.com/patch/finder/?keywords=0ed824f4616a590edd9c21331469673e\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cc4a24bb\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4756.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3405.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3406.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3480.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1914.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/676178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/691365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/767266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/770891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/775690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/796982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/813121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/828637\"\n );\n # https://www.suse.com/support/update/announcement/2013/suse-su-20131251-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b3e6b5ca\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP1 for VMware LTSS :\n\nzypper in -t patch slessp1-glibc-8082\n\nSUSE Linux Enterprise Server 11 SP1 LTSS :\n\nzypper in -t patch slessp1-glibc-8082\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^1$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-32bit-2.11.1-0.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.1-0.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.1-0.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.1-0.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-32bit-2.11.1-0.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.1-0.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.1-0.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.1-0.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-2.11.1-0.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-devel-2.11.1-0.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-html-2.11.1-0.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-i18ndata-2.11.1-0.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-info-2.11.1-0.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-locale-2.11.1-0.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-profile-2.11.1-0.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"nscd-2.11.1-0.50.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:50:19", "description": "The remote host is affected by the vulnerability described in GLSA-201503-04 (GNU C Library: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the GNU C Library.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A local attacker may be able to execute arbitrary code or cause a Denial of Service condition,.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2015-03-09T00:00:00", "type": "nessus", "title": "GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3404", "CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480", "CVE-2012-4412", "CVE-2012-4424", "CVE-2012-6656", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-2207", "CVE-2013-4237", "CVE-2013-4332", "CVE-2013-4458", "CVE-2013-4788", "CVE-2014-4043", "CVE-2015-0235"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:glibc", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201503-04.NASL", "href": "https://www.tenable.com/plugins/nessus/81689", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201503-04.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81689);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3404\", \"CVE-2012-3405\", \"CVE-2012-3406\", \"CVE-2012-3480\", \"CVE-2012-4412\", \"CVE-2012-4424\", \"CVE-2012-6656\", \"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-2207\", \"CVE-2013-4237\", \"CVE-2013-4332\", \"CVE-2013-4458\", \"CVE-2013-4788\", \"CVE-2014-4043\", \"CVE-2015-0235\");\n script_bugtraq_id(54374, 54982, 55462, 55543, 57638, 58839, 61183, 61729, 61960, 62324, 63299, 68006, 69470, 72325);\n script_xref(name:\"GLSA\", value:\"201503-04\");\n\n script_name(english:\"GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201503-04\n(GNU C Library: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the GNU C Library.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A local attacker may be able to execute arbitrary code or cause a Denial\n of Service condition,.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201503-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All glibc users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-libs/glibc-2.19-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/08\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-libs/glibc\", unaffected:make_list(\"ge 2.19-r1\"), vulnerable:make_list(\"lt 2.19-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GNU C Library\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:50:34", "description": "Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library.\n\n#553206 CVE-2015-1472 CVE-2015-1473\n\nThe scanf family of functions do not properly limit stack allocation, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code.\n\nCVE-2012-3405\n\nThe printf family of functions do not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service.\n\nCVE-2012-3406\n\nThe printf family of functions do not properly limit stack allocation, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string.\n\nCVE-2012-3480\n\nMultiple integer overflows in the strtod, strtof, strtold, strtod_l, and other related functions allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.\n\nCVE-2012-4412\n\nInteger overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.\n\nCVE-2012-4424\n\nStack-based buffer overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.\n\nCVE-2013-0242\n\nBuffer overflow in the extend_buffers function in the regular expression matcher allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.\n\nCVE-2013-1914 CVE-2013-4458\n\nStack-based buffer overflow in the getaddrinfo function allows remote attackers to cause a denial of service (crash) via a hostname or IP address that triggers a large number of domain conversion results.\n\nCVE-2013-4237\n\nreaddir_r allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a malicious NTFS image or CIFS service.\n\nCVE-2013-4332\n\nMultiple integer overflows in malloc/malloc.c allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the pvalloc, valloc, posix_memalign, memalign, or aligned_alloc functions.\n\nCVE-2013-4357\n\nThe getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname, getservbyname_r, getservbyport, getservbyport_r, and glob functions do not properly limit stack allocation, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code.\n\nCVE-2013-4788\n\nWhen the GNU C library is statically linked into an executable, the PTR_MANGLE implementation does not initialize the random value for the pointer guard, so that various hardening mechanisms are not effective.\n\nCVE-2013-7423\n\nThe send_dg function in resolv/res_send.c does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.\n\nCVE-2013-7424\n\nThe getaddrinfo function may attempt to free an invalid pointer when handling IDNs (Internationalised Domain Names), which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.\n\nCVE-2014-4043\n\nThe posix_spawn_file_actions_addopen function does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in version 2.11.3-4+deb6u5.\n\nFor the stable distribution (wheezy), these problems were fixed in version 2.13-38+deb7u8 or earlier.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-03-26T00:00:00", "type": "nessus", "title": "Debian DLA-165-1 : eglibc security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480", "CVE-2012-4412", "CVE-2012-4424", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4237", "CVE-2013-4332", "CVE-2013-4357", "CVE-2013-4458", "CVE-2013-4788", "CVE-2013-7423", "CVE-2013-7424", "CVE-2014-4043", "CVE-2015-1472", "CVE-2015-1473"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:eglibc-source", "p-cpe:/a:debian:debian_linux:glibc-doc", "p-cpe:/a:debian:debian_linux:libc-bin", "p-cpe:/a:debian:debian_linux:libc-dev-bin", "p-cpe:/a:debian:debian_linux:libc6", "p-cpe:/a:debian:debian_linux:libc6-amd64", "p-cpe:/a:debian:debian_linux:libc6-dbg", "p-cpe:/a:debian:debian_linux:libc6-dev", "p-cpe:/a:debian:debian_linux:libc6-dev-amd64", "p-cpe:/a:debian:debian_linux:libc6-dev-i386", "p-cpe:/a:debian:debian_linux:libc6-i386", "p-cpe:/a:debian:debian_linux:libc6-i686", "p-cpe:/a:debian:debian_linux:libc6-pic", "p-cpe:/a:debian:debian_linux:libc6-prof", "p-cpe:/a:debian:debian_linux:libc6-udeb", "p-cpe:/a:debian:debian_linux:libc6-xen", "p-cpe:/a:debian:debian_linux:libnss-dns-udeb", "p-cpe:/a:debian:debian_linux:libnss-files-udeb", "p-cpe:/a:debian:debian_linux:locales", "p-cpe:/a:debian:debian_linux:locales-all", "p-cpe:/a:debian:debian_linux:nscd", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-165.NASL", "href": "https://www.tenable.com/plugins/nessus/82149", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-165-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82149);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3405\", \"CVE-2012-3406\", \"CVE-2012-3480\", \"CVE-2012-4412\", \"CVE-2012-4424\", \"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4237\", \"CVE-2013-4332\", \"CVE-2013-4357\", \"CVE-2013-4458\", \"CVE-2013-4788\", \"CVE-2013-7423\", \"CVE-2013-7424\", \"CVE-2014-4043\", \"CVE-2015-1472\", \"CVE-2015-1473\");\n script_bugtraq_id(54374, 54982, 55462, 55543, 57638, 58839, 61183, 61729, 62324, 63299, 67992, 68006, 72428, 72498, 72499, 72710, 72844);\n\n script_name(english:\"Debian DLA-165-1 : eglibc security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been fixed in eglibc, Debian's version of\nthe GNU C library.\n\n#553206 CVE-2015-1472 CVE-2015-1473\n\nThe scanf family of functions do not properly limit stack allocation,\nwhich allows context-dependent attackers to cause a denial of service\n(crash) or possibly execute arbitrary code.\n\nCVE-2012-3405\n\nThe printf family of functions do not properly calculate a buffer\nlength, which allows context-dependent attackers to bypass the\nFORTIFY_SOURCE format-string protection mechanism and cause a denial\nof service.\n\nCVE-2012-3406\n\nThe printf family of functions do not properly limit stack allocation,\nwhich allows context-dependent attackers to bypass the FORTIFY_SOURCE\nformat-string protection mechanism and cause a denial of service\n(crash) or possibly execute arbitrary code via a crafted format\nstring.\n\nCVE-2012-3480\n\nMultiple integer overflows in the strtod, strtof, strtold, strtod_l,\nand other related functions allow local users to cause a denial of\nservice (application crash) and possibly execute arbitrary code via a\nlong string, which triggers a stack-based buffer overflow.\n\nCVE-2012-4412\n\nInteger overflow in the strcoll and wcscoll functions allows\ncontext-dependent attackers to cause a denial of service (crash) or\npossibly execute arbitrary code via a long string, which triggers a\nheap-based buffer overflow.\n\nCVE-2012-4424\n\nStack-based buffer overflow in the strcoll and wcscoll functions\nallows context-dependent attackers to cause a denial of service\n(crash) or possibly execute arbitrary code via a long string that\ntriggers a malloc failure and use of the alloca function.\n\nCVE-2013-0242\n\nBuffer overflow in the extend_buffers function in the regular\nexpression matcher allows context-dependent attackers to cause a\ndenial of service (memory corruption and crash) via crafted multibyte\ncharacters.\n\nCVE-2013-1914 CVE-2013-4458\n\nStack-based buffer overflow in the getaddrinfo function allows remote\nattackers to cause a denial of service (crash) via a hostname or IP\naddress that triggers a large number of domain conversion results.\n\nCVE-2013-4237\n\nreaddir_r allows context-dependent attackers to cause a denial of\nservice (out-of-bounds write and crash) or possibly execute arbitrary\ncode via a malicious NTFS image or CIFS service.\n\nCVE-2013-4332\n\nMultiple integer overflows in malloc/malloc.c allow context-dependent\nattackers to cause a denial of service (heap corruption) via a large\nvalue to the pvalloc, valloc, posix_memalign, memalign, or\naligned_alloc functions.\n\nCVE-2013-4357\n\nThe getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname,\ngetservbyname_r, getservbyport, getservbyport_r, and glob functions do\nnot properly limit stack allocation, which allows context-dependent\nattackers to cause a denial of service (crash) or possibly execute\narbitrary code.\n\nCVE-2013-4788\n\nWhen the GNU C library is statically linked into an executable, the\nPTR_MANGLE implementation does not initialize the random value for the\npointer guard, so that various hardening mechanisms are not effective.\n\nCVE-2013-7423\n\nThe send_dg function in resolv/res_send.c does not properly reuse file\ndescriptors, which allows remote attackers to send DNS queries to\nunintended locations via a large number of requests that trigger a\ncall to the getaddrinfo function.\n\nCVE-2013-7424\n\nThe getaddrinfo function may attempt to free an invalid pointer when\nhandling IDNs (Internationalised Domain Names), which allows remote\nattackers to cause a denial of service (crash) or possibly execute\narbitrary code.\n\nCVE-2014-4043\n\nThe posix_spawn_file_actions_addopen function does not copy its path\nargument in accordance with the POSIX specification, which allows\ncontext-dependent attackers to trigger use-after-free vulnerabilities.\n\nFor the oldstable distribution (squeeze), these problems have been\nfixed in version 2.11.3-4+deb6u5.\n\nFor the stable distribution (wheezy), these problems were fixed in\nversion 2.13-38+deb7u8 or earlier.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/03/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/eglibc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:eglibc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc-dev-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-pic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-prof\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss-dns-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss-files-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:locales\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:locales-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"eglibc-source\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"glibc-doc\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc-bin\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc-dev-bin\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-amd64\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dbg\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dev\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dev-amd64\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dev-i386\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-i386\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-i686\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-pic\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-prof\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-udeb\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-xen\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnss-dns-udeb\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnss-files-udeb\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"locales\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"locales-all\", reference:\"2.11.3-4+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"nscd\", reference:\"2.11.3-4+deb6u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:55:30", "description": "This glibc update fixes a critical privilege escalation vulnerability and the following security and non-security issues :\n\n - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available.\n (CVE-2014-5119)\n\n - bnc#886416: Avoid redundant shift character in iconv output at block boundary.\n\n - bnc#883022: Initialize errcode in sysdeps/unix/opendir.c.\n\n - bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043)\n\n - bnc#864081: Take lock in pthread_cond_wait cleanup handler only when needed.\n\n - bnc#843735: Don't crash on unresolved weak symbol reference.\n\n - bnc#839870: Fix integer overflows in malloc.\n (CVE-2013-4332)\n\n - bnc#836746: Avoid race between {,__de}allocate_stack and\n __reclaim_stacks during fork.\n\n - bnc#834594: Fix readdir_r with long file names.\n (CVE-2013-4237)\n\n - bnc#830268: Initialize pointer guard also in static executables. (CVE-2013-4788)\n\n - bnc#801246: Fix buffer overrun in regexp matcher.\n (CVE-2013-0242)\n\n - bnc#779320: Fix buffer overflow in strcoll.\n (CVE-2012-4412)\n\n - bnc#750741: Use absolute timeout in x86 pthread_cond_timedwait.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1122-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4412", "CVE-2013-0242", "CVE-2013-4237", "CVE-2013-4332", "CVE-2013-4788", "CVE-2014-4043", "CVE-2014-5119"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glibc", "p-cpe:/a:novell:suse_linux:glibc-devel", "p-cpe:/a:novell:suse_linux:glibc-html", "p-cpe:/a:novell:suse_linux:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:glibc-info", "p-cpe:/a:novell:suse_linux:glibc-locale", "p-cpe:/a:novell:suse_linux:glibc-profile", "p-cpe:/a:novell:suse_linux:nscd", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2014-1122-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83637", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2014:1122-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83637);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-4412\", \"CVE-2013-0242\", \"CVE-2013-4237\", \"CVE-2013-4332\", \"CVE-2013-4788\", \"CVE-2014-4043\", \"CVE-2014-5119\");\n script_bugtraq_id(55462, 57638, 61183, 61729, 62324, 68006, 68983, 69738);\n\n script_name(english:\"SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1122-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This glibc update fixes a critical privilege escalation vulnerability\nand the following security and non-security issues :\n\n - bnc#892073: An off-by-one error leading to a heap-based\n buffer overflow was found in __gconv_translit_find(). An\n exploit that targets the problem is publicly available.\n (CVE-2014-5119)\n\n - bnc#886416: Avoid redundant shift character in iconv\n output at block boundary.\n\n - bnc#883022: Initialize errcode in\n sysdeps/unix/opendir.c.\n\n - bnc#882600: Copy filename argument in\n posix_spawn_file_actions_addopen. (CVE-2014-4043)\n\n - bnc#864081: Take lock in pthread_cond_wait cleanup\n handler only when needed.\n\n - bnc#843735: Don't crash on unresolved weak symbol\n reference.\n\n - bnc#839870: Fix integer overflows in malloc.\n (CVE-2013-4332)\n\n - bnc#836746: Avoid race between {,__de}allocate_stack and\n __reclaim_stacks during fork.\n\n - bnc#834594: Fix readdir_r with long file names.\n (CVE-2013-4237)\n\n - bnc#830268: Initialize pointer guard also in static\n executables. (CVE-2013-4788)\n\n - bnc#801246: Fix buffer overrun in regexp matcher.\n (CVE-2013-0242)\n\n - bnc#779320: Fix buffer overflow in strcoll.\n (CVE-2012-4412)\n\n - bnc#750741: Use absolute timeout in x86\n pthread_cond_timedwait.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=779320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=801246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=830268\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=834594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=836746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=839870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=843735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=882600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=883022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=886416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=892073\"\n );\n # https://download.suse.com/patch/finder/?keywords=8ba147c0ad19c1883fe7425b33e0ea15\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e6e29eff\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-4412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-0242/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-4237/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-4332/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-4788/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-4043/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-5119/\"\n );\n # https://www.suse.com/support/update/announcement/2014/suse-su-20141122-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?81cc8b62\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP1 LTSS :\n\nzypper in -t patch slessp1-glibc-9664\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-32bit-2.11.1-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.1-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.1-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.1-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-32bit-2.11.1-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.1-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.1-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.1-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-2.11.1-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-devel-2.11.1-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-html-2.11.1-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-i18ndata-2.11.1-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-info-2.11.1-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-locale-2.11.1-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-profile-2.11.1-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"nscd-2.11.1-0.58.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:01:26", "description": "Updated glibc packages fixes the following security issues :\n\nInteger overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow (CVE-2012-4412).\n\nStack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function (CVE-2012-4424).\n\npt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system (CVE-2013-2207).\nNOTE! This is fixed by removing pt_chown wich may break chroots if their devpts was not mounted correctly (make sure to mount the devpts correctly with gid=5).\n\nsysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image (CVE-2013-4237).\n\nMultiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions (CVE-2013-4332).\n\nA stack (frame) overflow flaw, which led to a denial of service (application crash), was found in the way glibc's getaddrinfo() function processed certain requests when called with AF_INET6. A similar flaw to CVE-2013-1914, this affects AF_INET6 rather than AF_UNSPEC (CVE-2013-4458).\n\nThe PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context- dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address (CVE-2013-4788).\n\nOther fixes in this update :\n\n - Correct the processing of '\\x80' characters in crypt_freesec.c\n\n - fix typo in nscd.service", "cvss3": {}, "published": "2013-11-26T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : glibc (MDVSA-2013:283)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4412", "CVE-2012-4424", "CVE-2013-1914", "CVE-2013-2207", "CVE-2013-4237", "CVE-2013-4332", "CVE-2013-4458", "CVE-2013-4788"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:glibc", "p-cpe:/a:mandriva:linux:glibc-devel", "p-cpe:/a:mandriva:linux:glibc-doc", "p-cpe:/a:mandriva:linux:glibc-doc-pdf", "p-cpe:/a:mandriva:linux:glibc-i18ndata", "p-cpe:/a:mandriva:linux:glibc-profile", "p-cpe:/a:mandriva:linux:glibc-static-devel", "p-cpe:/a:mandriva:linux:glibc-utils", "p-cpe:/a:mandriva:linux:nscd", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2013-283.NASL", "href": "https://www.tenable.com/plugins/nessus/71092", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:283. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71092);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-4412\", \"CVE-2012-4424\", \"CVE-2013-2207\", \"CVE-2013-4237\", \"CVE-2013-4332\", \"CVE-2013-4458\", \"CVE-2013-4788\");\n script_bugtraq_id(55462, 55543, 61183, 61729, 61960, 62324, 63299);\n script_xref(name:\"MDVSA\", value:\"2013:283\");\n\n script_name(english:\"Mandriva Linux Security Advisory : glibc (MDVSA-2013:283)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages fixes the following security issues :\n\nInteger overflow in string/strcoll_l.c in the GNU C Library (aka glibc\nor libc6) 2.17 and earlier allows context-dependent attackers to cause\na denial of service (crash) or possibly execute arbitrary code via a\nlong string, which triggers a heap-based buffer overflow\n(CVE-2012-4412).\n\nStack-based buffer overflow in string/strcoll_l.c in the GNU C Library\n(aka glibc or libc6) 2.17 and earlier allows context-dependent\nattackers to cause a denial of service (crash) or possibly execute\narbitrary code via a long string that triggers a malloc failure and\nuse of the alloca function (CVE-2012-4424).\n\npt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not\nproperly check permissions for tty files, which allows local users to\nchange the permission on the files and obtain access to arbitrary\npseudo-terminals by leveraging a FUSE file system (CVE-2013-2207).\nNOTE! This is fixed by removing pt_chown wich may break chroots if\ntheir devpts was not mounted correctly (make sure to mount the devpts\ncorrectly with gid=5).\n\nsysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6)\n2.18 and earlier allows context-dependent attackers to cause a denial\nof service (out-of-bounds write and crash) or possibly execute\narbitrary code via a crafted (1) NTFS or (2) CIFS image\n(CVE-2013-4237).\n\nMultiple integer overflows in malloc/malloc.c in the GNU C Library\n(aka glibc or libc6) 2.18 and earlier allow context-dependent\nattackers to cause a denial of service (heap corruption) via a large\nvalue to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4)\nmemalign, or (5) aligned_alloc functions (CVE-2013-4332).\n\nA stack (frame) overflow flaw, which led to a denial of service\n(application crash), was found in the way glibc's getaddrinfo()\nfunction processed certain requests when called with AF_INET6. A\nsimilar flaw to CVE-2013-1914, this affects AF_INET6 rather than\nAF_UNSPEC (CVE-2013-4458).\n\nThe PTR_MANGLE implementation in the GNU C Library (aka glibc or\nlibc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not\ninitialize the random value for the pointer guard, which makes it\neasier for context- dependent attackers to control execution flow by\nleveraging a buffer-overflow vulnerability in an application and using\nthe known zero value pointer guard to calculate a pointer address\n(CVE-2013-4788).\n\nOther fixes in this update :\n\n - Correct the processing of '\\x80' characters in\n crypt_freesec.c\n\n - fix typo in nscd.service\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2013-0340.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-2.14.1-12.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-devel-2.14.1-12.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"glibc-doc-2.14.1-12.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"glibc-doc-pdf-2.14.1-12.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-i18ndata-2.14.1-12.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-profile-2.14.1-12.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-static-devel-2.14.1-12.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-utils-2.14.1-12.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"nscd-2.14.1-12.2.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:55:31", "description": "This glibc update fixes a critical privilege escalation problem and the following security and non-security issues :\n\n - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available.\n (CVE-2014-5119)\n\n - bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043)\n\n - bnc#860501: Use O_LARGEFILE for utmp file.\n\n - bnc#842291: Fix typo in glibc-2.5-dlopen-lookup-race.diff.\n\n - bnc#839870: Fix integer overflows in malloc.\n (CVE-2013-4332)\n\n - bnc#834594: Fix readdir_r with long file names.\n (CVE-2013-4237)\n\n - bnc#824639: Drop lock before calling malloc_printerr.\n\n - bnc#801246: Fix buffer overrun in regexp matcher.\n (CVE-2013-0242)\n\n - bnc#779320: Fix buffer overflow in strcoll.\n (CVE-2012-4412)\n\n - bnc#894556 / bnc#894553: Fix crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656, bnc#894553, bnc#894556, BZ#17325, BZ#14134)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1128-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4412", "CVE-2012-6656", "CVE-2013-0242", "CVE-2013-4237", "CVE-2013-4332", "CVE-2014-4043", "CVE-2014-5119", "CVE-2014-6040"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glibc", "p-cpe:/a:novell:suse_linux:glibc-devel", "p-cpe:/a:novell:suse_linux:glibc-html", "p-cpe:/a:novell:suse_linux:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:glibc-info", "p-cpe:/a:novell:suse_linux:glibc-locale", "p-cpe:/a:novell:suse_linux:glibc-profile", "p-cpe:/a:novell:suse_linux:nscd", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2014-1128-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83638", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2014:1128-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83638);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-4412\", \"CVE-2012-6656\", \"CVE-2013-0242\", \"CVE-2013-4237\", \"CVE-2013-4332\", \"CVE-2014-4043\", \"CVE-2014-5119\", \"CVE-2014-6040\");\n script_bugtraq_id(55462, 57638, 61729, 62324, 68006, 68983, 69470, 69472, 69738);\n\n script_name(english:\"SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1128-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This glibc update fixes a critical privilege escalation problem and\nthe following security and non-security issues :\n\n - bnc#892073: An off-by-one error leading to a heap-based\n buffer overflow was found in __gconv_translit_find(). An\n exploit that targets the problem is publicly available.\n (CVE-2014-5119)\n\n - bnc#882600: Copy filename argument in\n posix_spawn_file_actions_addopen. (CVE-2014-4043)\n\n - bnc#860501: Use O_LARGEFILE for utmp file.\n\n - bnc#842291: Fix typo in\n glibc-2.5-dlopen-lookup-race.diff.\n\n - bnc#839870: Fix integer overflows in malloc.\n (CVE-2013-4332)\n\n - bnc#834594: Fix readdir_r with long file names.\n (CVE-2013-4237)\n\n - bnc#824639: Drop lock before calling malloc_printerr.\n\n - bnc#801246: Fix buffer overrun in regexp matcher.\n (CVE-2013-0242)\n\n - bnc#779320: Fix buffer overflow in strcoll.\n (CVE-2012-4412)\n\n - bnc#894556 / bnc#894553: Fix crashes on invalid input in\n IBM gconv modules. (CVE-2014-6040, CVE-2012-6656,\n bnc#894553, bnc#894556, BZ#17325, BZ#14134)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=779320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=801246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=824639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=834594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=839870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=842291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=882600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=892073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=894553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=894556\"\n );\n # https://download.suse.com/patch/finder/?keywords=190862be14e3ed91b361e0b0a66e292a\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9d2f2bff\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-4412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-0242/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-4237/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-4332/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-4043/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-5119/\"\n );\n # https://www.suse.com/support/update/announcement/2014/suse-su-20141128-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e04549f0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc packages\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"glibc-32bit-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"glibc-devel-32bit-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"glibc-locale-32bit-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"glibc-profile-32bit-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-devel-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-html-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-i18ndata-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-info-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-locale-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-profile-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"nscd-2.4-31.77.112.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:40:33", "description": "An updated rhev-hypervisor6 package that fixes multiple security issues and one bug is now available.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of 'Install Failed'. If this happens, place the host into maintenance mode, then activate it again to get the host back to an 'Up' state.\n\nA buffer overflow flaw was found in the way QEMU processed the SCSI 'REPORT LUNS' command when more than 256 LUNs were specified for a single SCSI target. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2013-4344)\n\nMultiple flaws were found in the way Linux kernel handled HID (Human Interface Device) reports. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2888, CVE-2013-2889, CVE-2013-2892)\n\nA flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully crafted certificate signed by an authority that the client trusts. (CVE-2013-4238)\n\nThe default OpenSSH configuration made it easy for remote attackers to exhaust unauthorized connection slots and prevent other users from being able to log in to a system. This flaw has been addressed by enabling random early connection drops by setting MaxStartups to 10:30:100 by default. For more information, refer to the sshd_config(5) man page. (CVE-2010-5107)\n\nThe CVE-2013-4344 issue was discovered by Asias He of Red Hat.\n\nThis updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers :\n\nCVE-2012-0786 and CVE-2012-0787 (augeas issues)\n\nCVE-2013-1813 (busybox issue)\n\nCVE-2013-0221, CVE-2013-0222, and CVE-2013-0223 (coreutils issues)\n\nCVE-2012-4453 (dracut issue)\n\nCVE-2013-4332, CVE-2013-0242, and CVE-2013-1914 (glibc issues)\n\nCVE-2013-4387, CVE-2013-0343, CVE-2013-4345, CVE-2013-4591, CVE-2013-4592, CVE-2012-6542, CVE-2013-3231, CVE-2013-1929, CVE-2012-6545, CVE-2013-1928, CVE-2013-2164, CVE-2013-2234, and CVE-2013-2851 (kernel issues)\n\nCVE-2013-4242 (libgcrypt issue)\n\nCVE-2013-4419 (libguestfs issue)\n\nCVE-2013-1775, CVE-2013-2776, and CVE-2013-2777 (sudo issues)\n\nThis update also fixes the following bug :\n\n* A previous version of the rhev-hypervisor6 package did not contain the latest vhostmd package, which provides a 'metrics communication channel' between a host and its hosted virtual machines, allowing limited introspection of host resource usage from within virtual machines. This has been fixed, and rhev-hypervisor6 now includes the latest vhostmd package. (BZ#1026703)\n\nThis update also contains the fixes from the following errata :\n\n* ovirt-node: https://rhn.redhat.com/errata/RHBA-2013-1528.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues.", "cvss3": {}, "published": "2014-11-08T00:00:00", "type": "nessus", "title": "RHEL 6 : rhev-hypervisor6 (RHSA-2013:1527)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-5107", "CVE-2012-0786", "CVE-2012-0787", "CVE-2012-4453", "CVE-2012-6542", "CVE-2012-6545", "CVE-2013-0221", "CVE-2013-0222", "CVE-2013-0223", "CVE-2013-0242", "CVE-2013-0343", "CVE-2013-1775", "CVE-2013-1813", "CVE-2013-1914", "CVE-2013-1928", "CVE-2013-1929", "CVE-2013-2164", "CVE-2013-2234", "CVE-2013-2776", "CVE-2013-2777", "CVE-2013-2851", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2892", "CVE-2013-3231", "CVE-2013-4238", "CVE-2013-4242", "CVE-2013-4332", "CVE-2013-4344", "CVE-2013-4345", "CVE-2013-4387", "CVE-2013-4419", "CVE-2013-4591", "CVE-2013-4592"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-1527.NASL", "href": "https://www.tenable.com/plugins/nessus/78979", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1527. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78979);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-5107\", \"CVE-2013-2888\", \"CVE-2013-2889\", \"CVE-2013-2892\", \"CVE-2013-4238\", \"CVE-2013-4344\");\n script_bugtraq_id(58162, 61738, 62042, 62043, 62049, 62773);\n script_xref(name:\"RHSA\", value:\"2013:1527\");\n\n script_name(english:\"RHEL 6 : rhev-hypervisor6 (RHSA-2013:1527)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated rhev-hypervisor6 package that fixes multiple security\nissues and one bug is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: a subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of 'Install Failed'. If this happens, place the\nhost into maintenance mode, then activate it again to get the host\nback to an 'Up' state.\n\nA buffer overflow flaw was found in the way QEMU processed the SCSI\n'REPORT LUNS' command when more than 256 LUNs were specified for a\nsingle SCSI target. A privileged guest user could use this flaw to\ncorrupt QEMU process memory on the host, which could potentially\nresult in arbitrary code execution on the host with the privileges of\nthe QEMU process. (CVE-2013-4344)\n\nMultiple flaws were found in the way Linux kernel handled HID (Human\nInterface Device) reports. An attacker with physical access to the\nsystem could use this flaw to crash the system or, potentially,\nescalate their privileges on the system. (CVE-2013-2888,\nCVE-2013-2889, CVE-2013-2892)\n\nA flaw was found in the way the Python SSL module handled X.509\ncertificate fields that contain a NULL byte. An attacker could\npotentially exploit this flaw to conduct man-in-the-middle attacks to\nspoof SSL servers. Note that to exploit this issue, an attacker would\nneed to obtain a carefully crafted certificate signed by an authority\nthat the client trusts. (CVE-2013-4238)\n\nThe default OpenSSH configuration made it easy for remote attackers to\nexhaust unauthorized connection slots and prevent other users from\nbeing able to log in to a system. This flaw has been addressed by\nenabling random early connection drops by setting MaxStartups to\n10:30:100 by default. For more information, refer to the\nsshd_config(5) man page. (CVE-2010-5107)\n\nThe CVE-2013-4344 issue was discovered by Asias He of Red Hat.\n\nThis updated package provides updated components that include fixes\nfor various security issues. These issues have no security impact on\nRed Hat Enterprise Virtualization Hypervisor itself, however. The\nsecurity fixes included in this update address the following CVE\nnumbers :\n\nCVE-2012-0786 and CVE-2012-0787 (augeas issues)\n\nCVE-2013-1813 (busybox issue)\n\nCVE-2013-0221, CVE-2013-0222, and CVE-2013-0223 (coreutils issues)\n\nCVE-2012-4453 (dracut issue)\n\nCVE-2013-4332, CVE-2013-0242, and CVE-2013-1914 (glibc issues)\n\nCVE-2013-4387, CVE-2013-0343, CVE-2013-4345, CVE-2013-4591,\nCVE-2013-4592, CVE-2012-6542, CVE-2013-3231, CVE-2013-1929,\nCVE-2012-6545, CVE-2013-1928, CVE-2013-2164, CVE-2013-2234, and\nCVE-2013-2851 (kernel issues)\n\nCVE-2013-4242 (libgcrypt issue)\n\nCVE-2013-4419 (libguestfs issue)\n\nCVE-2013-1775, CVE-2013-2776, and CVE-2013-2777 (sudo issues)\n\nThis update also fixes the following bug :\n\n* A previous version of the rhev-hypervisor6 package did not contain\nthe latest vhostmd package, which provides a 'metrics communication\nchannel' between a host and its hosted virtual machines, allowing\nlimited introspection of host resource usage from within virtual\nmachines. This has been fixed, and rhev-hypervisor6 now includes the\nlatest vhostmd package. (BZ#1026703)\n\nThis update also contains the fixes from the following errata :\n\n* ovirt-node: https://rhn.redhat.com/errata/RHBA-2013-1528.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised\nto upgrade to this updated package, which corrects these issues.\"\n );\n # https://rhn.redhat.com/errata/RHBA-2013-1528.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHBA-2013:1528\"\n );\n # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6b506c4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-5107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4238\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected rhev-hypervisor6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1527\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-6.5-20131115.0.3.2.el6_5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor6\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:22:51", "description": "According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system.(CVE-2015-5277)\n\n - A directory traveral flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application.(CVE-2014-0475)\n\n - It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure.(CVE-2015-8776)\n\n - The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.(CVE-2017-15670)\n\n - The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.(CVE-2013-4788)\n\n - An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.(CVE-2014-6040)\n\n - A stack overflow vulnerability was found in\n _nss_dns_getnetbyname_r. On systems with nsswitch configured to include ''networks: dns'' with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution.(CVE-2016-3075)\n\n - Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.(CVE-2012-4412)\n\n - A heap-based buffer overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application.(CVE-2015-1472)\n\n - It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.(CVE-2013-1914)\n\n - A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code.(CVE-2014-9761)\n\n - An out-of-bounds write flaw was found in the way the glibc's readdir_r() function handled file system entries longer than the NAME_MAX character constant. A remote attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdir_r(), would cause that application to crash or, potentially, allow the attacker to execute arbitrary code with the privileges of the user running the application.(CVE-2013-4237)\n\n - It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.(CVE-2013-7423)\n\n - A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.(CVE-2015-1781)\n\n - The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.(CVE-2014-9402)\n\n - In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.(CVE-2019-9169)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1552)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4412", "CVE-2013-1914", "CVE-2013-4237", "CVE-2013-4788", "CVE-2013-7423", "CVE-2014-0475", "CVE-2014-6040", "CVE-2014-9402", "CVE-2014-9761", "CVE-2015-1472", "CVE-2015-1781", "CVE-2015-5277", "CVE-2015-8776", "CVE-2016-3075", "CVE-2017-15670", "CVE-2019-9169"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1552.NASL", "href": "https://www.tenable.com/plugins/nessus/125005", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125005);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2012-4412\",\n \"CVE-2013-1914\",\n \"CVE-2013-4237\",\n \"CVE-2013-4788\",\n \"CVE-2013-7423\",\n \"CVE-2014-0475\",\n \"CVE-2014-6040\",\n \"CVE-2014-9402\",\n \"CVE-2014-9761\",\n \"CVE-2015-1472\",\n \"CVE-2015-1781\",\n \"CVE-2015-5277\",\n \"CVE-2015-8776\",\n \"CVE-2016-3075\",\n \"CVE-2017-15670\",\n \"CVE-2019-9169\"\n );\n script_bugtraq_id(\n 55462,\n 58839,\n 61183,\n 61729,\n 68505,\n 69472,\n 71670,\n 72428,\n 72498,\n 72844,\n 74255\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1552)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - It was discovered that the nss_files backend for the\n Name Service Switch in glibc would return incorrect\n data to applications or corrupt the heap (depending on\n adjacent heap contents). A local attacker could\n potentially use this flaw to execute arbitrary code on\n the system.(CVE-2015-5277)\n\n - A directory traveral flaw was found in the way glibc\n loaded locale files. An attacker able to make an\n application use a specially crafted locale name value\n (for example, specified in an LC_* environment\n variable) could possibly use this flaw to execute\n arbitrary code with the privileges of that\n application.(CVE-2014-0475)\n\n - It was found that out-of-range time values passed to\n the strftime() function could result in an\n out-of-bounds memory access. This could lead to\n application crash or, potentially, information\n disclosure.(CVE-2015-8776)\n\n - The GNU C Library (aka glibc or libc6) before 2.27\n contains an off-by-one error leading to a heap-based\n buffer overflow in the glob function in glob.c, related\n to the processing of home directories using the ~\n operator followed by a long string.(CVE-2017-15670)\n\n - The PTR_MANGLE implementation in the GNU C Library (aka\n glibc or libc6) 2.4, 2.17, and earlier, and Embedded\n GLIBC (EGLIBC) does not initialize the random value for\n the pointer guard, which makes it easier for\n context-dependent attackers to control execution flow\n by leveraging a buffer-overflow vulnerability in an\n application and using the known zero value pointer\n guard to calculate a pointer address.(CVE-2013-4788)\n\n - An out-of-bounds read flaw was found in the way glibc's\n iconv() function converted certain encoded data to\n UTF-8. An attacker able to make an application call the\n iconv() function with a specially crafted argument\n could use this flaw to crash that\n application.(CVE-2014-6040)\n\n - A stack overflow vulnerability was found in\n _nss_dns_getnetbyname_r. On systems with nsswitch\n configured to include ''networks: dns'' with a\n privileged or network-facing service that would attempt\n to resolve user-provided network names, an attacker\n could provide an excessively long network name,\n resulting in stack corruption and code\n execution.(CVE-2016-3075)\n\n - Integer overflow in string/strcoll_l.c in the GNU C\n Library (aka glibc or libc6) 2.17 and earlier allows\n context-dependent attackers to cause a denial of\n service (crash) or possibly execute arbitrary code via\n a long string, which triggers a heap-based buffer\n overflow.(CVE-2012-4412)\n\n - A heap-based buffer overflow flaw was found in glibc's\n swscanf() function. An attacker able to make an\n application call the swscanf() function could use this\n flaw to crash that application or, potentially, execute\n arbitrary code with the permissions of the user running\n the application.(CVE-2015-1472)\n\n - It was found that getaddrinfo() did not limit the\n amount of stack memory used during name resolution. An\n attacker able to make an application resolve an\n attacker-controlled hostname or IP address could\n possibly cause the application to exhaust all stack\n memory and crash.(CVE-2013-1914)\n\n - A stack overflow vulnerability was found in nan*\n functions that could cause applications, which process\n long strings with the nan function, to crash or,\n potentially, execute arbitrary code.(CVE-2014-9761)\n\n - An out-of-bounds write flaw was found in the way the\n glibc's readdir_r() function handled file system\n entries longer than the NAME_MAX character constant. A\n remote attacker could provide a specially crafted NTFS\n or CIFS file system that, when processed by an\n application using readdir_r(), would cause that\n application to crash or, potentially, allow the\n attacker to execute arbitrary code with the privileges\n of the user running the application.(CVE-2013-4237)\n\n - It was discovered that, under certain circumstances,\n glibc's getaddrinfo() function would send DNS queries\n to random file descriptors. An attacker could\n potentially use this flaw to send DNS queries to\n unintended recipients, resulting in information\n disclosure or data loss due to the application\n encountering corrupted data.(CVE-2013-7423)\n\n - A buffer overflow flaw was found in the way glibc's\n gethostbyname_r() and other related functions computed\n the size of a buffer when passed a misaligned buffer as\n input. An attacker able to make an application call any\n of these functions with a misaligned buffer could use\n this flaw to crash the application or, potentially,\n execute arbitrary code with the permissions of the user\n running the application.(CVE-2015-1781)\n\n - The nss_dns implementation of getnetbyname in GNU C\n Library (aka glibc) before 2.21, when the DNS backend\n in the Name Service Switch configuration is enabled,\n allows remote attackers to cause a denial of service\n (infinite loop) by sending a positive answer while a\n network name is being process.(CVE-2014-9402)\n\n - In the GNU C Library (aka glibc or libc6) through 2.29,\n proceed_next_node in posix/regexec.c has a heap-based\n buffer over-read via an attempted case-insensitive\n regular-expression match.(CVE-2019-9169)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1552\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ad6abb72\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9169\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.17-222.h11\",\n \"glibc-common-2.17-222.h11\",\n \"glibc-devel-2.17-222.h11\",\n \"glibc-headers-2.17-222.h11\",\n \"nscd-2.17-222.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-11T00:25:00", "description": "According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.(CVE-2018-11236)\n\n - An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution.(CVE-2015-8778)\n\n - A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.(CVE-2015-7547)\n\n - A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.(CVE-2013-0242)\n\n - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.(CVE-2017-1000366)\n\n - The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.(CVE-2017-12132)\n\n - It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service.(CVE-2014-8121)\n\n - Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.(CVE-2016-3706)\n\n - In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.(CVE-2018-1000001)\n\n - Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.(CVE-2012-4424)\n\n - It was found that the dynamic loader did not sanitize the LD_POINTER_GUARD environment variable. An attacker could use this flaw to bypass the pointer guarding protection on set-user-ID or set-group-ID programs to execute arbitrary code with the permissions of the user running the application.(CVE-2015-8777)\n\n - The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.(CVE-2017-15804)\n\n - res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).(CVE-2015-5180)\n\n - pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.(CVE-2013-2207)\n\n - A stack overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application.(CVE-2015-1473)\n\n - It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.(CVE-2013-4458)\n\n - A heap-based buffer overflow was found in glibc's\n __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.(CVE-2015-0235)\n\n - Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.(CVE-2013-4332)\n\n - An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.(CVE-2018-6485)\n\n - A stack based buffer overflow vulnerability was found in the catopen() function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code.(CVE-2015-8779)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1551)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4424", "CVE-2013-0242", "CVE-2013-2207", "CVE-2013-4332", "CVE-2013-4458", "CVE-2014-8121", "CVE-2015-0235", "CVE-2015-1473", "CVE-2015-5180", "CVE-2015-7547", "CVE-2015-8777", "CVE-2015-8778", "CVE-2015-8779", "CVE-2016-3706", "CVE-2017-1000366", "CVE-2017-12132", "CVE-2017-15804", "CVE-2018-1000001", "CVE-2018-11236", "CVE-2018-6485"], "modified": "2021-02-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1551.NASL", "href": "https://www.tenable.com/plugins/nessus/125004", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125004);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\n \"CVE-2012-4424\",\n \"CVE-2013-0242\",\n \"CVE-2013-2207\",\n \"CVE-2013-4332\",\n \"CVE-2013-4458\",\n \"CVE-2014-8121\",\n \"CVE-2015-0235\",\n \"CVE-2015-1473\",\n \"CVE-2015-5180\",\n \"CVE-2015-7547\",\n \"CVE-2015-8777\",\n \"CVE-2015-8778\",\n \"CVE-2015-8779\",\n \"CVE-2016-3706\",\n \"CVE-2017-1000366\",\n \"CVE-2017-12132\",\n \"CVE-2017-15804\",\n \"CVE-2018-1000001\",\n \"CVE-2018-11236\",\n \"CVE-2018-6485\"\n );\n script_bugtraq_id(\n 55543,\n 57638,\n 61960,\n 62324,\n 63299,\n 72325,\n 72499,\n 73038\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1551)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - stdlib/canonicalize.c in the GNU C Library (aka glibc\n or libc6) 2.27 and earlier, when processing very long\n pathname arguments to the realpath function, could\n encounter an integer overflow on 32-bit architectures,\n leading to a stack-based buffer overflow and,\n potentially, arbitrary code execution.(CVE-2018-11236)\n\n - An integer overflow vulnerability was found in\n hcreate() and hcreate_r() functions which could result\n in an out-of-bounds memory access. This could lead to\n application crash or, potentially, arbitrary code\n execution.(CVE-2015-8778)\n\n - A stack-based buffer overflow was found in the way the\n libresolv library performed dual A/AAAA DNS queries. A\n remote attacker could create a specially crafted DNS\n response which could cause libresolv to crash or,\n potentially, execute code with the permissions of the\n user running the library. Note: this issue is only\n exposed when libresolv is called from the nss_dns NSS\n service module.(CVE-2015-7547)\n\n - A flaw was found in the regular expression matching\n routines that process multibyte character input. If an\n application utilized the glibc regular expression\n matching mechanism, an attacker could provide\n specially-crafted input that, when processed, would\n cause the application to crash.(CVE-2013-0242)\n\n - A flaw was found in the way memory was being allocated\n on the stack for user space binaries. If heap (or\n different memory region) and stack memory regions were\n adjacent to each other, an attacker could use this flaw\n to jump over the stack guard gap, cause controlled\n memory corruption on process stack or the adjacent\n memory region, and thus increase their privileges on\n the system. This is glibc-side mitigation which blocks\n processing of LD_LIBRARY_PATH for programs running in\n secure-execution mode and reduces the number of\n allocations performed by the processing of LD_AUDIT,\n LD_PRELOAD, and LD_HWCAP_MASK, making successful\n exploitation of this issue more\n difficult.(CVE-2017-1000366)\n\n - The DNS stub resolver in the GNU C Library (aka glibc\n or libc6) before version 2.26, when EDNS support is\n enabled, will solicit large UDP responses from name\n servers, potentially simplifying off-path DNS spoofing\n attacks due to IP fragmentation.(CVE-2017-12132)\n\n - It was found that the files back end of Name Service\n Switch (NSS) did not isolate iteration over an entire\n database from key-based look-up API calls. An\n application performing look-ups on a database while\n iterating over it could enter an infinite loop, leading\n to a denial of service.(CVE-2014-8121)\n\n - Stack-based buffer overflow in the getaddrinfo function\n in sysdeps/posix/getaddrinfo.c in the GNU C Library\n (aka glibc or libc6) allows remote attackers to cause a\n denial of service (crash) via vectors involving hostent\n conversion. NOTE: this vulnerability exists because of\n an incomplete fix for CVE-2013-4458.(CVE-2016-3706)\n\n - In glibc 2.26 and earlier there is confusion in the\n usage of getcwd() by realpath() which can be used to\n write before the destination buffer leading to a buffer\n underflow and potential code\n execution.(CVE-2018-1000001)\n\n - Stack-based buffer overflow in string/strcoll_l.c in\n the GNU C Library (aka glibc or libc6) 2.17 and earlier\n allows context-dependent attackers to cause a denial of\n service (crash) or possibly execute arbitrary code via\n a long string that triggers a malloc failure and use of\n the alloca function.(CVE-2012-4424)\n\n - It was found that the dynamic loader did not sanitize\n the LD_POINTER_GUARD environment variable. An attacker\n could use this flaw to bypass the pointer guarding\n protection on set-user-ID or set-group-ID programs to\n execute arbitrary code with the permissions of the user\n running the application.(CVE-2015-8777)\n\n - The glob function in glob.c in the GNU C Library (aka\n glibc or libc6) before 2.27 contains a buffer overflow\n during unescaping of user names with the ~\n operator.(CVE-2017-15804)\n\n - res_query in libresolv in glibc before 2.25 allows\n remote attackers to cause a denial of service (NULL\n pointer dereference and process crash).(CVE-2015-5180)\n\n - pt_chown in GNU C Library (aka glibc or libc6) before\n 2.18 does not properly check permissions for tty files,\n which allows local users to change the permission on\n the files and obtain access to arbitrary\n pseudo-terminals by leveraging a FUSE file\n system.(CVE-2013-2207)\n\n - A stack overflow flaw was found in glibc's swscanf()\n function. An attacker able to make an application call\n the swscanf() function could use this flaw to crash\n that application or, potentially, execute arbitrary\n code with the permissions of the user running the\n application.(CVE-2015-1473)\n\n - It was found that getaddrinfo() did not limit the\n amount of stack memory used during name resolution. An\n attacker able to make an application resolve an\n attacker-controlled hostname or IP address could\n possibly cause the application to exhaust all stack\n memory and crash.(CVE-2013-4458)\n\n - A heap-based buffer overflow was found in glibc's\n __nss_hostname_digits_dots() function, which is used by\n the gethostbyname() and gethostbyname2() glibc function\n calls. A remote attacker able to make an application\n call either of these functions could use this flaw to\n execute arbitrary code with the permissions of the user\n running the application.(CVE-2015-0235)\n\n - Multiple integer overflow flaws, leading to heap-based\n buffer overflows, were found in glibc's memory\n allocator functions (pvalloc, valloc, and memalign). If\n an application used such a function, it could cause the\n application to crash or, potentially, execute arbitrary\n code with the privileges of the user running the\n application.(CVE-2013-4332)\n\n - An integer overflow in the implementation of the\n posix_memalign in memalign functions in the GNU C\n Library (aka glibc or libc6) 2.26 and earlier could\n cause these functions to return a pointer to a heap\n area that is too small, potentially leading to heap\n corruption.(CVE-2018-6485)\n\n - A stack based buffer overflow vulnerability was found\n in the catopen() function. An excessively long string\n passed to the function could cause it to crash or,\n potentially, execute arbitrary code.(CVE-2015-8779)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1551\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97fa15c6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc realpath() Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.17-222.h11\",\n \"glibc-common-2.17-222.h11\",\n \"glibc-devel-2.17-222.h11\",\n \"glibc-headers-2.17-222.h11\",\n \"nscd-2.17-222.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-27T10:51:41", "description": "Check for the Version of glibc", "cvss3": {}, "published": "2013-04-25T00:00:00", "type": "openvas", "title": "RedHat Update for glibc RHSA-2013:0769-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870985", "href": "http://plugins.openvas.org/nasl.php?oid=870985", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2013:0769-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages provide the standard C libraries (libc), POSIX thread\n libraries (libpthread), standard math libraries (libm), and the Name Server\n Caching Daemon (nscd) used by multiple programs on the system. Without\n these libraries, the Linux system cannot function correctly.\n\n It was found that getaddrinfo() did not limit the amount of stack memory\n used during name resolution. An attacker able to make an application\n resolve an attacker-controlled hostname or IP address could possibly cause\n the application to exhaust all stack memory and crash. (CVE-2013-1914)\n\n A flaw was found in the regular expression matching routines that process\n multibyte character input. If an application utilized the glibc regular\n expression matching mechanism, an attacker could provide specially-crafted\n input that, when processed, would cause the application to crash.\n (CVE-2013-0242)\n\n This update also fixes the following bugs:\n\n * The improvements RHSA-2012:1207 made to the accuracy of floating point\n functions in the math library caused performance regressions for those\n functions. The performance regressions were analyzed and a fix was applied\n that retains the current accuracy but reduces the performance penalty to\n acceptable levels. Refer to Red Hat Knowledge solution 229993, linked\n to in the References, for further information. (BZ#950535)\n\n * It was possible that a memory location freed by the localization code\n could be accessed immediately after, resulting in a crash. The fix ensures\n that the application does not crash by avoiding the invalid memory access.\n (BZ#951493)\n\n Users of glibc are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues.\n\n 4. Solution:\n\n Before applying this update, make sure all previously-released errata\n relevant to your system have been applied.\n\n This update is available via the Red Hat Network. Details on how to\n use the Red Hat Network to apply this update are available at\n https://access.redhat.com/knowledge/articles/11258\n\n 5. Bugs fixed (http://bugzilla.redhat.com):\n\n 905874 - CVE-2013-0242 glibc: Buffer overrun (DoS) in regexp matcher by\n processing multibyte characters\n 947882 - CVE-2013-1914 glibc: Stack (frame) overflow in getaddrinfo()\n when processing entry mapping to long list of address structures\n\n 6. Package List:\n\n Red Hat Enterprise Linux Deskt ...\n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"glibc on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(870985);\n script_version(\"$Revision: 6687 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:46:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-25 10:17:44 +0530 (Thu, 25 Apr 2013)\");\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for glibc RHSA-2013:0769-01\");\n\n script_xref(name: \"RHSA\", value: \"2013:0769-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-April/msg00034.html\");\n script_summary(\"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~107.el5_9.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~107.el5_9.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.5~107.el5_9.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.5~107.el5_9.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~107.el5_9.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~107.el5_9.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~107.el5_9.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~107.el5_9.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-22T13:09:49", "description": "Check for the Version of glibc", "cvss3": {}, "published": "2013-04-25T00:00:00", "type": "openvas", "title": "CentOS Update for glibc CESA-2013:0769 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:881722", "href": "http://plugins.openvas.org/nasl.php?oid=881722", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2013:0769 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages provide the standard C libraries (libc), POSIX thread\n libraries (libpthread), standard math libraries (libm), and the Name Server\n Caching Daemon (nscd) used by multiple programs on the system. Without\n these libraries, the Linux system cannot function correctly.\n\n It was found that getaddrinfo() did not limit the amount of stack memory\n used during name resolution. An attacker able to make an application\n resolve an attacker-controlled hostname or IP address could possibly cause\n the application to exhaust all stack memory and crash. (CVE-2013-1914)\n\n A flaw was found in the regular expression matching routines that process\n multibyte character input. If an application utilized the glibc regular\n expression matching mechanism, an attacker could provide specially-crafted\n input that, when processed, would cause the application to crash.\n (CVE-2013-0242)\n\n This update also fixes the following bugs:\n\n * The improvements RHSA-2012:1207 made to the accuracy of floating point\n functions in the math library caused performance regressions for those\n functions. The performance regressions were analyzed and a fix was applied\n that retains the current accuracy but reduces the performance penalty to\n acceptable levels. Refer to Red Hat Knowledge solution 229993, linked\n to in the References, for further information. (BZ#950535)\n\n * It was possible that a memory location freed by the localization code\n could be accessed immediately after, resulting in a crash. The fix ensures\n that the application does not crash by avoiding the invalid memory access.\n (BZ#951493)\n\n Users of glibc are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues.\n\n 4. Solution:\n\n Before applying this update, make sure all previously-released errata\n relevant to your system have been applied.\n\n This update is available via the Red Hat Network. Details on how to\n use the Red Hat Network to apply this update are available at\n https://access.redhat.com/knowledge/articles/11258\n\n 5. Bugs fixed (http://bugzilla.redhat.com):\n\n 905874 - CVE-2013-0242 glibc: Buffer overrun (DoS) in regexp matcher\n by processing multibyte characters\n 947882 - CVE-2013-1914 glibc: Stack (frame) overflow in getaddrinfo()\n when processing entry mapping to long list of address structures\n\n 6. Package List:\n\n Red Hat Enterprise Linux Desktop (v. 5 client):\n\n Source: ...\n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_solution = \"Please Install the Updated Packages.\";\ntag_affected = \"glibc on CentOS 5\";\n\n\nif(description)\n{\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_id(881722);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-25 10:23:03 +0530 (Thu, 25 Apr 2013)\");\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_name(\"CentOS Update for glibc CESA-2013:0769 centos5 \");\n\n script_xref(name: \"CESA\", value: \"2013:0769\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-April/019706.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~107.el5_9.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~107.el5_9.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~107.el5_9.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~107.el5_9.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~107.el5_9.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~107.el5_9.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-04-25T00:00:00", "type": "openvas", "title": "RedHat Update for glibc RHSA-2013:0769-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310870985", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870985", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2013:0769-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.870985\");\n script_version(\"$Revision: 12380 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:03:48 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-25 10:17:44 +0530 (Thu, 25 Apr 2013)\");\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for glibc RHSA-2013:0769-01\");\n\n script_xref(name:\"RHSA\", value:\"2013:0769-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-April/msg00034.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"glibc on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The glibc packages provide the standard C libraries (libc), POSIX thread\n libraries (libpthread), standard math libraries (libm), and the Name Server\n Caching Daemon (nscd) used by multiple programs on the system. Without\n these libraries, the Linux system cannot function correctly.\n\n It was found that getaddrinfo() did not limit the amount of stack memory\n used during name resolution. An attacker able to make an application\n resolve an attacker-controlled hostname or IP address could possibly cause\n the application to exhaust all stack memory and crash. (CVE-2013-1914)\n\n A flaw was found in the regular expression matching routines that process\n multibyte character input. If an application utilized the glibc regular\n expression matching mechanism, an attacker could provide specially-crafted\n input that, when processed, would cause the application to crash.\n (CVE-2013-0242)\n\n This update also fixes the following bugs:\n\n * The improvements RHSA-2012:1207 made to the accuracy of floating point\n functions in the math library caused performance regressions for those\n functions. The performance regressions were analyzed and a fix was applied\n that retains the current accuracy but reduces the performance penalty to\n acceptable levels. Refer to Red Hat Knowledge solution 229993, linked\n to in the References, for further information. (BZ#950535)\n\n * It was possible that a memory location freed by the localization code\n could be accessed immediately after, resulting in a crash. The fix ensures\n that the application does not crash by avoiding the invalid memory access.\n (BZ#951493)\n\n Users of glibc are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues.\n\n 4. Solution:\n\n Before applying this update, make sure all previously-released errata\n relevant to your system have been applied.\n\n This update is available via the Red Hat Network. Details on how to\n use the Red Hat Network to apply this update are available at the references.\n\n 5. Bugs fixed:\n\n 905874 - CVE-2013-0242 glibc: Buffer overrun (DoS) in regexp matcher by\n processing multibyte characters\n 947882 - CVE-2013-1914 glibc: Stack (frame) overflow in getaddrinfo()\n when processing entry mapping to long list of address structures\n\n 6. Package List:\n\n Red Hat Enterprise Linux Deskt ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/knowledge/articles/11258\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~107.el5_9.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~107.el5_9.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.5~107.el5_9.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.5~107.el5_9.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~107.el5_9.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~107.el5_9.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~107.el5_9.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~107.el5_9.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-04-25T00:00:00", "type": "openvas", "title": "CentOS Update for glibc CESA-2013:0769 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881722", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881722", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2013:0769 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_tag(name:\"affected\", value:\"glibc on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The glibc packages provide the standard C libraries (libc), POSIX thread\n libraries (libpthread), standard math libraries (libm), and the Name Server\n Caching Daemon (nscd) used by multiple programs on the system. Without\n these libraries, the Linux system cannot function correctly.\n\n It was found that getaddrinfo() did not limit the amount of stack memory\n used during name resolution. An attacker able to make an application\n resolve an attacker-controlled hostname or IP address could possibly cause\n the application to exhaust all stack memory and crash. (CVE-2013-1914)\n\n A flaw was found in the regular expression matching routines that process\n multibyte character input. If an application utilized the glibc regular\n expression matching mechanism, an attacker could provide specially-crafted\n input that, when processed, would cause the application to crash.\n (CVE-2013-0242)\n\n This update also fixes the following bugs:\n\n * The improvements RHSA-2012:1207 made to the accuracy of floating point\n functions in the math library caused performance regressions for those\n functions. The performance regressions were analyzed and a fix was applied\n that retains the current accuracy but reduces the performance penalty to\n acceptable levels. Refer to Red Hat Knowledge solution 229993, linked\n to in the References, for further information. (BZ#950535)\n\n * It was possible that a memory location freed by the localization code\n could be accessed immediately after, resulting in a crash. The fix ensures\n that the application does not crash by avoiding the invalid memory access.\n (BZ#951493)\n\n Users of glibc are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues.\n\n 4. Solution:\n\n Before applying this update, make sure all previously-released errata\n relevant to your system have been applied.\n\n This update is available via the Red Hat Network. Details on how to\n use the Red Hat Network to apply this update are available at\n the linked references.\n\n 5. Bugs fixed:\n\n 905874 - CVE-2013-0242 glibc: Buffer overrun (DoS) in regexp matcher\n by processing multibyte characters\n 947882 - CVE-2013-1914 glibc: Stack (frame) overflow in getaddrinfo()\n when processing entry mapping to long list of address structures\n\n 6. Package List:\n\n Red Hat Enterprise Linux Desktop (v. 5 client):\n\n Source: ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881722\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-25 10:23:03 +0530 (Thu, 25 Apr 2013)\");\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_name(\"CentOS Update for glibc CESA-2013:0769 centos5\");\n\n script_xref(name:\"CESA\", value:\"2013:0769\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-April/019706.html\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/knowledge/articles/11258\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~107.el5_9.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~107.el5_9.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~107.el5_9.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~107.el5_9.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~107.el5_9.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~107.el5_9.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-11-21T00:00:00", "type": "openvas", "title": "RedHat Update for glibc RHSA-2013:1605-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2013-4332", "CVE-2013-1914"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871075", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871075", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2013:1605-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871075\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-21 10:43:57 +0530 (Thu, 21 Nov 2013)\");\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4332\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for glibc RHSA-2013:1605-02\");\n\n\n script_tag(name:\"affected\", value:\"glibc on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in glibc's memory allocator functions (pvalloc, valloc, and\nmemalign). If an application used such a function, it could cause the\napplication to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2013-4332)\n\nA flaw was found in the regular expression matching routines that process\nmultibyte character input. If an application utilized the glibc regular\nexpression matching mechanism, an attacker could provide specially-crafted\ninput that, when processed, would cause the application to crash.\n(CVE-2013-0242)\n\nIt was found that getaddrinfo() did not limit the amount of stack memory\nused during name resolution. An attacker able to make an application\nresolve an attacker-controlled hostname or IP address could possibly cause\nthe application to exhaust all stack memory and crash. (CVE-2013-1914)\n\nAmong other changes, this update includes an important fix for the\nfollowing bug:\n\n * Due to a defect in the initial release of the getaddrinfo() system call\nin Red Hat enterprise Linux 6.0, AF_INET and AF_INET6 queries resolved from\nthe /etc/hosts file returned queried names as canonical names. This\nincorrect behavior is, however, still considered to be the expected\nbehavior. As a result of a recent change in getaddrinfo(), AF_INET6 queries\nstarted resolving the canonical names correctly. However, this behavior was\nunexpected by applications that relied on queries resolved from the\n/etc/hosts file, and these applications could thus fail to operate\nproperly. This update applies a fix ensuring that AF_INET6 queries resolved\nfrom /etc/hosts always return the queried name as canonical. Note that DNS\nlookups are resolved properly and always return the correct canonical\nnames. A proper fix to AF_INET6 queries resolution from /etc/hosts may be\napplied in future releases for now, due to a lack of standard, Red Hat\nsuggests the first entry in the /etc/hosts file, that applies for the IP\naddress being resolved, to be considered the canonical entry. (BZ#1022022)\n\nThese updated glibc packages also include additional bug fixes and\nvarious enhancements. Space precludes documenting all of these ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2013:1605-02\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-November/msg00026.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.132.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.132.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.12~1.132.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.12~1.132.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.132.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.132.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.132.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.132.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T23:01:25", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2013-270)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2013-4332", "CVE-2013-1914"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120295", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120295", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120295\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:23:02 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2013-270)\");\n script_tag(name:\"insight\", value:\"Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332 )A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash. (CVE-2013-0242 )It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914 )\");\n script_tag(name:\"solution\", value:\"Run yum update glibc to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-270.html\");\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4332\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.132.45.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.132.45.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.12~1.132.45.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.132.45.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.132.45.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.12~1.132.45.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.12~1.132.45.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.132.45.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.132.45.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-02-06T13:10:42", "description": "Check for the Version of glibc", "cvss3": {}, "published": "2013-11-21T00:00:00", "type": "openvas", "title": "RedHat Update for glibc RHSA-2013:1605-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2013-4332", "CVE-2013-1914"], "modified": "2018-02-05T00:00:00", "id": "OPENVAS:871075", "href": "http://plugins.openvas.org/nasl.php?oid=871075", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2013:1605-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871075);\n script_version(\"$Revision: 8672 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:39:18 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-21 10:43:57 +0530 (Thu, 21 Nov 2013)\");\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4332\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for glibc RHSA-2013:1605-02\");\n\n tag_insight = \"The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in glibc's memory allocator functions (pvalloc, valloc, and\nmemalign). If an application used such a function, it could cause the\napplication to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2013-4332)\n\nA flaw was found in the regular expression matching routines that process\nmultibyte character input. If an application utilized the glibc regular\nexpression matching mechanism, an attacker could provide specially-crafted\ninput that, when processed, would cause the application to crash.\n(CVE-2013-0242)\n\nIt was found that getaddrinfo() did not limit the amount of stack memory\nused during name resolution. An attacker able to make an application\nresolve an attacker-controlled hostname or IP address could possibly cause\nthe application to exhaust all stack memory and crash. (CVE-2013-1914)\n\nAmong other changes, this update includes an important fix for the\nfollowing bug:\n\n* Due to a defect in the initial release of the getaddrinfo() system call\nin Red Hat enterprise Linux 6.0, AF_INET and AF_INET6 queries resolved from\nthe /etc/hosts file returned queried names as canonical names. This\nincorrect behavior is, however, still considered to be the expected\nbehavior. As a result of a recent change in getaddrinfo(), AF_INET6 queries\nstarted resolving the canonical names correctly. However, this behavior was\nunexpected by applications that relied on queries resolved from the\n/etc/hosts file, and these applications could thus fail to operate\nproperly. This update applies a fix ensuring that AF_INET6 queries resolved\nfrom /etc/hosts always return the queried name as canonical. Note that DNS\nlookups are resolved properly and always return the correct canonical\nnames. A proper fix to AF_INET6 queries resolution from /etc/hosts may be\napplied in future releases for now, due to a lack of standard, Red Hat\nsuggests the first entry in the /etc/hosts file, that applies for the IP\naddress being resolved, to be considered the canonical entry. (BZ#1022022)\n\nThese updated glibc packages also include additional bug fixes and\nvarious enhancements. Space precludes documenting all of thes ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"glibc on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2013:1605-02\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-November/msg00026.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.132.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.132.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.12~1.132.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.12~1.132.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.132.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.132.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.132.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.132.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:18", "description": "Oracle Linux Local Security Checks ELSA-2013-1605", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-1605", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2013-4332", "CVE-2013-1914"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123527", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123527", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-1605.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123527\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:05:05 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-1605\");\n script_tag(name:\"insight\", value:\"ELSA-2013-1605 - glibc security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-1605\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-1605.html\");\n script_cve_id(\"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4332\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.132.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.132.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.132.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.132.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.12~1.132.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.132.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.132.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:51:59", "description": "Check for the Version of glibc", "cvss3": {}, "published": "2013-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2013-4100", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:865504", "href": "http://plugins.openvas.org/nasl.php?oid=865504", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2013-4100\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"glibc on Fedora 18\";\ntag_insight = \"The glibc package contains standard libraries which are used by\n multiple programs on the system. In order to save disk space and\n memory, as well as to make upgrading easier, common system code is\n kept in one place and shared between programs. This particular package\n contains the most important sets of shared libraries: the standard C\n library and the standard math library. Without these two libraries, a\n Linux system will not function.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/101148.html\");\n script_id(865504);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 12:21:40 +0530 (Tue, 02 Apr 2013)\");\n script_cve_id(\"CVE-2013-0242\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-4100\");\n script_name(\"Fedora Update for glibc FEDORA-2013-4100\");\n\n script_summary(\"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.16~30.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2013-4100", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865504", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865504", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2013-4100\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/101148.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865504\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 12:21:40 +0530 (Tue, 02 Apr 2013)\");\n script_cve_id(\"CVE-2013-0242\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-4100\");\n script_name(\"Fedora Update for glibc FEDORA-2013-4100\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"glibc on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.16~30.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-06-04T00:00:00", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2013-4174", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865671", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865671", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2013-4174\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.865671\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-04 09:17:50 +0530 (Tue, 04 Jun 2013)\");\n script_cve_id(\"CVE-2013-0242\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for glibc FEDORA-2013-4174\");\n script_xref(name:\"FEDORA\", value:\"2013-4174\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-June/107443.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"glibc on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.15~59.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:51:35", "description": "Check for the Version of glibc", "cvss3": {}, "published": "2013-06-04T00:00:00", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2013-4174", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:865671", "href": "http://plugins.openvas.org/nasl.php?oid=865671", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2013-4174\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"glibc on Fedora 17\";\ntag_insight = \"The glibc package contains standard libraries which are used by\n multiple programs on the system. In order to save disk space and\n memory, as well as to make upgrading easier, common system code is\n kept in one place and shared between programs. This particular package\n contains the most important sets of shared libraries: the standard C\n library and the standard math library. Without these two libraries, a\n Linux system will not function.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(865671);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-04 09:17:50 +0530 (Tue, 04 Jun 2013)\");\n script_cve_id(\"CVE-2013-0242\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for glibc FEDORA-2013-4174\");\n\n script_xref(name: \"FEDORA\", value: \"2013-4174\");\n script_xref(name: \"URL\" , value: \"http://lists.fedoraproject.org/pipermail/package-announce/2013-June/107443.html\");\n script_summary(\"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.15~59.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-12-19T16:07:03", "description": "VMware has updated vSphere third party libraries.", "cvss3": {}, "published": "2014-09-11T00:00:00", "type": "openvas", "title": "VMware ESXi product updates to third party libraries (VMSA-2014-0008)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2014-0114", "CVE-2013-4322", "CVE-2014-0050", "CVE-2013-1914", "CVE-2013-4590"], "modified": "2019-12-18T00:00:00", "id": "OPENVAS:1361412562310105086", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105086", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2014-0008: VMware vSphere product updates to third party libraries\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105086\");\n script_cve_id(\"CVE-2014-0114\", \"CVE-2013-4590\", \"CVE-2013-4322\", \"CVE-2014-0050\", \"CVE-2013-0242\", \"CVE-2013-1914\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"2019-12-18T11:13:08+0000\");\n script_name(\"VMware ESXi product updates to third party libraries (VMSA-2014-0008)\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0008.html\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if the target host is missing one or more patch(es).\");\n\n script_tag(name:\"insight\", value:\"a. vCenter Server Apache Struts Update\n\n The Apache Struts library is updated to address a security issue.\n This issue may lead to remote code execution after authentication.\n\n b. vCenter Server tc-server 2.9.5 / Apache Tomcat 7.0.52 updates\n\n tc-server has been updated to version 2.9.5 to address multiple security issues.\n This version of tc-server includes Apache Tomcat 7.0.52.\n\n c. Update to ESXi glibc package\n\n glibc is updated to address multiple security issues.\n\n d. vCenter and Update Manager, Oracle JRE 1.7 Update 55\n\n Oracle has documented the CVE identifiers that are addressed in JRE 1.7.0\n update 55 in the Oracle Java SE Critical Patch Update Advisory of April 2014\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"summary\", value:\"VMware has updated vSphere third party libraries.\");\n\n script_tag(name:\"affected\", value:\"VMware ESXi 5.5 without patch ESXi550-201409101-SG.\");\n\n script_tag(name:\"last_modification\", value:\"2019-12-18 11:13:08 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-09-11 11:04:01 +0100 (Thu, 11 Sep 2014)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\", \"VMware/ESX/version\");\n\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item(\"VMware/ESXi/LSC\"))\n exit(0);\n\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))\n exit(0);\n\npatches = make_array(\"5.5.0\", \"VIB:esx-base:5.5.0-2.33.2068190\",\n \"5.1.0\", \"VIB:esx-base:5.1.0-2.47.2323231\");\n\nif(!patches[esxVersion])\n exit(99);\n\nif(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-10-29T00:00:00", "type": "openvas", "title": "Ubuntu Update for eglibc USN-1991-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2012-4412", "CVE-2012-4424", "CVE-2013-4332", "CVE-2013-1914", "CVE-2013-4237"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841605", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841605", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1991_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for eglibc USN-1991-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841605\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-29 16:50:28 +0530 (Tue, 29 Oct 2013)\");\n script_cve_id(\"CVE-2012-4412\", \"CVE-2012-4424\", \"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4237\", \"CVE-2013-4332\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for eglibc USN-1991-1\");\n\n script_tag(name:\"affected\", value:\"eglibc on Ubuntu 13.04,\n Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"It was discovered that the GNU C Library incorrectly handled the strcoll()\nfunction. An attacker could use this issue to cause a denial of service, or\npossibly execute arbitrary code. (CVE-2012-4412, CVE-2012-4424)\n\nIt was discovered that the GNU C Library incorrectly handled multibyte\ncharacters in the regular expression matcher. An attacker could use this\nissue to cause a denial of service. (CVE-2013-0242)\n\nIt was discovered that the GNU C Library incorrectly handled large numbers\nof domain conversion results in the getaddrinfo() function. An attacker\ncould use this issue to cause a denial of service. (CVE-2013-1914)\n\nIt was discovered that the GNU C Library readdir_r() function incorrectly\nhandled crafted NTFS or CIFS images. An attacker could use this issue to\ncause a denial of service, or possibly execute arbitrary code.\n(CVE-2013-4237)\n\nIt was discovered that the GNU C Library incorrectly handled memory\nallocation. An attacker could use this issue to cause a denial of service.\n(CVE-2013-4332)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"1991-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1991-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'eglibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|10\\.04 LTS|12\\.10|13\\.04)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.15-0ubuntu10.5\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.11.1-0ubuntu7.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.15-0ubuntu20.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.17-0ubuntu5.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:22:18", "description": "Check for the Version of eglibc", "cvss3": {}, "published": "2013-10-29T00:00:00", "type": "openvas", "title": "Ubuntu Update for eglibc USN-1991-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2012-4412", "CVE-2012-4424", "CVE-2013-4332", "CVE-2013-1914", "CVE-2013-4237"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841605", "href": "http://plugins.openvas.org/nasl.php?oid=841605", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1991_1.nasl 7958 2017-12-01 06:47:47Z santu $\n#\n# Ubuntu Update for eglibc USN-1991-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841605);\n script_version(\"$Revision: 7958 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:47:47 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-29 16:50:28 +0530 (Tue, 29 Oct 2013)\");\n script_cve_id(\"CVE-2012-4412\", \"CVE-2012-4424\", \"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4237\", \"CVE-2013-4332\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for eglibc USN-1991-1\");\n\n tag_insight = \"It was discovered that the GNU C Library incorrectly handled the strcoll()\nfunction. An attacker could use this issue to cause a denial of service, or\npossibly execute arbitrary code. (CVE-2012-4412, CVE-2012-4424)\n\nIt was discovered that the GNU C Library incorrectly handled multibyte\ncharacters in the regular expression matcher. An attacker could use this\nissue to cause a denial of service. (CVE-2013-0242)\n\nIt was discovered that the GNU C Library incorrectly handled large numbers\nof domain conversion results in the getaddrinfo() function. An attacker\ncould use this issue to cause a denial of service. (CVE-2013-1914)\n\nIt was discovered that the GNU C Library readdir_r() function incorrectly\nhandled crafted NTFS or CIFS images. An attacker could use this issue to\ncause a denial of service, or possibly execute arbitrary code.\n(CVE-2013-4237)\n\nIt was discovered that the GNU C Library incorrectly handled memory\nallocation. An attacker could use this issue to cause a denial of service.\n(CVE-2013-4332)\";\n\n tag_affected = \"eglibc on Ubuntu 13.04 ,\n Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 10.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"1991-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1991-1/\");\n script_summary(\"Check for the Version of eglibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.15-0ubuntu10.5\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.11.1-0ubuntu7.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.15-0ubuntu20.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.17-0ubuntu5.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:17", "description": "VMware has updated vSphere third party libraries", "cvss3": {}, "published": "2014-09-11T00:00:00", "type": "openvas", "title": "VMware Security Updates for vCenter Server (VMSA-2014-0008)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2014-0114", "CVE-2013-4322", "CVE-2014-0050", "CVE-2013-1914", "CVE-2013-4590"], "modified": "2018-09-21T00:00:00", "id": "OPENVAS:1361412562310105088", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105088", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_vcenter_VMSA-2014-0008.nasl 11536 2018-09-21 19:44:30Z cfischer $\n#\n# VMware Security Updates for vCenter Server (VMSA-2014-0008)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105088\");\n script_cve_id(\"CVE-2014-0114\", \"CVE-2013-4590\", \"CVE-2013-4322\", \"CVE-2014-0050\", \"CVE-2013-0242\", \"CVE-2013-1914\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 11536 $\");\n script_name(\"VMware Security Updates for vCenter Server (VMSA-2014-0008)\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0008.html\");\n\n script_tag(name:\"vuldetect\", value:\"Check the build number\");\n\n script_tag(name:\"insight\", value:\"a. vCenter Server Apache Struts Update\n\nThe Apache Struts library is updated to address a security issue.\nThis issue may lead to remote code execution after authentication.\n\nb. vCenter Server tc-server 2.9.5 / Apache Tomcat 7.0.52 updates\n\ntc-server has been updated to version 2.9.5 to address multiple security issues.\nThis version of tc-server includes Apache Tomcat 7.0.52.\n\nc. Update to ESXi glibc package\n\nglibc is updated to address multiple security issues.\n\nd. vCenter and Update Manager, Oracle JRE 1.7 Update 55\n\nOracle has documented the CVE identifiers that are addressed in JRE 1.7.0\nupdate 55 in the Oracle Java SE Critical Patch Update Advisory of April 2014\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"VMware has updated vSphere third party libraries\");\n script_tag(name:\"affected\", value:'VMware vCenter Server 5.5 prior to Update 2');\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-21 21:44:30 +0200 (Fri, 21 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-11 11:04:02 +0100 (Thu, 11 Sep 2014)\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_vcenter_detect.nasl\");\n script_mandatory_keys(\"VMware_vCenter/version\", \"VMware_vCenter/build\");\n\n\nexit(0);\n\n}\n\ninclude(\"vmware_esx.inc\");\n\nif ( ! vcenter_version = get_kb_item(\"VMware_vCenter/version\") ) exit( 0 );\nif ( ! vcenter_build = get_kb_item(\"VMware_vCenter/build\") ) exit( 0 );\n\nfixed_builds = make_array( \"5.5.0\",\"2001466\" );\n\nif ( ! fixed_builds[ vcenter_version] ) exit( 0 );\n\nif ( int( vcenter_build ) < int( fixed_builds[ vcenter_version ] ) )\n{\n security_message( port:0, data: esxi_remote_report( ver:vcenter_version, build: vcenter_build, fixed_build: fixed_builds[vcenter_version], typ:'vCenter' ) );\n exit(0);\n}\n\nexit(99);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:29", "description": "VMware has updated vSphere third party libraries", "cvss3": {}, "published": "2014-09-11T00:00:00", "type": "openvas", "title": "VMSA-2014-0008: VMware vSphere product updates to third party libraries (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2014-0114", "CVE-2013-4322", "CVE-2014-0050", "CVE-2013-1914", "CVE-2013-4590"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310105087", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105087", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2014-0008_remote.nasl 11867 2018-10-12 10:48:11Z cfischer $\n#\n# VMSA-2014-0008: VMware vSphere product updates to third party libraries ((remote check))\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105087\");\n script_cve_id(\"CVE-2014-0114\", \"CVE-2013-4590\", \"CVE-2013-4322\", \"CVE-2014-0050\", \"CVE-2013-0242\", \"CVE-2013-1914\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 11867 $\");\n script_name(\"VMSA-2014-0008: VMware vSphere product updates to third party libraries (remote check)\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0008.html\");\n script_tag(name:\"vuldetect\", value:\"Check the build number\");\n script_tag(name:\"insight\", value:\"a. vCenter Server Apache Struts Update\n\nThe Apache Struts library is updated to address a security issue.\nThis issue may lead to remote code execution after authentication.\n\nb. vCenter Server tc-server 2.9.5 / Apache Tomcat 7.0.52 updates\n\ntc-server has been updated to version 2.9.5 to address multiple security issues.\nThis version of tc-server includes Apache Tomcat 7.0.52.\n\nc. Update to ESXi glibc package\n\nglibc is updated to address multiple security issues.\n\nd. vCenter and Update Manager, Oracle JRE 1.7 Update 55\n\nOracle has documented the CVE identifiers that are addressed in JRE 1.7.0\nupdate 55 in the Oracle Java SE Critical Patch Update Advisory of April 2014\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n script_tag(name:\"summary\", value:\"VMware has updated vSphere third party libraries\");\n\n script_tag(name:\"affected\", value:\"VMware vCenter Server 5.5 prior to Update 2\nVMware vCenter Update Manager 5.5 prior to Update 2\nVMware ESXi 5.5 without patch ESXi550-201409101-SG\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:48:11 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-11 11:04:01 +0100 (Thu, 11 Sep 2014)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esx_web_detect.nasl\");\n script_mandatory_keys(\"VMware/ESX/build\", \"VMware/ESX/version\");\n\nexit(0);\n\n}\n\ninclude(\"vmware_esx.inc\");\n\nif( ! esxVersion = get_kb_item( \"VMware/ESX/version\" ) ) exit( 0 );\nif( ! esxBuild = get_kb_item( \"VMware/ESX/build\" ) ) exit( 0 );\n\nfixed_builds = make_array( \"5.5.0\",\"2068190\",\n \"5.1.0\", \"2323231\");\n\nif( ! fixed_builds[esxVersion] ) exit( 0 );\n\nif( int( esxBuild ) < int( fixed_builds[esxVersion] ) )\n{\n security_message(port:0, data: esxi_remote_report( ver:esxVersion, build: esxBuild, fixed_build: fixed_builds[esxVersion] ) );\n exit(0);\n}\n\nexit( 99 );\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-19T15:09:40", "description": "Check for the Version of glibc", "cvss3": {}, "published": "2013-09-06T00:00:00", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2013-15072", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2013-2207"], "modified": "2018-01-19T00:00:00", "id": "OPENVAS:866873", "href": "http://plugins.openvas.org/nasl.php?oid=866873", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2013-15072\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866873);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-06 09:35:32 +0530 (Fri, 06 Sep 2013)\");\n script_cve_id(\"CVE-2013-2207\", \"CVE-2013-0242\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for glibc FEDORA-2013-15072\");\n\n tag_insight = \"The glibc package contains standard libraries which are used by\nmultiple programs on the system. In order to save disk space and\nmemory, as well as to make upgrading easier, common system code is\nkept in one place and shared between programs. This particular package\ncontains the most important sets of shared libraries: the standard C\nlibrary and the standard math library. Without these two libraries, a\nLinux system will not function.\n\";\n\n tag_affected = \"glibc on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-15072\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115157.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.16~34.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-09-06T00:00:00", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2013-15072", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2013-2207"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310866873", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866873", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2013-15072\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866873\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-06 09:35:32 +0530 (Fri, 06 Sep 2013)\");\n script_cve_id(\"CVE-2013-2207\", \"CVE-2013-0242\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for glibc FEDORA-2013-15072\");\n\n\n script_tag(name:\"affected\", value:\"glibc on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-15072\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115157.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.16~34.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-26T11:09:59", "description": "Check for the Version of glibc", "cvss3": {}, "published": "2013-09-02T00:00:00", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2013-15316", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4412", "CVE-2012-4424", "CVE-2013-2207", "CVE-2013-1914", "CVE-2013-4237"], "modified": "2018-01-26T00:00:00", "id": "OPENVAS:866854", "href": "http://plugins.openvas.org/nasl.php?oid=866854", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2013-15316\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866854);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-02 15:38:15 +0530 (Mon, 02 Sep 2013)\");\n script_cve_id(\"CVE-2012-4424\", \"CVE-2013-1914\", \"CVE-2013-2207\", \"CVE-2012-4412\", \"CVE-2013-4237\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for glibc FEDORA-2013-15316\");\n\n tag_insight = \"The glibc package contains standard libraries which are used by\nmultiple programs on the system. In order to save disk space and\nmemory, as well as to make upgrading easier, common system code is\nkept in one place and shared between programs. This particular package\ncontains the most important sets of shared libraries: the standard C\nlibrary and the standard math library. Without these two libraries, a\nLinux system will not function.\n\";\n\n tag_affected = \"glibc on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-15316\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114773.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~14.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-08-23T00:00:00", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2013-15053", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4412", "CVE-2012-4424", "CVE-2013-2207", "CVE-2013-1914", "CVE-2013-4237"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310866841", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866841", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2013-15053\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866841\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-23 10:26:00 +0530 (Fri, 23 Aug 2013)\");\n script_cve_id(\"CVE-2012-4412\", \"CVE-2012-4424\", \"CVE-2013-1914\", \"CVE-2013-2207\", \"CVE-2013-4237\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for glibc FEDORA-2013-15053\");\n\n\n script_tag(name:\"affected\", value:\"glibc on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-15053\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114498.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~13.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-09-02T00:00:00", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2013-15316", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4412", "CVE-2012-4424", "CVE-2013-2207", "CVE-2013-1914", "CVE-2013-4237"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310866854", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866854", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2013-15316\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866854\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-02 15:38:15 +0530 (Mon, 02 Sep 2013)\");\n script_cve_id(\"CVE-2012-4424\", \"CVE-2013-1914\", \"CVE-2013-2207\", \"CVE-2012-4412\", \"CVE-2013-4237\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for glibc FEDORA-2013-15316\");\n\n\n script_tag(name:\"affected\", value:\"glibc on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-15316\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114773.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~14.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:51:43", "description": "Check for the Version of glibc", "cvss3": {}, "published": "2013-08-23T00:00:00", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2013-15053", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4412", "CVE-2012-4424", "CVE-2013-2207", "CVE-2013-1914", "CVE-2013-4237"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:866841", "href": "http://plugins.openvas.org/nasl.php?oid=866841", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2013-15053\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866841);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-23 10:26:00 +0530 (Fri, 23 Aug 2013)\");\n script_cve_id(\"CVE-2012-4412\", \"CVE-2012-4424\", \"CVE-2013-1914\", \"CVE-2013-2207\", \"CVE-2013-4237\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for glibc FEDORA-2013-15053\");\n\n tag_insight = \"The glibc package contains standard libraries which are used by\nmultiple programs on the system. In order to save disk space and\nmemory, as well as to make upgrading easier, common system code is\nkept in one place and shared between programs. This particular package\ncontains the most important sets of shared libraries: the standard C\nlibrary and the standard math library. Without these two libraries, a\nLinux system will not function.\n\";\n\n tag_affected = \"glibc on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-15053\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114498.html\");\n script_summary(\"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~13.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:10", "description": "Gentoo Linux Local Security Checks GLSA 201503-04", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201503-04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235", "CVE-2013-0242", "CVE-2014-4043", "CVE-2012-3404", "CVE-2013-4788", "CVE-2012-3405", "CVE-2012-4412", "CVE-2012-4424", "CVE-2013-4332", "CVE-2012-3480", "CVE-2013-2207", "CVE-2013-1914", "CVE-2012-6656", "CVE-2013-4458", "CVE-2013-4237", "CVE-2012-3406"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121358", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121358", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201503-04.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121358\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:37 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201503-04\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201503-04\");\n script_cve_id(\"CVE-2012-3404\", \"CVE-2012-3405\", \"CVE-2012-3406\", \"CVE-2012-3480\", \"CVE-2012-4412\", \"CVE-2012-4424\", \"CVE-2012-6656\", \"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-2207\", \"CVE-2013-4237\", \"CVE-2013-4332\", \"CVE-2013-4458\", \"CVE-2013-4788\", \"CVE-2014-4043\", \"CVE-2015-0235\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201503-04\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"sys-libs/glibc\", unaffected: make_list(\"ge 2.19-r1\"), vulnerable: make_list(\"lt 2.19-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-18T11:09:11", "description": "Check for the Version of glibc", "cvss3": {}, "published": "2013-10-03T00:00:00", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2013-17475", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4788", "CVE-2012-4412", "CVE-2012-4424", "CVE-2013-4332", "CVE-2013-2207", "CVE-2013-1914", "CVE-2013-4237"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:866945", "href": "http://plugins.openvas.org/nasl.php?oid=866945", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2013-17475\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866945);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-03 10:14:47 +0530 (Thu, 03 Oct 2013)\");\n script_cve_id(\"CVE-2013-4788\", \"CVE-2013-4332\", \"CVE-2012-4424\", \"CVE-2013-1914\",\n \"CVE-2013-2207\", \"CVE-2012-4412\", \"CVE-2013-4237\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for glibc FEDORA-2013-17475\");\n\n tag_insight = \"The glibc package contains standard libraries which are used by\nmultiple programs on the system. In order to save disk space and\nmemory, as well as to make upgrading easier, common system code is\nkept in one place and shared between programs. This particular package\ncontains the most important sets of shared libraries: the standard C\nlibrary and the standard math library. Without these two libraries, a\nLinux system will not function.\n\";\n\n tag_affected = \"glibc on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-17475\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/117177.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~18.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-10-03T00:00:00", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2013-17475", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4788", "CVE-2012-4412", "CVE-2012-4424", "CVE-2013-4332", "CVE-2013-2207", "CVE-2013-1914", "CVE-2013-4237"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310866945", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866945", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2013-17475\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866945\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-03 10:14:47 +0530 (Thu, 03 Oct 2013)\");\n script_cve_id(\"CVE-2013-4788\", \"CVE-2013-4332\", \"CVE-2012-4424\", \"CVE-2013-1914\",\n \"CVE-2013-2207\", \"CVE-2012-4412\", \"CVE-2013-4237\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for glibc FEDORA-2013-17475\");\n\n\n script_tag(name:\"affected\", value:\"glibc on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-17475\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/117177.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~18.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:38:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for glibc (SUSE-SU-2014:1122-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2014-5119", "CVE-2014-4043", "CVE-2013-4788", "CVE-2012-4412", "CVE-2013-4332", "CVE-2013-4237"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850912", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850912", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850912\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 14:10:31 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2012-4412\", \"CVE-2013-0242\", \"CVE-2013-4237\", \"CVE-2013-4332\", \"CVE-2013-4788\", \"CVE-2014-4043\", \"CVE-2014-5119\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for glibc (SUSE-SU-2014:1122-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This glibc update fixes a critical privilege escalation vulnerability and\n the following security and non-security issues:\n\n * bnc#892073: An off-by-one error leading to a heap-based buffer\n overflow was found in __gconv_translit_find(). An exploit that\n targets the problem is publicly available. (CVE-2014-5119)\n\n * bnc#886416: Avoid redundant shift character in iconv output at block\n boundary.\n\n * bnc#883022: Initialize errcode in sysdeps/unix/opendir.c.\n\n * bnc#882600: Copy filename argument in\n posix_spawn_file_actions_addopen. (CVE-2014-4043)\n\n * bnc#864081: Take lock in pthread_cond_wait cleanup handler only when\n needed.\n\n * bnc#843735: Don't crash on unresolved weak symbol reference.\n\n * bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332)\n\n * bnc#836746: Avoid race between {, __de}allocate_stack and\n __reclaim_stacks during fork.\n\n * bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237)\n\n * bnc#830268: Initialize pointer guard also in static executables.\n (CVE-2013-4788)\n\n * bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242)\n\n * bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412)\n\n * bnc#750741: Use absolute timeout in x86 pthread_cond_timedwait.\");\n\n script_tag(name:\"affected\", value:\"glibc on SUSE Linux Enterprise Server 11 SP1 LTSS\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:1122-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP1\") {\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.11.1~0.58.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.11.1~0.58.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-html\", rpm:\"glibc-html~2.11.1~0.58.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.11.1~0.58.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-info\", rpm:\"glibc-info~2.11.1~0.58.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-locale\", rpm:\"glibc-locale~2.11.1~0.58.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.11.1~0.58.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.11.1~0.58.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-32bit\", rpm:\"glibc-32bit~2.11.1~0.58.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel-32bit\", rpm:\"glibc-devel-32bit~2.11.1~0.58.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-locale-32bit\", rpm:\"glibc-locale-32bit~2.11.1~0.58.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-profile-32bit\", rpm:\"glibc-profile-32bit~2.11.1~0.58.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:45", "description": "Check the version of glibc", "cvss3": {}, "published": "2014-10-20T00:00:00", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2014-9830", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5119", "CVE-2013-4788", "CVE-2012-4412", "CVE-2012-4424", "CVE-2013-4332", "CVE-2013-2207", "CVE-2013-1914", "CVE-2013-4237", "CVE-2014-0475"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868418", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868418", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2014-9830\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868418\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-20 05:59:11 +0200 (Mon, 20 Oct 2014)\");\n script_cve_id(\"CVE-2014-5119\", \"CVE-2014-0475\", \"CVE-2013-4788\", \"CVE-2013-4332\",\n \"CVE-2012-4424\", \"CVE-2013-1914\", \"CVE-2013-2207\", \"CVE-2012-4412\",\n \"CVE-2013-4237\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for glibc FEDORA-2014-9830\");\n script_tag(name:\"summary\", value:\"Check the version of glibc\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"glibc on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-9830\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-October/141177.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~21.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:20", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1552)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8776", "CVE-2015-5277", "CVE-2014-6040", "CVE-2014-9402", "CVE-2013-4788", "CVE-2016-3075", "CVE-2017-15670", "CVE-2012-4412", "CVE-2013-1914", "CVE-2019-9169", "CVE-2014-9761", "CVE-2015-1472", "CVE-2015-1781", "CVE-2013-4237", "CVE-2013-7423", "CVE-2014-0475"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191552", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191552", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1552\");\n script_version(\"2020-01-23T14:09:13+0000\");\n script_cve_id(\"CVE-2012-4412\", \"CVE-2013-1914\", \"CVE-2013-4237\", \"CVE-2013-4788\", \"CVE-2013-7423\", \"CVE-2014-0475\", \"CVE-2014-6040\", \"CVE-2014-9402\", \"CVE-2014-9761\", \"CVE-2015-1472\", \"CVE-2015-1781\", \"CVE-2015-5277\", \"CVE-2015-8776\", \"CVE-2016-3075\", \"CVE-2017-15670\", \"CVE-2019-9169\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 14:09:13 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:12:58 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1552)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1552\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1552\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'glibc' package(s) announced via the EulerOS-SA-2019-1552 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system.(CVE-2015-5277)\n\nA directory traversal flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application.(CVE-2014-0475)\n\nIt was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure.(CVE-2015-8776)\n\nThe GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.(CVE-2017-15670)\n\nThe PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.(CVE-2013-4788)\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.(CVE-2014-6040)\n\nA stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include ''networks: dns'' with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution.(CVE-2016-3075)\n\nInteger overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.(CVE-2012-4412)\n\nA heap-based buffer overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that ap ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'glibc' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:35:22", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1551)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235", "CVE-2013-0242", "CVE-2014-8121", "CVE-2012-4424", "CVE-2015-8777", "CVE-2018-6485", "CVE-2015-5180", "CVE-2015-8779", "CVE-2017-15804", "CVE-2013-4332", "CVE-2016-3706", "CVE-2015-8778", "CVE-2013-2207", "CVE-2018-11236", "CVE-2017-1000366", "CVE-2017-12132", "CVE-2013-4458", "CVE-2015-1473", "CVE-2018-1000001", "CVE-2015-7547"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191551", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191551", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1551\");\n script_version(\"2020-01-23T12:12:38+0000\");\n script_cve_id(\"CVE-2012-4424\", \"CVE-2013-0242\", \"CVE-2013-2207\", \"CVE-2013-4332\", \"CVE-2013-4458\", \"CVE-2014-8121\", \"CVE-2015-0235\", \"CVE-2015-1473\", \"CVE-2015-5180\", \"CVE-2015-7547\", \"CVE-2015-8777\", \"CVE-2015-8778\", \"CVE-2015-8779\", \"CVE-2016-3706\", \"CVE-2017-1000366\", \"CVE-2017-12132\", \"CVE-2017-15804\", \"CVE-2018-1000001\", \"CVE-2018-11236\", \"CVE-2018-6485\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:12:38 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:12:38 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1551)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1551\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1551\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'glibc' package(s) announced via the EulerOS-SA-2019-1551 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.(CVE-2018-11236)\n\nAn integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution.(CVE-2015-8778)\n\nA stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.(CVE-2015-7547)\n\nA flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.(CVE-2013-0242)\n\nA flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.(CVE-2017-1000366)\n\nThe DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.(CVE-2017-12132)\n\nIt was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service.(CVE-2014-8121)\n\nStack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (ak ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'glibc' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:51", "description": "Buffer overflow in regexec, buffer overflow in getaddrinfo.", "edition": 1, "cvss3": {}, "published": "2013-05-09T00:00:00", "type": "securityvulns", "title": "GNU glibc security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914"], "modified": "2013-05-09T00:00:00", "id": "SECURITYVULNS:VULN:13071", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13071", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:47", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2013:163\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : glibc\r\n Date : May 7, 2013\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been discovered and corrected in glibc:\r\n \r\n Buffer overflow in the extend_buffers function in the regular\r\n expression matcher (posix/regexec.c) in glibc, possibly 2.17 and\r\n earlier, allows context-dependent attackers to cause a denial of\r\n service (memory corruption and crash) via crafted multibyte characters\r\n (CVE-2013-0242).\r\n \r\n Stack-based buffer overflow in the getaddrinfo function in\r\n sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6)\r\n 2.17 and earlier allows remote attackers to cause a denial of service\r\n (crash) via a (1) hostname or (2) IP address that triggers a large\r\n number of domain conversion results (CVE-2013-1914).\r\n \r\n The updated packages have been patched to correct these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n ec721ecac69f6bace0fec908ed45cf6d mbs1/x86_64/glibc-2.14.1-12.1.mbs1.x86_64.rpm\r\n 8d9c7b66f9b61da0c0e70141861529f8 mbs1/x86_64/glibc-devel-2.14.1-12.1.mbs1.x86_64.rpm\r\n 5a442d51c573ea1cc3593bf5b68c7e07 mbs1/x86_64/glibc-doc-2.14.1-12.1.mbs1.noarch.rpm\r\n 67ca31e66b41d88a169599fddcc628c3 mbs1/x86_64/glibc-doc-pdf-2.14.1-12.1.mbs1.noarch.rpm\r\n 8e2b8f84441470a05b513420641b0505 mbs1/x86_64/glibc-i18ndata-2.14.1-12.1.mbs1.x86_64.rpm\r\n 59226b1addf578c14a0c53e0731c37a3 mbs1/x86_64/glibc-profile-2.14.1-12.1.mbs1.x86_64.rpm\r\n 291cc63f1cd9a45ddf89455b133d06b4 mbs1/x86_64/glibc-static-devel-2.14.1-12.1.mbs1.x86_64.rpm\r\n 143e405ead8fa9a2f9184547ef6c75fc mbs1/x86_64/glibc-utils-2.14.1-12.1.mbs1.x86_64.rpm\r\n fecc2dd312e4513a89360927c579bccd mbs1/x86_64/nscd-2.14.1-12.1.mbs1.x86_64.rpm \r\n 180d09be78ca8fdfa5ca6ec1c514026a mbs1/SRPMS/glibc-2.14.1-12.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFRiQeOmqjQ0CJFipgRAgI5AKCdFyI/q4cEL7h8jQyu7m/6KMmzQQCfRt/X\r\nyvN2sdb9PK31dXX/cWwckNA=\r\n=hmEZ\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2013-05-09T00:00:00", "title": "[ MDVSA-2013:163 ] glibc", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914"], "modified": "2013-05-09T00:00:00", "id": "SECURITYVULNS:DOC:29383", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29383", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:49", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2013:284\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : glibc\r\n Date : November 25, 2013\r\n Affected: Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities was found and corrected in glibc:\r\n \r\n Integer overflow in string/strcoll_l.c in the GNU C Library (aka\r\n glibc or libc6) 2.17 and earlier allows context-dependent attackers\r\n to cause a denial of service (crash) or possibly execute arbitrary\r\n code via a long string, which triggers a heap-based buffer overflow\r\n (CVE-2012-4412).\r\n \r\n Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library\r\n (aka glibc or libc6) 2.17 and earlier allows context-dependent\r\n attackers to cause a denial of service (crash) or possibly execute\r\n arbitrary code via a long string that triggers a malloc failure and\r\n use of the alloca function (CVE-2012-4424).\r\n \r\n Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka\r\n glibc or libc6) 2.18 and earlier allow context-dependent attackers to\r\n cause a denial of service (heap corruption) via a large value to the\r\n (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5)\r\n aligned_alloc functions (CVE-2013-4332).\r\n \r\n A stack (frame) overflow flaw, which led to a denial of service\r\n (application crash), was found in the way glibc's getaddrinfo()\r\n function processed certain requests when called with AF_INET6. A\r\n similar flaw to CVE-2013-1914, this affects AF_INET6 rather than\r\n AF_UNSPEC (CVE-2013-4458).\r\n \r\n The PTR_MANGLE implementation in the GNU C Library (aka glibc or\r\n libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not\r\n initialize the random value for the pointer guard, which makes it\r\n easier for context- dependent attackers to control execution flow by\r\n leveraging a buffer-overflow vulnerability in an application and using\r\n the known zero value pointer guard to calculate a pointer address\r\n (CVE-2013-4788).\r\n \r\n The updated packages have been patched to correct these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4424\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Enterprise Server 5:\r\n ca2e58ecf7a2d62e523b1395175896b5 mes5/i586/glibc-2.8-1.20080520.5.10mnb2.i586.rpm\r\n 917ad59055eaebd5e68e5c2e73bb1839 mes5/i586/glibc-devel-2.8-1.20080520.5.10mnb2.i586.rpm\r\n 38faa00ce7b79dc37a7494b90c0b4f6c mes5/i586/glibc-doc-2.8-1.20080520.5.10mnb2.i586.rpm\r\n 8510201c6ee5f9b9ff4e5a62ea6082d8 mes5/i586/glibc-doc-pdf-2.8-1.20080520.5.10mnb2.i586.rpm\r\n a2f9bfe66d75446bd5e963673cb99184 mes5/i586/glibc-i18ndata-2.8-1.20080520.5.10mnb2.i586.rpm\r\n b4513eff5fef362f619f6ae0ea35ce5f mes5/i586/glibc-profile-2.8-1.20080520.5.10mnb2.i586.rpm\r\n a82b76207b1aca73c057c486a5e07636 mes5/i586/glibc-static-devel-2.8-1.20080520.5.10mnb2.i586.rpm\r\n df8b74ecfd447b107364e217da29f5d9 mes5/i586/glibc-utils-2.8-1.20080520.5.10mnb2.i586.rpm\r\n 3e9ce8665a7e61176c3b11cd266172b0 mes5/i586/nscd-2.8-1.20080520.5.10mnb2.i586.rpm \r\n 8e2ebc125c5a6e7dcf17d4535f7f911c mes5/SRPMS/glibc-2.8-1.20080520.5.10mnb2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 7c1b3450ba04c65d1a911e44c1554b67 mes5/x86_64/glibc-2.8-1.20080520.5.10mnb2.x86_64.rpm\r\n f5fe7d527fc92c69118e8c492e88de4f mes5/x86_64/glibc-devel-2.8-1.20080520.5.10mnb2.x86_64.rpm\r\n cc8afd4f3f5d54455d008d24412edc3d mes5/x86_64/glibc-doc-2.8-1.20080520.5.10mnb2.x86_64.rpm\r\n 0a946db4c66a3ae2985b983870d9b3fb mes5/x86_64/glibc-doc-pdf-2.8-1.20080520.5.10mnb2.x86_64.rpm\r\n 35f418e46f2739e07666b2b80a968c55 mes5/x86_64/glibc-i18ndata-2.8-1.20080520.5.10mnb2.x86_64.rpm\r\n c750b3334f6bb43d62370fbf1fc30a74 mes5/x86_64/glibc-profile-2.8-1.20080520.5.10mnb2.x86_64.rpm\r\n c6795a180161f94eb06074fdf588a5ed mes5/x86_64/glibc-static-devel-2.8-1.20080520.5.10mnb2.x86_64.rpm\r\n 01dd2eaae2dd444ed7b1e80411478a03 mes5/x86_64/glibc-utils-2.8-1.20080520.5.10mnb2.x86_64.rpm\r\n 0e29e9d7d90d5a92b19b53cda9642d6c mes5/x86_64/nscd-2.8-1.20080520.5.10mnb2.x86_64.rpm \r\n 8e2ebc125c5a6e7dcf17d4535f7f911c mes5/SRPMS/glibc-2.8-1.20080520.5.10mnb2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFSk2cxmqjQ0CJFipgRAgZUAJ0Ti6e3q9uo0KLoiFTieDkfU0L1ugCbBMKE\r\nyC/Gyf3HMq9+fahwCRMG/PM=\r\n=tgyp\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2013-12-01T00:00:00", "title": "[ MDVSA-2013:284 ] glibc", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4788", "CVE-2012-4412", "CVE-2012-4424", "CVE-2013-4332", "CVE-2013-1914", "CVE-2013-4458"], "modified": "2013-12-01T00:00:00", "id": "SECURITYVULNS:DOC:30044", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30044", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2021-10-21T04:46:04", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nIt was found that getaddrinfo() did not limit the amount of stack memory\nused during name resolution. An attacker able to make an application\nresolve an attacker-controlled hostname or IP address could possibly cause\nthe application to exhaust all stack memory and crash. (CVE-2013-1914)\n\nA flaw was found in the regular expression matching routines that process\nmultibyte character input. If an application utilized the glibc regular\nexpression matching mechanism, an attacker could provide specially-crafted\ninput that, when processed, would cause the application to crash.\n(CVE-2013-0242)\n\nThis update also fixes the following bugs:\n\n* The improvements RHSA-2012:1207 made to the accuracy of floating point\nfunctions in the math library caused performance regressions for those\nfunctions. The performance regressions were analyzed and a fix was applied\nthat retains the current accuracy but reduces the performance penalty to\nacceptable levels. Refer to Red Hat Knowledge solution 229993, linked\nto in the References, for further information. (BZ#950535)\n\n* It was possible that a memory location freed by the localization code\ncould be accessed immediately after, resulting in a crash. The fix ensures\nthat the application does not crash by avoiding the invalid memory access.\n(BZ#951493)\n\nUsers of glibc are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "cvss3": {}, "published": "2013-04-24T00:00:00", "type": "redhat", "title": "(RHSA-2013:0769) Low: glibc security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914"], "modified": "2017-09-08T07:56:29", "id": "RHSA-2013:0769", "href": "https://access.redhat.com/errata/RHSA-2013:0769", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T18:41:55", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in glibc's memory allocator functions (pvalloc, valloc, and\nmemalign). If an application used such a function, it could cause the\napplication to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2013-4332)\n\nA flaw was found in the regular expression matching routines that process\nmultibyte character input. If an application utilized the glibc regular\nexpression matching mechanism, an attacker could provide specially-crafted\ninput that, when processed, would cause the application to crash.\n(CVE-2013-0242)\n\nIt was found that getaddrinfo() did not limit the amount of stack memory\nused during name resolution. An attacker able to make an application\nresolve an attacker-controlled hostname or IP address could possibly cause\nthe application to exhaust all stack memory and crash. (CVE-2013-1914)\n\nAmong other changes, this update includes an important fix for the following\nbug:\n\n* Due to a defect in the initial release of the getaddrinfo() system call in Red\nHat enterprise Linux 6.0, AF_INET and AF_INET6 queries resolved from the\n/etc/hosts file returned queried names as canonical names. This incorrect\nbehavior is, however, still considered to be the expected behavior. As a result\nof a recent change in getaddrinfo(), AF_INET6 queries started resolving the\ncanonical names correctly. However, this behavior was unexpected by applications\nthat relied on queries resolved from the /etc/hosts file, and these applications\ncould thus fail to operate properly. This update applies a fix ensuring that\nAF_INET6 queries resolved from /etc/hosts always return the queried name as\ncanonical. Note that DNS lookups are resolved properly and always return the\ncorrect canonical names. A proper fix to AF_INET6 queries resolution from\n/etc/hosts may be applied in future releases; for now, due to a lack of\nstandard, Red Hat suggests the first entry in the /etc/hosts file, that applies\nfor the IP address being resolved, to be considered the canonical entry.\n(BZ#1022022)\n\nThese updated glibc packages also include additional bug fixes and \nvarious enhancements. Space precludes documenting all of these changes \nin this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 \nTechnical Notes, linked to in the References, for information on the \nmost significant of these changes.\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n", "cvss3": {}, "published": "2013-11-21T00:00:00", "type": "redhat", "title": "(RHSA-2013:1605) Moderate: glibc security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4332"], "modified": "2018-06-06T16:24:12", "id": "RHSA-2013:1605", "href": "https://access.redhat.com/errata/RHSA-2013:1605", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:39:24", "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: a subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of \"Install Failed\". If this happens, place the host\ninto maintenance mode, then activate it again to get the host back to an\n\"Up\" state.\n\nA buffer overflow flaw was found in the way QEMU processed the SCSI \"REPORT\nLUNS\" command when more than 256 LUNs were specified for a single SCSI\ntarget. A privileged guest user could use this flaw to corrupt QEMU process\nmemory on the host, which could potentially result in arbitrary code\nexecution on the host with the privileges of the QEMU process.\n(CVE-2013-4344)\n\nMultiple flaws were found in the way Linux kernel handled HID (Human\nInterface Device) reports. An attacker with physical access to the system\ncould use this flaw to crash the system or, potentially, escalate their\nprivileges on the system. (CVE-2013-2888, CVE-2013-2889, CVE-2013-2892)\n\nA flaw was found in the way the Python SSL module handled X.509 certificate\nfields that contain a NULL byte. An attacker could potentially exploit this\nflaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that\nto exploit this issue, an attacker would need to obtain a carefully crafted\ncertificate signed by an authority that the client trusts. (CVE-2013-4238)\n\nThe default OpenSSH configuration made it easy for remote attackers to\nexhaust unauthorized connection slots and prevent other users from being\nable to log in to a system. This flaw has been addressed by enabling random\nearly connection drops by setting MaxStartups to 10:30:100 by default.\nFor more information, refer to the sshd_config(5) man page. (CVE-2010-5107)\n\nThe CVE-2013-4344 issue was discovered by Asias He of Red Hat.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2012-0786 and CVE-2012-0787 (augeas issues)\n\nCVE-2013-1813 (busybox issue)\n\nCVE-2013-0221, CVE-2013-0222, and CVE-2013-0223 (coreutils issues)\n\nCVE-2012-4453 (dracut issue)\n\nCVE-2013-4332, CVE-2013-0242, and CVE-2013-1914 (glibc issues)\n\nCVE-2013-4387, CVE-2013-0343, CVE-2013-4345, CVE-2013-4591, CVE-2013-4592,\nCVE-2012-6542, CVE-2013-3231, CVE-2013-1929, CVE-2012-6545, CVE-2013-1928,\nCVE-2013-2164, CVE-2013-2234, and CVE-2013-2851 (kernel issues)\n\nCVE-2013-4242 (libgcrypt issue)\n\nCVE-2013-4419 (libguestfs issue)\n\nCVE-2013-1775, CVE-2013-2776, and CVE-2013-2777 (sudo issues)\n\nThis update also fixes the following bug:\n\n* A previous version of the rhev-hypervisor6 package did not contain the\nlatest vhostmd package, which provides a \"metrics communication channel\"\nbetween a host and its hosted virtual machines, allowing limited\nintrospection of host resource usage from within virtual machines. This has\nbeen fixed, and rhev-hypervisor6 now includes the latest vhostmd package.\n(BZ#1026703)\n\nThis update also contains the fixes from the following errata:\n\n* ovirt-node: https://rhn.redhat.com/errata/RHBA-2013-1528.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.\n", "cvss3": {}, "published": "2013-11-21T00:00:00", "type": "redhat", "title": "(RHSA-2013:1527) Important: rhev-hypervisor6 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-5107", "CVE-2012-0786", "CVE-2012-0787", "CVE-2012-4453", "CVE-2012-6542", "CVE-2012-6545", "CVE-2013-0221", "CVE-2013-0222", "CVE-2013-0223", "CVE-2013-0242", "CVE-2013-0343", "CVE-2013-1775", "CVE-2013-1813", "CVE-2013-1914", "CVE-2013-1928", "CVE-2013-1929", "CVE-2013-2164", "CVE-2013-2234", "CVE-2013-2776", "CVE-2013-2777", "CVE-2013-2851", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2892", "CVE-2013-3231", "CVE-2013-4238", "CVE-2013-4242", "CVE-2013-4332", "CVE-2013-4344", "CVE-2013-4345", "CVE-2013-4387", "CVE-2013-4419", "CVE-2013-4591", "CVE-2013-4592"], "modified": "2018-06-07T04:59:39", "id": "RHSA-2013:1527", "href": "https://access.redhat.com/errata/RHSA-2013:1527", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2023-01-01T04:44:59", "description": "**CentOS Errata and Security Advisory** CESA-2013:0769\n\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nIt was found that getaddrinfo() did not limit the amount of stack memory\nused during name resolution. An attacker able to make an application\nresolve an attacker-controlled hostname or IP address could possibly cause\nthe application to exhaust all stack memory and crash. (CVE-2013-1914)\n\nA flaw was found in the regular expression matching routines that process\nmultibyte character input. If an application utilized the glibc regular\nexpression matching mechanism, an attacker could provide specially-crafted\ninput that, when processed, would cause the application to crash.\n(CVE-2013-0242)\n\nThis update also fixes the following bugs:\n\n* The improvements RHSA-2012:1207 made to the accuracy of floating point\nfunctions in the math library caused performance regressions for those\nfunctions. The performance regressions were analyzed and a fix was applied\nthat retains the current accuracy but reduces the performance penalty to\nacceptable levels. Refer to Red Hat Knowledge solution 229993, linked\nto in the References, for further information. (BZ#950535)\n\n* It was possible that a memory location freed by the localization code\ncould be accessed immediately after, resulting in a crash. The fix ensures\nthat the application does not crash by avoiding the invalid memory access.\n(BZ#951493)\n\nUsers of glibc are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2013-April/069181.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2013:0769", "cvss3": {}, "published": "2013-04-24T21:58:40", "type": "centos", "title": "glibc, nscd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914"], "modified": "2013-04-24T21:58:40", "id": "CESA-2013:0769", "href": "https://lists.centos.org/pipermail/centos-announce/2013-April/069181.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-01T05:09:12", "description": "**CentOS Errata and Security Advisory** CESA-2013:1605\n\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in glibc's memory allocator functions (pvalloc, valloc, and\nmemalign). If an application used such a function, it could cause the\napplication to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2013-4332)\n\nA flaw was found in the regular expression matching routines that process\nmultibyte character input. If an application utilized the glibc regular\nexpression matching mechanism, an attacker could provide specially-crafted\ninput that, when processed, would cause the application to crash.\n(CVE-2013-0242)\n\nIt was found that getaddrinfo() did not limit the amount of stack memory\nused during name resolution. An attacker able to make an application\nresolve an attacker-controlled hostname or IP address could possibly cause\nthe application to exhaust all stack memory and crash. (CVE-2013-1914)\n\nAmong other changes, this update includes an important fix for the following\nbug:\n\n* Due to a defect in the initial release of the getaddrinfo() system call in Red\nHat enterprise Linux 6.0, AF_INET and AF_INET6 queries resolved from the\n/etc/hosts file returned queried names as canonical names. This incorrect\nbehavior is, however, still considered to be the expected behavior. As a result\nof a recent change in getaddrinfo(), AF_INET6 queries started resolving the\ncanonical names correctly. However, this behavior was unexpected by applications\nthat relied on queries resolved from the /etc/hosts file, and these applications\ncould thus fail to operate properly. This update applies a fix ensuring that\nAF_INET6 queries resolved from /etc/hosts always return the queried name as\ncanonical. Note that DNS lookups are resolved properly and always return the\ncorrect canonical names. A proper fix to AF_INET6 queries resolution from\n/etc/hosts may be applied in future releases; for now, due to a lack of\nstandard, Red Hat suggests the first entry in the /etc/hosts file, that applies\nfor the IP address being resolved, to be considered the canonical entry.\n(BZ#1022022)\n\nThese updated glibc packages also include additional bug fixes and \nvarious enhancements. Space precludes documenting all of these changes \nin this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 \nTechnical Notes, linked to in the References, for information on the \nmost significant of these changes.\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2013-November/020527.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2013:1605", "cvss3": {}, "published": "2013-11-26T13:31:38", "type": "centos", "title": "glibc, nscd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4332"], "modified": "2013-11-26T13:31:38", "id": "CESA-2013:1605", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2013-November/020527.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:29", "description": "[2.5-107.4]\n- Add missing patch to avoid use after free (#816647).\n[2.5-107.3]\n- Fix multibyte character processing crash in regexp (CVE-2013-0242, #951130)\n - Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951130)\n[2.5-107.2]\n- Call feraiseexcept only if exceptions are not masked (#861871).", "cvss3": {}, "published": "2013-04-24T00:00:00", "type": "oraclelinux", "title": "glibc security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914"], "modified": "2013-04-24T00:00:00", "id": "ELSA-2013-0769", "href": "http://linux.oracle.com/errata/ELSA-2013-0769.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:21", "description": "[2.12-1.132] \r\n- Revert the addition of gettimeofday vDSO function for ppc and ppc64 until \r\nOPD VDSO function call issues are resolved (#1026533). \r\n \n[2.12-1.131] \r\n- Call gethostbyname4_r only for PF_UNSPEC (#1022022). \r\n \n[2.12-1.130] \r\n- Fix integer overflows in *valloc and memalign. (#1008310). \r\n \n[2.12-1.129] \r\n- Initialize res_hconf in nscd (#970090). \r\n \n[2.12-1.128] \r\n- Update previous patch for dcigettext.c and loadmsgcat.c (#834386). \r\n \n[2.12-1.127] \r\n- Save search paths before performing relro protection (#988931). \r\n \n[2.12-1.126] \r\n- Correctly name the 240-bit slow path sytemtap probe slowpow_p10 for slowpow (#905575). \r\n \n[2.12-1.125] \r\n- Align value of stacksize in nptl-init (#663641). \r\n \n[2.12-1.124] \r\n- Renamed release engineering directory from 'fedora' to `releng' (#903754). \r\n \n[2.12-1.123] \r\n- Backport GLIBC sched_getcpu and gettimeofday vDSO functions for ppc (#929302). \r\n- Fall back to local DNS if resolv.conf does not define nameservers (#928318). \r\n- Add systemtap probes to slowexp and slowpow (#905575). \r\n \n[2.12-1.122] \r\n- Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951213). \r\n- Fix multibyte character processing crash in regexp (CVE-2013-0242, #951213). \r\n \n[2.12-1.121] \r\n- Add netgroup cache support for nscd (#629823). \r\n \n[2.12-1.120] \r\n- Fix multiple nss_compat initgroups() bugs (#966778). \r\n- Don't use simple lookup for AF_INET when AI_CANONNAME is set (#863384). \r\n \n[2.12-1.119] \r\n- Add MAP_HUGETLB and MAP_STACK support (#916986). \r\n- Update translation for stale file handle error (#970776). \r\n \n[2.12-1.118] \r\n- Improve performance of _SC_NPROCESSORS_ONLN (#rh952422). \r\n- Fix up _init in pt-initfini to accept arguments (#663641). \r\n \n[2.12-1.117] \r\n- Set reasonable limits on xdr requests to prevent memory leaks (#848748). \r\n \n[2.12-1.116] \r\n- Fix mutex locking for PI mutexes on spurious wake-ups on pthread condvars \r\n(#552960). \r\n- New environment variable GLIBC_PTHREAD_STACKSIZE to set thread stack size \r\n(#663641). \r\n \n[2.12-1.115] \r\n- Improved handling of recursive calls in backtrace (#868808). \r\n \n[2.12-1.114] \r\n- The ttyname and ttyname_r functions on Linux now fall back to searching for \r\nthe tty file descriptor in /dev/pts or /dev if /proc is not available. This \r\nallows creation of chroots without the procfs mounted on /proc. (#851470) \r\n \n[2.12-1.113] \r\n- Don't free rpath strings allocated during startup until after \r\nld.so is re-relocated. (#862094) \r\n \n[2.12-1.112] \r\n- Consistantly MANGLE/DEMANGLE function pointers. \r\nFix use after free in dcigettext.c (#834386). \r\n \n[2.12-1.111] \r\n- Change rounding mode only when necessary (#966775). \r\n \n[2.12-1.110] \r\n- Backport of code to allow incremental loading of library list (#886968). \r\n \n[2.12-1.109] \r\n- Fix loading of audit libraries when TLS is in use (#919562) \r\n \n[2.12-1.108] \r\n- Fix application of SIMD FP exception mask (#929388). ", "cvss3": {}, "published": "2013-11-25T00:00:00", "type": "oraclelinux", "title": "glibc security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2013-4332", "CVE-2013-1914"], "modified": "2013-11-25T00:00:00", "id": "ELSA-2013-1605", "href": "http://linux.oracle.com/errata/ELSA-2013-1605.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2022-11-01T21:31:31", "description": "**Issue Overview:**\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332)\n\nA flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash. (CVE-2013-0242)\n\nIt was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914)\n\n \n**Affected Packages:** \n\n\nglibc\n\n \n**Issue Correction:** \nRun _yum update glibc_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 glibc-2.12-1.132.45.amzn1.i686 \n \u00a0\u00a0\u00a0 glibc-utils-2.12-1.132.45.amzn1.i686 \n \u00a0\u00a0\u00a0 glibc-debuginfo-common-2.12-1.132.45.amzn1.i686 \n \u00a0\u00a0\u00a0 glibc-common-2.12-1.132.45.amzn1.i686 \n \u00a0\u00a0\u00a0 glibc-headers-2.12-1.132.45.amzn1.i686 \n \u00a0\u00a0\u00a0 glibc-static-2.12-1.132.45.amzn1.i686 \n \u00a0\u00a0\u00a0 glibc-debuginfo-2.12-1.132.45.amzn1.i686 \n \u00a0\u00a0\u00a0 nscd-2.12-1.132.45.amzn1.i686 \n \u00a0\u00a0\u00a0 glibc-devel-2.12-1.132.45.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 glibc-2.12-1.132.45.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 glibc-2.12-1.132.45.amzn1.x86_64 \n \u00a0\u00a0\u00a0 nscd-2.12-1.132.45.amzn1.x86_64 \n \u00a0\u00a0\u00a0 glibc-devel-2.12-1.132.45.amzn1.x86_64 \n \u00a0\u00a0\u00a0 glibc-common-2.12-1.132.45.amzn1.x86_64 \n \u00a0\u00a0\u00a0 glibc-debuginfo-2.12-1.132.45.amzn1.x86_64 \n \u00a0\u00a0\u00a0 glibc-headers-2.12-1.132.45.amzn1.x86_64 \n \u00a0\u00a0\u00a0 glibc-static-2.12-1.132.45.amzn1.x86_64 \n \u00a0\u00a0\u00a0 glibc-debuginfo-common-2.12-1.132.45.amzn1.x86_64 \n \u00a0\u00a0\u00a0 glibc-utils-2.12-1.132.45.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2013-0242](<https://access.redhat.com/security/cve/CVE-2013-0242>), [CVE-2013-1914](<https://access.redhat.com/security/cve/CVE-2013-1914>), [CVE-2013-4332](<https://access.redhat.com/security/cve/CVE-2013-4332>)\n\nMitre: [CVE-2013-0242](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242>), [CVE-2013-1914](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914>), [CVE-2013-4332](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332>)\n", "cvss3": {}, "published": "2013-12-17T21:39:00", "type": "amazon", "title": "Medium: glibc", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4332"], "modified": "2014-09-16T22:16:00", "id": "ALAS-2013-270", "href": "https://alas.aws.amazon.com/ALAS-2013-270.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:25:24", "description": "Stack-based buffer overflow in the getaddrinfo function in\nsysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and\nearlier allows remote attackers to cause a denial of service (crash) via a\n(1) hostname or (2) IP address that triggers a large number of domain\nconversion results.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704623>\n * <https://bugzilla.novell.com/show_bug.cgi?id=813121>\n * <http://sourceware.org/bugzilla/show_bug.cgi?id=15330>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | infinity is going to roll this into an SRU that he'll push through the ubuntu-security-proposed ppa\n", "cvss3": {}, "published": "2013-04-29T00:00:00", "type": "ubuntucve", "title": "CVE-2013-1914", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1914"], "modified": "2013-04-29T00:00:00", "id": "UB:CVE-2013-1914", "href": "https://ubuntu.com/security/CVE-2013-1914", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:26:29", "description": "Buffer overflow in the extend_buffers function in the regular expression\nmatcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows\ncontext-dependent attackers to cause a denial of service (memory corruption\nand crash) via crafted multibyte characters.\n\n#### Bugs\n\n * <http://sourceware.org/bugzilla/show_bug.cgi?id=15078>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0242>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=905413>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699399>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | infinity is going to roll this into an SRU that he'll push through the ubuntu-security-proposed ppa\n", "cvss3": {}, "published": "2013-02-08T00:00:00", "type": "ubuntucve", "title": "CVE-2013-0242", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242"], "modified": "2013-02-08T00:00:00", "id": "UB:CVE-2013-0242", "href": "https://ubuntu.com/security/CVE-2013-0242", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:23:03", "description": "Stack-based buffer overflow in the getaddrinfo function in\nsysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and\nearlier allows remote attackers to cause a denial of service (crash) via a\n(1) hostname or (2) IP address that triggers a large number of AF_INET6\naddress results. NOTE: this vulnerability exists because of an incomplete\nfix for CVE-2013-1914.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727181>\n * <https://sourceware.org/bugzilla/show_bug.cgi?id=16072>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | this fix was also incomplete, leading to CVE-2016-3706\n", "cvss3": {}, "published": "2013-12-12T00:00:00", "type": "ubuntucve", "title": "CVE-2013-4458", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1914", "CVE-2013-4458", "CVE-2016-3706"], "modified": "2013-12-12T00:00:00", "id": "UB:CVE-2013-4458", "href": "https://ubuntu.com/security/CVE-2013-4458", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-01-15T06:06:28", "description": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.", "cvss3": {}, "published": "2013-04-29T22:55:00", "type": "debiancve", "title": "CVE-2013-1914", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1914"], "modified": "2013-04-29T22:55:00", "id": "DEBIANCVE:CVE-2013-1914", "href": "https://security-tracker.debian.org/tracker/CVE-2013-1914", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-15T06:06:28", "description": "Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.", "cvss3": {}, "published": "2013-02-08T20:55:00", "type": "debiancve", "title": "CVE-2013-0242", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242"], "modified": "2013-02-08T20:55:00", "id": "DEBIANCVE:CVE-2013-0242", "href": "https://security-tracker.debian.org/tracker/CVE-2013-0242", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-15T06:06:28", "description": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.", "cvss3": {}, "published": "2013-12-12T18:55:00", "type": "debiancve", "title": "CVE-2013-4458", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1914", "CVE-2013-4458"], "modified": "2013-12-12T18:55:00", "id": "DEBIANCVE:CVE-2013-4458", "href": "https://security-tracker.debian.org/tracker/CVE-2013-4458", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:22:47", "description": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.", "cvss3": {}, "published": "2013-04-29T22:55:00", "type": "cve", "title": "CVE-2013-1914", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1914"], "modified": "2021-09-01T18:15:00", "cpe": ["cpe:/a:gnu:glibc:2.3.1", "cpe:/a:gnu:glibc:2.3.6", "cpe:/a:gnu:glibc:2.14.1", "cpe:/a:gnu:glibc:2.6", "cpe:/a:gnu:glibc:2.5", "cpe:/a:gnu:glibc:2.14", "cpe:/a:gnu:glibc:2.13", "cpe:/a:gnu:glibc:2.2", "cpe:/a:gnu:glibc:2.16", "cpe:/a:gnu:glibc:2.15", "cpe:/a:gnu:glibc:2.3.5", "cpe:/a:gnu:glibc:2.9", "cpe:/a:gnu:glibc:2.11.2", "cpe:/a:gnu:glibc:2.8", "cpe:/a:gnu:glibc:2.17", "cpe:/a:gnu:glibc:2.3.3", "cpe:/a:gnu:glibc:2.3", "cpe:/a:gnu:glibc:2.2.1", "cpe:/a:gnu:glibc:2.11.1", "cpe:/a:gnu:glibc:2.12.2", "cpe:/a:gnu:glibc:2.11", "cpe:/a:gnu:glibc:2.0.1", "cpe:/a:gnu:glibc:2.10.1", "cpe:/a:gnu:glibc:2.2.4", "cpe:/a:gnu:glibc:2.12.1", "cpe:/a:gnu:glibc:2.3.2", "cpe:/a:gnu:glibc:2.11.3", "cpe:/a:gnu:glibc:2.4", "cpe:/a:gnu:glibc:2.3.4", "cpe:/a:gnu:glibc:2.0.6", "cpe:/a:gnu:glibc:2.6.1", "cpe:/a:gnu:glibc:2.2.5", "cpe:/a:gnu:glibc:2.7", "cpe:/a:gnu:glibc:2.2.3", "cpe:/a:gnu:glibc:2.2.2", "cpe:/a:gnu:glibc:2.5.1"], "id": "CVE-2013-1914", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1914", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:52:45", "description": "Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.", "cvss3": {}, "published": "2013-02-08T20:55:00", "type": "cve", "title": "CVE-2013-0242", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242"], "modified": "2017-08-29T01:33:00", "cpe": ["cpe:/a:gnu:glibc:2.17"], "id": "CVE-2013-0242", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0242", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:38:00", "description": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.", "cvss3": {}, "published": "2013-12-12T18:55:00", "type": "cve", "title": "CVE-2013-4458", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1914", "CVE-2013-4458"], "modified": "2017-07-01T01:29:00", "cpe": ["cpe:/a:gnu:glibc:2.14.1", "cpe:/a:gnu:glibc:2.1", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/a:gnu:glibc:2.14", "cpe:/a:gnu:glibc:2.13", "cpe:/a:gnu:glibc:2.0", "cpe:/a:gnu:glibc:2.16", "cpe:/a:gnu:glibc:2.15", "cpe:/a:gnu:glibc:2.18", "cpe:/a:gnu:glibc:2.1.1.6", "cpe:/a:gnu:glibc:2.0.3", "cpe:/a:gnu:glibc:2.0.5", "cpe:/a:gnu:glibc:2.11.2", "cpe:/a:gnu:glibc:2.17", "cpe:/a:suse:linux_enterprise_debuginfo:11", "cpe:/a:gnu:glibc:2.1.1", "cpe:/a:gnu:glibc:2.11.1", "cpe:/a:gnu:glibc:2.12.2", "cpe:/a:gnu:glibc:2.1.2", "cpe:/a:gnu:glibc:2.1.3", "cpe:/a:gnu:glibc:2.11", "cpe:/a:gnu:glibc:2.0.1", "cpe:/a:gnu:glibc:2.12.1", "cpe:/a:gnu:glibc:2.10.1", "cpe:/a:gnu:glibc:2.11.3", "cpe:/a:gnu:glibc:2.0.4", "cpe:/a:gnu:glibc:2.0.6", "cpe:/a:gnu:glibc:2.1.9", "cpe:/a:gnu:glibc:2.0.2"], "id": "CVE-2013-4458", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4458", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*", "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "description": "The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. ", "cvss3": {}, "published": "2013-03-30T21:30:28", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: glibc-2.16-30.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242"], "modified": "2013-03-30T21:30:28", "id": "FEDORA:6201120A4F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GDWFQTBNOAIL2YFOSO2VQEG6PMW7AU5T/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. ", "cvss3": {}, "published": "2013-06-02T01:58:33", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: glibc-2.15-59.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242"], "modified": "2013-06-02T01:58:33", "id": "FEDORA:3CE6F210A0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LNQYFKUKUD6H7FCU2Y5JYJP4XXOWALCA/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. ", "cvss3": {}, "published": "2013-08-22T00:50:09", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: glibc-2.17-13.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4412", "CVE-2012-4424", "CVE-2013-1914", "CVE-2013-2207", "CVE-2013-4237"], "modified": "2013-08-22T00:50:09", "id": "FEDORA:8E57121104", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/N67QIIDXMRNXHRPYOBSV7BYRPPGUC3JH/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "vmware": [{"lastseen": "2021-06-08T18:38:43", "description": "a. vCenter Server Apache Struts Update \n\n\nThe Apache Struts library is updated to address a security issue. \n \nThis issue may lead to remote code execution after authentication. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-0114 to this issue. \n \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.\n", "cvss3": {}, "published": "2014-09-09T00:00:00", "type": "vmware", "title": "VMware vSphere product updates to third party libraries", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2014-0114", "CVE-2013-4322", "CVE-2014-0050", "CVE-2013-1914", "CVE-2013-4590"], "modified": "2014-12-04T00:00:00", "id": "VMSA-2014-0008", "href": "https://www.vmware.com/security/advisories/VMSA-2014-0008.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-19T20:02:32", "description": "a. vCenter Server Apache Struts Update\n\nThe Apache Struts library is updated to address a security issue.This issue may lead to remote code execution after authentication.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-0114 to this issue.Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.", "cvss3": {}, "published": "2014-09-09T00:00:00", "type": "vmware", "title": "VMware vSphere product updates to third party libraries", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4322", "CVE-2013-4590", "CVE-2014-0050", "CVE-2014-0114"], "modified": "2014-12-04T00:00:00", "id": "VMSA-2014-0008.2", "href": "https://www.vmware.com/security/advisories/VMSA-2014-0008.2.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-01-26T13:33:42", "description": "## Releases\n\n * Ubuntu 13.04 \n * Ubuntu 12.10 \n * Ubuntu 12.04 \n * Ubuntu 10.04 \n\n## Packages\n\n * eglibc \\- GNU C Library\n\nIt was discovered that the GNU C Library incorrectly handled the strcoll() \nfunction. An attacker could use this issue to cause a denial of service, or \npossibly execute arbitrary code. (CVE-2012-4412, CVE-2012-4424)\n\nIt was discovered that the GNU C Library incorrectly handled multibyte \ncharacters in the regular expression matcher. An attacker could use this \nissue to cause a denial of service. (CVE-2013-0242)\n\nIt was discovered that the GNU C Library incorrectly handled large numbers \nof domain conversion results in the getaddrinfo() function. An attacker \ncould use this issue to cause a denial of service. (CVE-2013-1914)\n\nIt was discovered that the GNU C Library readdir_r() function incorrectly \nhandled crafted NTFS or CIFS images. An attacker could use this issue to \ncause a denial of service, or possibly execute arbitrary code. \n(CVE-2013-4237)\n\nIt was discovered that the GNU C Library incorrectly handled memory \nallocation. An attacker could use this issue to cause a denial of service. \n(CVE-2013-4332)\n", "cvss3": {}, "published": "2013-10-21T00:00:00", "type": "ubuntu", "title": "GNU C Library vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4412", "CVE-2012-4424", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4237", "CVE-2013-4332"], "modified": "2013-10-21T00:00:00", "id": "USN-1991-1", "href": "https://ubuntu.com/security/notices/USN-1991-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2021-06-08T18:45:15", "description": " \n\n\n[CVE-2014-0475](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0475>)\n\nMultiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.\n\n[CVE-2014-5119](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119>) \n\n\nOff-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.\n\n[CVE-2013-4458](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458>)\n\nStack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.\n\nImpact \n\n\nThis vulnerability may allow remote attackers to bypass restrictions and execute arbitrary code or cause a denial-of-service (DoS). \n\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents.](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "cvss3": {}, "published": "2014-10-02T23:35:00", "type": "f5", "title": "GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5119", "CVE-2013-1914", "CVE-2013-4458", "CVE-2014-0475"], "modified": "2016-01-09T02:19:00", "id": "F5:K15640", "href": "https://support.f5.com/csp/article/K15640", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:45:06", "description": "*Most ARX components are based on GNU C library code. \n\n\nRecommended action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "cvss3": {}, "published": "2014-10-02T00:00:00", "type": "f5", "title": "SOL15640 - GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5119", "CVE-2013-1914", "CVE-2013-4458", "CVE-2014-0475"], "modified": "2014-10-02T00:00:00", "id": "SOL15640", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/600/sol15640.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2022-01-17T19:07:06", "description": "### Background\n\nThe GNU C library is the standard C library used by Gentoo Linux systems. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local attacker may be able to execute arbitrary code or cause a Denial of Service condition,. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll glibc users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-libs/glibc-2.19-r1\"", "cvss3": {}, "published": "2015-03-08T00:00:00", "type": "gentoo", "title": "GNU C Library: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3404", "CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480", "CVE-2012-4412", "CVE-2012-4424", "CVE-2012-6656", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-2207", "CVE-2013-4237", "CVE-2013-4332", "CVE-2013-4458", "CVE-2013-4788", "CVE-2014-4043", "CVE-2015-0235"], "modified": "2015-03-08T00:00:00", "id": "GLSA-201503-04", "href": "https://security.gentoo.org/glsa/201503-04", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-10-23T22:31:10", "description": "Package : eglibc\nVersion : 2.11.3-4+deb6u5\nCVE ID : CVE-2012-3405 CVE-2012-3406 CVE-2012-3480 CVE-2012-4412 \n CVE-2012-4424 CVE-2013-0242 CVE-2013-1914 CVE-2013-4237\n\t\t CVE-2013-4332 CVE-2013-4357 CVE-2013-4458 CVE-2013-4788\n\t\t CVE-2013-7423 CVE-2013-7424 CVE-2014-4043 CVE-2015-1472\n\t\t CVE-2015-1473\nDebian Bug : 553206 681473 681888 684889 687530 689423 699399 704623\n\t\t 717178 719558 722536 751774 765506 765526 765562\n\nSeveral vulnerabilities have been fixed in eglibc, Debian's version of\nthe GNU C library.\n\n#553206\nCVE-2015-1472\nCVE-2015-1473\n\n The scanf family of functions do not properly limit stack\n allocation, which allows context-dependent attackers to cause a\n denial of service (crash) or possibly execute arbitrary code.\n\nCVE-2012-3405\n\n The printf family of functions do not properly calculate a buffer\n length, which allows context-dependent attackers to bypass the\n FORTIFY_SOURCE format-string protection mechanism and cause a\n denial of service.\n\nCVE-2012-3406\n\n The printf family of functions do not properly limit stack\n allocation, which allows context-dependent attackers to bypass the\n FORTIFY_SOURCE format-string protection mechanism and cause a\n denial of service (crash) or possibly execute arbitrary code via a\n crafted format string.\n\nCVE-2012-3480\n\n Multiple integer overflows in the strtod, strtof, strtold,\n strtod_l, and other related functions allow local users to cause a\n denial of service (application crash) and possibly execute\n arbitrary code via a long string, which triggers a stack-based\n buffer overflow.\n\nCVE-2012-4412\n\n Integer overflow in the strcoll and wcscoll functions allows\n context-dependent attackers to cause a denial of service (crash)\n or possibly execute arbitrary code via a long string, which\n triggers a heap-based buffer overflow.\n\nCVE-2012-4424\n\n Stack-based buffer overflow in the strcoll and wcscoll functions\n allows context-dependent attackers to cause a denial of service\n (crash) or possibly execute arbitrary code via a long string that\n triggers a malloc failure and use of the alloca function.\n\nCVE-2013-0242\n\n Buffer overflow in the extend_buffers function in the regular\n expression matcher allows context-dependent attackers to cause a\n denial of service (memory corruption and crash) via crafted\n multibyte characters.\n\nCVE-2013-1914\nCVE-2013-4458\n\n Stack-based buffer overflow in the getaddrinfo function allows\n remote attackers to cause a denial of service (crash) via a\n hostname or IP address that triggers a large number of domain\n conversion results.\n\nCVE-2013-4237\n\n readdir_r allows context-dependent attackers to cause a denial of\n service (out-of-bounds write and crash) or possibly execute\n arbitrary code via a malicious NTFS image or CIFS service.\n\nCVE-2013-4332\n\n Multiple integer overflows in malloc/malloc.c allow\n context-dependent attackers to cause a denial of service (heap\n corruption) via a large value to the pvalloc, valloc,\n posix_memalign, memalign, or aligned_alloc functions.\n\nCVE-2013-4357\n\n The getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname,\n getservbyname_r, getservbyport, getservbyport_r, and glob\n functions do not properly limit stack allocation, which allows\n context-dependent attackers to cause a denial of service (crash)\n or possibly execute arbitrary code.\n\nCVE-2013-4788\n\n When the GNU C library is statically linked into an executable,\n the PTR_MANGLE implementation does not initialize the random value\n for the pointer guard, so that various hardening mechanisms are not\n effective.\n\nCVE-2013-7423\n\n The send_dg function in resolv/res_send.c does not properly reuse\n file descriptors, which allows remote attackers to send DNS\n queries to unintended locations via a large number of requests that\n trigger a call to the getaddrinfo function.\n\nCVE-2013-7424\n\n The getaddrinfo function may attempt to free an invalid pointer\n when handling IDNs (Internationalised Domain Names), which allows\n remote attackers to cause a denial of service (crash) or possibly\n execute arbitrary code.\n\nCVE-2014-4043\n\n The posix_spawn_file_actions_addopen function does not copy its\n path argument in accordance with the POSIX specification, which\n allows context-dependent attackers to trigger use-after-free\n vulnerabilities.\n\nFor the oldstable distribution (squeeze), these problems have been fixed\nin version 2.11.3-4+deb6u5.\n\nFor the stable distribution (wheezy), these problems were fixed in\nversion 2.13-38+deb7u8 or earlier.\n\n-- \nBen Hutchings - Debian developer, member of Linux kernel and LTS teams\n\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2015-03-06T15:39:53", "type": "debian", "title": "[SECURITY] [DLA 165-1] eglibc security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480", "CVE-2012-4412", "CVE-2012-4424", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4237", "CVE-2013-4332", "CVE-2013-4357", "CVE-2013-4458", "CVE-2013-4788", "CVE-2013-7423", "CVE-2013-7424", "CVE-2014-4043", "CVE-2015-1472", "CVE-2015-1473"], "modified": "2015-03-06T15:39:53", "id": "DEBIAN:DLA-165-1:23BFE", "href": "https://lists.debian.org/debian-lts-announce/2015/03/msg00002.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2021-09-01T16:00:43", "description": "", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2021-09-01T00:00:00", "type": "packetstorm", "title": "Moxa Command Injection / Cross Site Scripting / Vulnerable Software", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1914", "CVE-2013-7423", "CVE-2015-0235", "CVE-2015-7547", "CVE-2016-1234", "CVE-2021-39278", "CVE-2021-39279"], "modified": "2021-09-01T00:00:00", "id": "PACKETSTORM:164014", "href": "https://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html", "sourceData": "`SEC Consult Vulnerability Lab Security Advisory < 20210901-0 > \n======================================================================= \ntitle: Multiple vulnerabilities \nproduct: see \"Vulnerable / tested versions\" \nvulnerable version: see \"Vulnerable / tested versions\" \nfixed version: see \"Solution\" \nCVE number: CVE-2021-39278, CVE-2021-39279 \nimpact: High \nhomepage: https://www.moxa.com/ \nfound: 2020-08-31 \nby: T. Weber (Office Vienna) \nSEC Consult Vulnerability Lab \n \nAn integrated part of SEC Consult, an Atos company \nEurope | Asia | North America \n \nhttps://www.sec-consult.com \n \n======================================================================= \n \nVendor description: \n------------------- \n\"Together, We Create Change \n \nMoxa is committed to making a positive impact around the world. We put our all \nbehind this commitment--from our employees, to our products and supply chain. \n \nIn our local communities, we nurture and support the spirit of volunteering. \nWe encourage our employees to contribute to community development, with an \nemphasis on ecology, education, and health. \n \nIn our products, we invest in social awareness programs and \nenvironment-friendly policies at every stage of the product lifecycle. We make \nsure our manufacturing meets the highest standards with regards to quality, \nethics, and sustainability.\" \n \nSource: https://www.moxa.com/en/about-us/corporate-responsibility \n \nBusiness recommendation: \n------------------------ \nSEC Consult recommends to immediately apply the available patches \nfrom the vendor. A thorough security review should be performed by \nsecurity professionals to identify further potential security issues. \n \n \nVulnerability overview/description: \n----------------------------------- \n1) Authenticated Command Injection (CVE-2021-39279) \nAn authenticated command injection vulnerability can be triggered by issuing a \nGET request to the \"/forms/web_importTFTP\" CGI program which is available on \nthe web interface. An attacker can abuse this vulnerability to compromise the \noperating system of the device. This issue was found by emulating the firmware \nof the device. \n \n2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278) \nVia a crafted config-file, a reflected cross-site scripting vulnerability can \nbe exploited in the context of the victim's browser. This config-file can be \nuploaded to the device via the \"Config Import Export\" tab in the main menu. \n \n3) Known GNU glibc Vulnerabilities (CVE-2015-0235) \nThe used GNU glibc in version 2.9 is outdated and contains multiple known \nvulnerabilities. One of the discovered vulnerabilities (CVE-2015-0235, \ngethostbyname \"GHOST\" buffer overflow) was verified by using the MEDUSA \nscalable firmware runtime. \n \n4) Multiple Outdated Software Components \nMultiple outdated software components containing vulnerabilities were found by \nthe IoT Inspector. \n \nThe vulnerabilities 1), 2) and 3) were manually verified on an emulated device \nby using the MEDUSA scalable firmware runtime. \n \nProof of concept: \n----------------- \n1) Authenticated Command Injection (CVE-2021-39279) \nThe vulnerability can be triggered by navigating in the web interface to the \ntab: \n \n\"Main Menu\"->\"Maintenance\"->\"Config Import Export\" \n \nThe \"TFTP Import\" menu is prone to command injection via all parameters. To \nexploit the vulnerability, an IP address, a configuration path and a filename \nmust be set. \nIf the filename is used to trigger the exploit, the payload in the interceptor \nproxy would be: \n \nhttp://192.168.1.1/forms/web_importTFTP?servIP=192.168.1.1&configPath=/&fileName=name|`ping localhost -c 100` \n \n \n2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278) \nThe vulnerability can be triggered by navigating in the web interface to the \ntab: \n \n\"Main Menu\"->\"Maintenance\"->\"Config Import Export\" \n \nThe \"Config Import\" menu is prone to reflected cross-site scripting via the \nupload of config files. Example of malicious config file: \n------------------------------------------------------------------------------- \n[board] \ndeviceName=\"WAC-2004_0000</span><script>alert(document.cookie)</script>\" \ndeviceLocation=\"\" \n[..] \n------------------------------------------------------------------------------- \nUploading such a crafted file triggers cross-site scripting as the erroneous \nvalue is displayed without filtering characters. \n \n \n3) Known GNU glibc Vulnerabilities (CVE-2015-0235) \nGNU glibc version 2.9 contains multiple CVEs like: \nCVE-2016-1234, CVE-2015-7547, CVE-2013-7423, CVE-2013-1914, and more. \n \nThe gethostbyname buffer overflow vulnerability (GHOST) was checked with the \nhelp of the exploit code from https://seclists.org/oss-sec/2015/q1/274. It was \ncompiled and executed on the emulated device to test the system. \n \n \n4) Multiple Outdated Software Components \nThe IoT Inspector recognized multiple outdated software components with known \nvulnerabilities: \n \nBusyBox 1.18.5 06/2011 \nDropbear SSH 2011.54 11/2011 \nGNU glibc 2.9 02/2009 \nLinux Kernel 2.6.27 10/2008 \nOpenSSL 0.9.7g 04/2005 \nOnly found in the program \"iw_director\" \nOpenSSL 1.0.0 03/2010 \n \n \nVulnerable / tested versions: \n----------------------------- \nThe following firmware versions for various devices have been identified \nto be vulnerable: \n* WAC-2004 / 1.7 \n* WAC-1001 / 2.1 \n* WAC-1001-T / 2.1 \n* OnCell G3470A-LTE-EU / 1.7 \n* OnCell G3470A-LTE-EU-T / 1.7 \n* TAP-323-EU-CT-T / 1.3 \n* TAP-323-US-CT-T / 1.3 \n* TAP-323-JP-CT-T / 1.3 \n* WDR-3124A-EU / 2.3 \n* WDR-3124A-EU-T / 2.3 \n* WDR-3124A-US / 2.3 \n* WDR-3124A-US-T / 2.3 \n \n \nVendor contact timeline: \n------------------------ \n2020-10-09: Contacting vendor through moxa.csrt@moxa.com. \n2020-10-12: Contact sends PGP key for encrypted communication and asks for the \ndetailed advisory. Sent encrypted advisory to vendor. \n2020-11-06: Status update from vendor regarding technical analysis. Vendor \nrequested more time for fixing the vulnerabilities as more products \nare affected. \n2020-11-09: Granted more time for fixing to vendor. \n2020-11-10: Vendor asked for next steps regarding the advisory publication. \n2020-11-11: Asked vendor for an estimation when a public disclosure is possible. \n2020-11-16: Vendor responded that the product team can give a rough feedback. \n2020-11-25: Asked for a status update. \n2020-11-25: Vendor responded that the investigation is not done yet. \n2020-12-14: Vendor provided a list of potential affected devices and stated \nthat full investigation may take until January 2021 due to the list \nof CVEs that were provided with the appended IoT Inspector report. \nThe patches may be available until June 2021. \n2020-12-15: Shifted next status update round with vendor on May 2021. \n2020-12-23: Vendor provided full list of affected devices. \n2021-02-05: Vendor sieved out the found issues from 4) manually and provided a \nfull list of confirmed vulnerabilities. WAC-2004 phased-out in \n2019. \n2021-02-21: Confirmed receive of vulnerabilities, next status update in May \n2021. \n2021-06-10: Asking for an update. \n2021-06-15: Vendor stated, that the update will be provided in the next days. \n2021-06-21: Vendor will give an update in the next week as Covid gets worse in \nTaiwan. \n2021-06-23: Vendor stated, that patches are under development. Vendor needs more \ntime to finish the patches. \n2021-06-24: Set release date to 2021-09-01. \n2021-07-02: Vendor provides status updates. \n2021-08-16: Vendor provides status updates. \n2021-08-17: Vendor asks for CVE IDs and stated, that WDR-3124A has phased-out. \n2021-08-20: Sent assigned CVE-IDs to vendor. Asked for fixed version numbers. \n2021-08-31: Vendor provides fixed firmware version numbers and the advisory \nlinks. \n2021-09-01: Coordinated release of security advisory. \n \nSolution: \n--------- \nAccording to the vendor the following patches must be applied to fix issues: \n* WAC-1001 / 2.1.5 \n* WAC-1001-T / 2.1.5 \n* OnCell G3470A-LTE-EU / 1.7.4 \n* OnCell G3470A-LTE-EU-T / 1.7.4 \n* TAP-323-EU-CT-T / 1.8.1 \n* TAP-323-US-CT-T / 1.8.1 \n* TAP-323-JP-CT-T / 1.8.1 \n \nThe Moxa Technical Support must be contacted for requesting the security \npatches. \n \nThe corresponding security advisories for the affected devices are available on \nthe vendor's website: \nTAP-323/WAC-1001/WAC-2004 \nhttps://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities \nOnCell G3470A-LTE/WDR-3124A \nhttps://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities \n \nThe following device models are EOL and should be replaced: \n* WAC-2004 \n* WDR-3124A-EU \n* WDR-3124A-EU-T \n* WDR-3124A-US \n* WDR-3124A-US-T \n \n \nWorkaround: \n----------- \nNone. \n \n \nAdvisory URL: \n------------- \nhttps://sec-consult.com/vulnerability-lab/ \n \n \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \n \nSEC Consult Vulnerability Lab \n \nSEC Consult, an Atos company \nEurope | Asia | North America \n \nAbout SEC Consult Vulnerability Lab \nThe SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an \nAtos company. It ensures the continued knowledge gain of SEC Consult in the \nfield of network and application security to stay ahead of the attacker. The \nSEC Consult Vulnerability Lab supports high-quality penetration testing and \nthe evaluation of new offensive and defensive technologies for our customers. \nHence our customers obtain the most current information about vulnerabilities \nand valid recommendation about the risk profile of new technologies. \n \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \nInterested to work with the experts of SEC Consult? \nSend us your application https://sec-consult.com/career/ \n \nInterested in improving your cyber security with the experts of SEC Consult? \nContact our local offices https://sec-consult.com/contact/ \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \n \nMail: research at sec-consult dot com \nWeb: https://www.sec-consult.com \nBlog: http://blog.sec-consult.com \nTwitter: https://twitter.com/sec_consult \n \nEOF Thomas Weber / @2021 \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/164014/SA-20210901-0.txt", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2022-03-23T04:23:08", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-01T00:00:00", "type": "zdt", "title": "Moxa Command Injection / Cross Site Scripting Vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1914", "CVE-2013-7423", "CVE-2015-0235", "CVE-2015-7547", "CVE-2016-1234", "CVE-2021-39278", "CVE-2021-39279"], "modified": "2021-09-01T00:00:00", "id": "1337DAY-ID-36699", "href": "https://0day.today/exploit/description/36699", "sourceData": "=======================================================================\n title: Multiple vulnerabilities\n product: see \"Vulnerable / tested versions\"\n vulnerable version: see \"Vulnerable / tested versions\"\n fixed version: see \"Solution\"\n CVE number: CVE-2021-39278, CVE-2021-39279\n impact: High\n homepage: https://www.moxa.com/\n found: 2020-08-31\n by: T. Weber (Office Vienna)\n SEC Consult Vulnerability Lab\n\n An integrated part of SEC Consult, an Atos company\n Europe | Asia | North America\n\n https://www.sec-consult.com\n\n=======================================================================\n\nVendor description:\n-------------------\n\"Together, We Create Change\n\nMoxa is committed to making a positive impact around the world. We put our all\nbehind this commitment--from our employees, to our products and supply chain.\n\nIn our local communities, we nurture and support the spirit of volunteering.\nWe encourage our employees to contribute to community development, with an\nemphasis on ecology, education, and health.\n\nIn our products, we invest in social awareness programs and\nenvironment-friendly policies at every stage of the product lifecycle. We make\nsure our manufacturing meets the highest standards with regards to quality,\nethics, and sustainability.\"\n\nSource: https://www.moxa.com/en/about-us/corporate-responsibility\n\nBusiness recommendation:\n------------------------\nSEC Consult recommends to immediately apply the available patches\nfrom the vendor. A thorough security review should be performed by\nsecurity professionals to identify further potential security issues.\n\n\nVulnerability overview/description:\n-----------------------------------\n1) Authenticated Command Injection (CVE-2021-39279)\nAn authenticated command injection vulnerability can be triggered by issuing a\nGET request to the \"/forms/web_importTFTP\" CGI program which is available on\nthe web interface. An attacker can abuse this vulnerability to compromise the\noperating system of the device. This issue was found by emulating the firmware\nof the device.\n\n2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278)\nVia a crafted config-file, a reflected cross-site scripting vulnerability can\nbe exploited in the context of the victim's browser. This config-file can be\nuploaded to the device via the \"Config Import Export\" tab in the main menu.\n\n3) Known GNU glibc Vulnerabilities (CVE-2015-0235)\nThe used GNU glibc in version 2.9 is outdated and contains multiple known\nvulnerabilities. One of the discovered vulnerabilities (CVE-2015-0235,\ngethostbyname \"GHOST\" buffer overflow) was verified by using the MEDUSA\nscalable firmware runtime.\n\n4) Multiple Outdated Software Components\nMultiple outdated software components containing vulnerabilities were found by\nthe IoT Inspector.\n\nThe vulnerabilities 1), 2) and 3) were manually verified on an emulated device\nby using the MEDUSA scalable firmware runtime.\n\nProof of concept:\n-----------------\n1) Authenticated Command Injection (CVE-2021-39279)\nThe vulnerability can be triggered by navigating in the web interface to the\ntab:\n\n\"Main Menu\"->\"Maintenance\"->\"Config Import Export\"\n\nThe \"TFTP Import\" menu is prone to command injection via all parameters. To\nexploit the vulnerability, an IP address, a configuration path and a filename\nmust be set.\nIf the filename is used to trigger the exploit, the payload in the interceptor\nproxy would be:\n\nhttp://192.168.1.1/forms/web_importTFTP?servIP=192.168.1.1&configPath=/&fileName=name|`ping localhost -c 100`\n\n\n2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278)\nThe vulnerability can be triggered by navigating in the web interface to the\ntab:\n\n\"Main Menu\"->\"Maintenance\"->\"Config Import Export\"\n\nThe \"Config Import\" menu is prone to reflected cross-site scripting via the\nupload of config files. Example of malicious config file:\n-------------------------------------------------------------------------------\n[board]\ndeviceName=\"WAC-2004_0000</span><script>alert(document.cookie)</script>\"\ndeviceLocation=\"\"\n[..]\n-------------------------------------------------------------------------------\nUploading such a crafted file triggers cross-site scripting as the erroneous\nvalue is displayed without filtering characters.\n\n\n3) Known GNU glibc Vulnerabilities (CVE-2015-0235)\nGNU glibc version 2.9 contains multiple CVEs like:\nCVE-2016-1234, CVE-2015-7547, CVE-2013-7423, CVE-2013-1914, and more.\n\nThe gethostbyname buffer overflow vulnerability (GHOST) was checked with the\nhelp of the exploit code from https://seclists.org/oss-sec/2015/q1/274. It was\ncompiled and executed on the emulated device to test the system.\n\n\n4) Multiple Outdated Software Components\nThe IoT Inspector recognized multiple outdated software components with known\nvulnerabilities:\n\nBusyBox 1.18.5 06/2011\nDropbear SSH 2011.54 11/2011\nGNU glibc 2.9 02/2009\nLinux Kernel 2.6.27 10/2008\nOpenSSL 0.9.7g 04/2005\nOnly found in the program \"iw_director\"\nOpenSSL 1.0.0 03/2010\n\n\nVulnerable / tested versions:\n-----------------------------\nThe following firmware versions for various devices have been identified\nto be vulnerable:\n* WAC-2004 / 1.7\n* WAC-1001 / 2.1\n* WAC-1001-T / 2.1\n* OnCell G3470A-LTE-EU / 1.7\n* OnCell G3470A-LTE-EU-T / 1.7\n* TAP-323-EU-CT-T / 1.3\n* TAP-323-US-CT-T / 1.3\n* TAP-323-JP-CT-T / 1.3\n* WDR-3124A-EU / 2.3\n* WDR-3124A-EU-T / 2.3\n* WDR-3124A-US / 2.3\n* WDR-3124A-US-T / 2.3\n\n\nVendor contact timeline:\n------------------------\n2020-10-09: Contacting vendor through [email\u00a0protected]\n2020-10-12: Contact sends PGP key for encrypted communication and asks for the\n detailed advisory. Sent encrypted advisory to vendor.\n2020-11-06: Status update from vendor regarding technical analysis. Vendor\n requested more time for fixing the vulnerabilities as more products\n are affected.\n2020-11-09: Granted more time for fixing to vendor.\n2020-11-10: Vendor asked for next steps regarding the advisory publication.\n2020-11-11: Asked vendor for an estimation when a public disclosure is possible.\n2020-11-16: Vendor responded that the product team can give a rough feedback.\n2020-11-25: Asked for a status update.\n2020-11-25: Vendor responded that the investigation is not done yet.\n2020-12-14: Vendor provided a list of potential affected devices and stated\n that full investigation may take until January 2021 due to the list\n of CVEs that were provided with the appended IoT Inspector report.\n The patches may be available until June 2021.\n2020-12-15: Shifted next status update round with vendor on May 2021.\n2020-12-23: Vendor provided full list of affected devices.\n2021-02-05: Vendor sieved out the found issues from 4) manually and provided a\n full list of confirmed vulnerabilities. WAC-2004 phased-out in\n 2019.\n2021-02-21: Confirmed receive of vulnerabilities, next status update in May\n 2021.\n2021-06-10: Asking for an update.\n2021-06-15: Vendor stated, that the update will be provided in the next days.\n2021-06-21: Vendor will give an update in the next week as Covid gets worse in\n Taiwan.\n2021-06-23: Vendor stated, that patches are under development. Vendor needs more\n time to finish the patches.\n2021-06-24: Set release date to 2021-09-01.\n2021-07-02: Vendor provides status updates.\n2021-08-16: Vendor provides status updates.\n2021-08-17: Vendor asks for CVE IDs and stated, that WDR-3124A has phased-out.\n2021-08-20: Sent assigned CVE-IDs to vendor. Asked for fixed version numbers.\n2021-08-31: Vendor provides fixed firmware version numbers and the advisory\n links.\n2021-09-01: Coordinated release of security advisory.\n\nSolution:\n---------\nAccording to the vendor the following patches must be applied to fix issues:\n* WAC-1001 / 2.1.5\n* WAC-1001-T / 2.1.5\n* OnCell G3470A-LTE-EU / 1.7.4\n* OnCell G3470A-LTE-EU-T / 1.7.4\n* TAP-323-EU-CT-T / 1.8.1\n* TAP-323-US-CT-T / 1.8.1\n* TAP-323-JP-CT-T / 1.8.1\n\nThe Moxa Technical Support must be contacted for requesting the security\npatches.\n\nThe corresponding security advisories for the affected devices are available on\nthe vendor's website:\nTAP-323/WAC-1001/WAC-2004\nhttps://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities\nOnCell G3470A-LTE/WDR-3124A\nhttps://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities\n\nThe following device models are EOL and should be replaced:\n* WAC-2004\n* WDR-3124A-EU\n* WDR-3124A-EU-T\n* WDR-3124A-US\n* WDR-3124A-US-T\n", "sourceHref": "https://0day.today/exploit/36699", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:35:28", "description": "This glibc update fixes a critical privilege escalation vulnerability and\n the following security and non-security issues:\n\n * bnc#892073: An off-by-one error leading to a heap-based buffer\n overflow was found in __gconv_translit_find(). An exploit that\n targets the problem is publicly available. (CVE-2014-5119)\n * bnc#886416: Avoid redundant shift character in iconv output at block\n boundary.\n * bnc#883022: Initialize errcode in sysdeps/unix/opendir.c.\n * bnc#882600: Copy filename argument in\n posix_spawn_file_actions_addopen. (CVE-2014-4043)\n * bnc#864081: Take lock in pthread_cond_wait cleanup handler only when\n needed.\n * bnc#843735: Don't crash on unresolved weak symbol reference.\n * bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332)\n * bnc#836746: Avoid race between {,__de}allocate_stack and\n __reclaim_stacks during fork.\n * bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237)\n * bnc#830268: Initialize pointer guard also in static executables.\n (CVE-2013-4788)\n * bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242)\n * bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412)\n * bnc#750741: Use absolute timeout in x86 pthread_cond_timedwait.\n\n Security Issues:\n\n * CVE-2014-5119\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119</a>>\n * CVE-2014-4043\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043</a>>\n * CVE-2012-4412\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412</a>>\n * CVE-2013-0242\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242</a>>\n * CVE-2013-4788\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788</a>>\n * CVE-2013-4237\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237</a>>\n * CVE-2013-4332\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332</a>>\n\n", "cvss3": {}, "published": "2014-09-12T06:04:16", "type": "suse", "title": "Security update for glibc (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2014-5119", "CVE-2014-4043", "CVE-2013-4788", "CVE-2012-4412", "CVE-2013-4332", "CVE-2013-4237"], "modified": "2014-09-12T06:04:16", "id": "SUSE-SU-2014:1122-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00013.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:57:20", "description": "This glibc update fixes a critical privilege escalation problem and the\n following security and non-security issues:\n\n * bnc#892073: An off-by-one error leading to a heap-based buffer\n overflow was found in __gconv_translit_find(). An exploit that\n targets the problem is publicly available. (CVE-2014-5119)\n * bnc#882600: Copy filename argument in\n posix_spawn_file_actions_addopen. (CVE-2014-4043)\n * bnc#860501: Use O_LARGEFILE for utmp file.\n * bnc#842291: Fix typo in glibc-2.5-dlopen-lookup-race.diff.\n * bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332)\n * bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237)\n * bnc#824639: Drop lock before calling malloc_printerr.\n * bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242)\n * bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412)\n * bnc#894556 / bnc#894553: Fix crashes on invalid input in IBM gconv\n modules. (CVE-2014-6040, CVE-2012-6656, bnc#894553, bnc#894556,\n BZ#17325, BZ#14134)\n\n Security Issues:\n\n * CVE-2014-5119\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119</a>>\n * CVE-2014-4043\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043</a>>\n * CVE-2013-4332\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332</a>>\n * CVE-2013-4237\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237</a>>\n * CVE-2013-0242\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242</a>>\n * CVE-2012-4412\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412</a>>\n\n\n", "cvss3": {}, "published": "2014-09-15T19:04:18", "type": "suse", "title": "Security update for glibc (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-0242", "CVE-2014-5119", "CVE-2014-4043", "CVE-2014-6040", "CVE-2012-4412", "CVE-2013-4332", "CVE-2012-6656", "CVE-2013-4237"], "modified": "2014-09-15T19:04:18", "id": "SUSE-SU-2014:1128-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00019.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osv": [{"lastseen": "2022-08-05T05:18:29", "description": "\nSeveral vulnerabilities have been fixed in eglibc, Debian's version of\nthe GNU C library.\n\n\n* #553206,\n[CVE-2015-1472](https://security-tracker.debian.org/tracker/CVE-2015-1472),\n[CVE-2015-1473](https://security-tracker.debian.org/tracker/CVE-2015-1473)\nThe scanf family of functions do not properly limit stack\n allocation, which allows context-dependent attackers to cause a\n denial of service (crash) or possibly execute arbitrary code.\n\n* [CVE-2012-3405](https://security-tracker.debian.org/tracker/CVE-2012-3405)\nThe printf family of functions do not properly calculate a buffer\n length, which allows context-dependent attackers to bypass the\n FORTIFY\\_SOURCE format-string protection mechanism and cause a\n denial of service.\n* [CVE-2012-3406](https://security-tracker.debian.org/tracker/CVE-2012-3406)\nThe printf family of functions do not properly limit stack\n allocation, which allows context-dependent attackers to bypass the\n FORTIFY\\_SOURCE format-string protection mechanism and cause a\n denial of service (crash) or possibly execute arbitrary code via a\n crafted format string.\n* [CVE-2012-3480](https://security-tracker.debian.org/tracker/CVE-2012-3480)\nMultiple integer overflows in the strtod, strtof, strtold,\n strtod\\_l, and other related functions allow local users to cause a\n denial of service (application crash) and possibly execute\n arbitrary code via a long string, which triggers a stack-based\n buffer overflow.\n* [CVE-2012-4412](https://security-tracker.debian.org/tracker/CVE-2012-4412)\nInteger overflow in the strcoll and wcscoll functions allows\n context-dependent attackers to cause a denial of service (crash)\n or possibly execute arbitrary code via a long string, which\n triggers a heap-based buffer overflow.\n* [CVE-2012-4424](https://security-tracker.debian.org/tracker/CVE-2012-4424)\nStack-based buffer overflow in the strcoll and wcscoll functions\n allows context-dependent attackers to cause a denial of service\n (crash) or possibly execute arbitrary code via a long string that\n triggers a malloc failure and use of the alloca function.\n* [CVE-2013-0242](https://security-tracker.debian.org/tracker/CVE-2013-0242)\nBuffer overflow in the extend\\_buffers function in the regular\n expression matcher allows context-dependent attackers to cause a\n denial of service (memory corruption and crash) via crafted\n multibyte characters.\n* [CVE-2013-1914](https://security-tracker.debian.org/tracker/CVE-2013-1914),\n [CVE-2013-4458](https://security-tracker.debian.org/tracker/CVE-2013-4458)\nStack-based buffer overflow in the getaddrinfo function allows\n remote attackers to cause a denial of service (crash) via a\n hostname or IP address that triggers a large number of domain\n conversion results.\n* [CVE-2013-4237](https://security-tracker.debian.org/tracker/CVE-2013-4237)\nreaddir\\_r allows context-dependent attackers to cause a denial of\n service (out-of-bounds write and crash) or possibly execute\n arbitrary code via a malicious NTFS image or CIFS service.\n* [CVE-2013-4332](https://security-tracker.debian.org/tracker/CVE-2013-4332)\nMultiple integer overflows in malloc/malloc.c allow\n context-dependent attackers to cause a denial of service (heap\n corruption) via a large value to the pvalloc, valloc,\n posix\\_memalign, memalign, or aligned\\_alloc functions.\n* [CVE-2013-4357](https://security-tracker.debian.org/tracker/CVE-2013-4357)\nThe getaliasbyname, getaliasbyname\\_r, getaddrinfo, getservbyname,\n getservbyname\\_r, getservbyport, getservbyport\\_r, and glob\n functions do not properly limit stack allocation, which allows\n context-dependent attackers to cause a denial of service (crash)\n or possibly execute arbitrary code.\n* [CVE-2013-4788](https://security-tracker.debian.org/tracker/CVE-2013-4788)\nWhen the GNU C library is statically linked into an executable,\n the PTR\\_MANGLE implementation does not initialize the random value\n for the pointer guard, so that various hardening mechanisms are not\n effective.\n* [CVE-2013-7423](https://security-tracker.debian.org/tracker/CVE-2013-7423)\nThe send\\_dg function in resolv/res\\_send.c does not properly reuse\n file descriptors, which allows remote attackers to send DNS\n queries to unintended locations via a large number of requests that\n trigger a call to the getaddrinfo function.\n* [CVE-2013-7424](https://security-tracker.debian.org/tracker/CVE-2013-7424)\nThe getaddrinfo function may attempt to free an invalid pointer\n when handling IDNs (Internationalised Domain Names), which allows\n remote attackers to cause a denial of service (crash) or possibly\n execute arbitrary code.\n* [CVE-2014-4043](https://security-tracker.debian.org/tracker/CVE-2014-4043)\nThe posix\\_spawn\\_file\\_actions\\_addopen function does not copy its\n path argument in accordance with the POSIX specification, which\n allows context-dependent attackers to trigger use-after-free\n vulnerabilities.\n\n\nFor the oldstable distribution (squeeze), these problems have been fixed\nin version 2.11.3-4+deb6u5.\n\n\nFor the stable distribution (wheezy), these problems were fixed in\nversion 2.13-38+deb7u8 or earlier.\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-03-06T00:00:00", "type": "osv", "title": "eglibc - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0242", "CVE-2014-4043", "CVE-2013-4788", "CVE-2012-3405", "CVE-2012-4412", "CVE-2012-4424", "CVE-2013-4357", "CVE-2013-4332", "CVE-2012-3480", "CVE-2013-1914", "CVE-2013-4458", "CVE-2011-5320", "CVE-2015-1473", "CVE-2015-1472", "CVE-2013-4237", "CVE-2013-7423", "CVE-2012-3406", "CVE-2013-7424"], "modified": "2022-08-05T05:18:21", "id": "OSV:DLA-165-1", "href": "https://osv.dev/vulnerability/DLA-165-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Updated glibc packages fixes the following security issues: Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. (CVE-2012-4412) Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. (CVE-2012-4424) pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. (CVE-2013-2207) NOTE! This is fixed by removing pt_chown wich may break chroots if their devpts was not mounted correctly. (make sure to mount the devpts correctly with gid=5) sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image. (CVE-2013-4237) Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. (CVE-2013-4332) A stack (frame) overflow flaw, which led to a denial of service (application crash), was found in the way glibc's getaddrinfo() function processed certain requests when called with AF_INET6. A similar flaw to CVE-2013-1914, this affects AF_INET6 rather than AF_UNSPEC (CVE-2013-4458). The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context- dependent attackers to control execution flow by leveraging a buffer- overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. (CVE-2013-4788) Other fixes in this update: \\- Correct the processing of '\\x80' characters in crypt_freesec.c \\- drop minimal required kernel to 2.6.32 so it works in chroots on top of enterprise kernels and for OpenVZ users. \\- fix typo in nscd.service \n", "cvss3": {}, "published": "2013-11-22T18:44:49", "type": "mageia", "title": "Updated glibc package fixes security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4412", "CVE-2012-4424", "CVE-2013-1914", "CVE-2013-2207", "CVE-2013-4237", "CVE-2013-4332", "CVE-2013-4458", "CVE-2013-4788"], "modified": "2013-11-22T18:44:49", "id": "MGASA-2013-0340", "href": "https://advisories.mageia.org/MGASA-2013-0340.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}