Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2014 Greenbone Networks GmbHOPENVAS:1361412562310850610
HistorySep 12, 2014 - 12:00 a.m.

openSUSE: Security Advisory for glibc (openSUSE-SU-2014:1115-1)

2014-09-1200:00:00
Copyright (C) 2014 Greenbone Networks GmbH
plugins.openvas.org
15

8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.1%

JSON

The remote host is missing an update for the

# Copyright (C) 2014 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.850610");
  script_version("2022-07-05T11:37:00+0000");
  script_tag(name:"last_modification", value:"2022-07-05 11:37:00 +0000 (Tue, 05 Jul 2022)");
  script_tag(name:"creation_date", value:"2014-09-12 05:56:57 +0200 (Fri, 12 Sep 2014)");
  script_cve_id("CVE-2014-0475", "CVE-2014-5119", "CVE-2014-6040");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_name("openSUSE: Security Advisory for glibc (openSUSE-SU-2014:1115-1)");

  script_tag(name:"insight", value:"glibc was updated to fix three security
issues:

  - A directory traversal in locale environment handling was fixed
  (CVE-2014-0475, bnc#887022, GLIBC BZ #17137)

  - Disable gconv transliteration module loading which could be used for
  code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187)

  - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040,
  bnc#894553, BZ #17325)");

  script_tag(name:"affected", value:"glibc on openSUSE 13.1, openSUSE 12.3");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  script_xref(name:"openSUSE-SU", value:"2014:1115-1");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'glibc'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=(openSUSE12\.3|openSUSE13\.1)");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "openSUSE12.3") {
  if(!isnull(res = isrpmvuln(pkg:"glibc", rpm:"glibc~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-debuginfo", rpm:"glibc-debuginfo~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-debugsource", rpm:"glibc-debugsource~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-devel", rpm:"glibc-devel~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-devel-debuginfo", rpm:"glibc-devel-debuginfo~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-devel-static", rpm:"glibc-devel-static~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-extra", rpm:"glibc-extra~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-extra-debuginfo", rpm:"glibc-extra-debuginfo~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-locale", rpm:"glibc-locale~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-locale-debuginfo", rpm:"glibc-locale-debuginfo~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-profile", rpm:"glibc-profile~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"nscd", rpm:"nscd~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"nscd-debuginfo", rpm:"nscd-debuginfo~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-utils", rpm:"glibc-utils~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-utils-debuginfo", rpm:"glibc-utils-debuginfo~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-utils-debugsource", rpm:"glibc-utils-debugsource~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-obsolete", rpm:"glibc-obsolete~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-obsolete-debuginfo", rpm:"glibc-obsolete-debuginfo~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-32bit", rpm:"glibc-32bit~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-debuginfo-32bit", rpm:"glibc-debuginfo-32bit~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-devel-32bit", rpm:"glibc-devel-32bit~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-devel-debuginfo-32bit", rpm:"glibc-devel-debuginfo-32bit~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-devel-static-32bit", rpm:"glibc-devel-static-32bit~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-locale-32bit", rpm:"glibc-locale-32bit~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-locale-debuginfo-32bit", rpm:"glibc-locale-debuginfo-32bit~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-profile-32bit", rpm:"glibc-profile-32bit~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-utils-32bit", rpm:"glibc-utils-32bit~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-utils-debuginfo-32bit", rpm:"glibc-utils-debuginfo-32bit~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-html", rpm:"glibc-html~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-i18ndata", rpm:"glibc-i18ndata~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-info", rpm:"glibc-info~2.17~4.13.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "openSUSE13.1") {
  if(!isnull(res = isrpmvuln(pkg:"glibc", rpm:"glibc~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-debuginfo", rpm:"glibc-debuginfo~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-debugsource", rpm:"glibc-debugsource~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-devel", rpm:"glibc-devel~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-devel-debuginfo", rpm:"glibc-devel-debuginfo~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-devel-static", rpm:"glibc-devel-static~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-extra", rpm:"glibc-extra~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-extra-debuginfo", rpm:"glibc-extra-debuginfo~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-locale", rpm:"glibc-locale~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-locale-debuginfo", rpm:"glibc-locale-debuginfo~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-profile", rpm:"glibc-profile~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"nscd", rpm:"nscd~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"nscd-debuginfo", rpm:"nscd-debuginfo~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-utils", rpm:"glibc-utils~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-utils-debuginfo", rpm:"glibc-utils-debuginfo~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-utils-debugsource", rpm:"glibc-utils-debugsource~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-obsolete", rpm:"glibc-obsolete~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-obsolete-debuginfo", rpm:"glibc-obsolete-debuginfo~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-32bit", rpm:"glibc-32bit~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-debuginfo-32bit", rpm:"glibc-debuginfo-32bit~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-devel-32bit", rpm:"glibc-devel-32bit~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-devel-debuginfo-32bit", rpm:"glibc-devel-debuginfo-32bit~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-devel-static-32bit", rpm:"glibc-devel-static-32bit~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-locale-32bit", rpm:"glibc-locale-32bit~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-locale-debuginfo-32bit", rpm:"glibc-locale-debuginfo-32bit~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-profile-32bit", rpm:"glibc-profile-32bit~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-utils-32bit", rpm:"glibc-utils-32bit~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-utils-debuginfo-32bit", rpm:"glibc-utils-debuginfo-32bit~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-html", rpm:"glibc-html~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-i18ndata", rpm:"glibc-i18ndata~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-info", rpm:"glibc-info~2.18~4.21.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

References

Related

suse 8
nessus 55
openvas 54
centos 3
mageia 2
ibm 14
securityvulns 5
fedora 3
redhat 4
osv 5
ubuntu 5
oraclelinux 6
debian 5
f5 4
slackware 1
zdt 1
prion 3
ubuntucve 3
amazon 4
cve 3
exploitpack 1
seebug 1
debiancve 3
cloudfoundry 1
veracode 2
exploitdb 1
gentoo 1
altlinux 1
suse
suse
glibc (important)
2014-09-11 09:04:39
Security update for glibc (important)
2014-09-15 19:06:41
Security update for glibc (important)
2014-09-13 03:04:16
nessus
nessus
openSUSE Security Update : glibc (openSUSE-SU-2014:1115-1)
2014-09-12 00:00:00
CentOS 5 / 6 / 7 : glibc (CESA-2014:1110)
2014-08-30 00:00:00
Debian DLA-43-1 : eglibc security update
2015-03-26 00:00:00
openvas
openvas
Fedora Update for glibc FEDORA-2015-2845
2015-03-05 00:00:00
Mageia: Security Advisory (MGASA-2014-0376)
2022-01-28 00:00:00
CentOS Update for glibc CESA-2014:1110 centos6
2014-08-30 00:00:00
centos
centos
glibc, nscd security update
2014-08-29 20:28:37
glibc, nscd security update
2015-03-17 13:28:04
glibc, nscd security update
2015-01-07 22:45:41
mageia
mageia
Updated glibc packages fix multiple security vulnerabilities
2014-09-15 14:36:30
Updated glibc packages fix security issues
2014-08-06 00:08:48
ibm
ibm
Security Bulletin: Vulnerabilities in GNU C Library affects IBM SmartCloud Provisioning for Software Virtual Appliance (CVE-2014-5119, CVE-2014-0475)
2018-06-17 22:30:11
Security Bulletin: Two (2) Vulnerabilities in glibc affect IBM FlashSystem (and TMS RAMSAN) 710, 720, 810, and 820 systems (CVE-2014-5119 and CVE-2014-0475)
2023-02-28 01:12:10
Security Bulletin: Vulnerabilities in glibc affect the IBM Flex System Manager (FSM): (CVE-2013-4332, CVE-2014-0475, CVE-2014-5119)
2019-01-31 01:35:01
securityvulns
securityvulns
[USN-2328-1] GNU C Library vulnerability
2014-09-01 00:00:00
GNU glibc buffer overflow
2014-09-01 00:00:00
[SECURITY] [DSA 2976-1] eglibc security update
2014-07-14 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: glibc-2.18-14.fc20
2014-08-28 15:31:23
[SECURITY] Fedora 20 Update: glibc-2.18-19.fc20
2015-03-04 10:25:31
[SECURITY] Fedora 19 Update: glibc-2.17-21.fc19
2014-10-19 13:24:18
redhat
redhat
(RHSA-2014:1110) Important: glibc security update
2014-08-29 00:00:00
(RHSA-2014:1118) Important: glibc security update
2014-09-02 00:00:00
(RHSA-2015:0016) Moderate: glibc security and bug fix update
2015-01-07 00:00:00
osv
osv
eglibc - security update
2014-09-02 00:00:00
eglibc - security update
2014-08-27 00:00:00
eglibc - security update
2014-07-10 00:00:00
ubuntu
ubuntu
GNU C Library vulnerability
2014-08-29 00:00:00
GNU C Library vulnerabilities
2014-12-03 00:00:00
GNU C Library vulnerabilities
2014-08-04 00:00:00
oraclelinux
oraclelinux
glibc security update
2014-08-29 00:00:00
glibc security and bug fix update
2015-03-09 00:00:00
glibc security and bug fix update
2014-12-18 00:00:00
debian
debian
[DLA 43-1] eglibc security update
2014-09-02 18:03:40
[SECURITY] [DSA 3012-1] eglibc security update
2014-08-27 05:51:23
[SECURITY] [DSA 2976-1] eglibc security update
2014-07-10 18:52:35
f5
f5
SOL15640 - GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458
2014-10-02 00:00:00
K15640 : GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458
2014-10-02 00:00:00
K16435 : GNU C Library vulnerability CVE-2014-6040
2015-09-16 00:00:00
slackware
slackware
[slackware-security] glibc
2014-10-24 05:36:04
zdt
zdt
glibc Off-by-One NUL Byte gconv_translit_find Exploit
2014-08-27 00:00:00
prion
prion
Code injection
2014-08-29 16:55:00
Out-of-bounds
2014-12-05 16:59:00
Directory traversal
2014-07-29 14:55:00
ubuntucve
ubuntucve
CVE-2014-5119
2014-08-26 00:00:00
CVE-2014-6040
2014-09-02 00:00:00
CVE-2014-0475
2014-07-29 00:00:00
amazon
amazon
Important: glibc
2014-09-03 14:44:00
Medium: glibc
2014-09-17 21:41:00
Medium: glibc
2015-01-08 12:38:00
cve
cve
CVE-2014-5119
2014-08-29 16:55:00
CVE-2014-6040
2014-12-05 16:59:00
CVE-2014-0475
2014-07-29 14:55:00
exploitpack
exploitpack
glibc - NUL Byte gconv_translit_find Off-by-One
2014-08-27 00:00:00
seebug
seebug
glibc Off-by-One NUL Byte gconv_translit_find Exploit
2014-09-04 00:00:00
debiancve
debiancve
CVE-2014-5119
2014-08-29 16:55:00
CVE-2014-6040
2014-12-05 16:59:00
CVE-2014-0475
2014-07-29 14:55:00
cloudfoundry
cloudfoundry
CVE-2014-5119 glib_gconv_translit_find() exploit | Cloud Foundry
2014-09-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:59:59
Directory Traversal
2019-01-15 08:59:56
exploitdb
exploitdb
glibc - NUL Byte gconv_translit_find Off-by-One
2014-08-27 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2016-02-17 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package glibc version 6:2.11.3-alt8.M60P.3
2015-12-23 00:00:00

8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.1%

JSON
Related for OPENVAS:1361412562310850610
suse8nessus55openvas54centos3mageia2ibm14securityvulns5fedora3redhat4osv5ubuntu5oraclelinux6debian5f54slackware1zdt1prion3ubuntucve3amazon4cve3exploitpack1seebug1debiancve3cloudfoundry1veracode2exploitdb1gentoo1altlinux1