Lucene search
RedHat Update for boost RHSA-2013:0668-01
🗓️ 22 Mar 2013 00:00:00Reported by Copyright (C) 2013 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 22 Views
The remote host is missing an update for the 'boost' package(s) announced via the referenced advisory. The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. A flaw was found in the way the ordered_malloc() routine in Boost sanitized the 'next_size' and 'max_size' parameters when allocating memory. If an application used the Boost C++ libraries for memory allocation, an attacker could use this flaw to crash the application or, potentially, execute arbitrary code with the privileges of the user running the application. All users of boost are advised to upgrade to these updated packages, which contain a backported patch to fix this issue
Show more
| Reporter | Title | Published | Views | Family All 51 |
|---|---|---|---|---|
 | SOL16946 - Boost memory allocator vulnerability CVE-2012-2677 | 10 Jul 201500:00 | – | f5 |
| K16946 : Boost memory allocator vulnerability CVE-2012-2677 | 15 Sep 201500:00 | – | f5 |
 | F5 Networks BIG-IP : Boost memory allocator vulnerability (K16946) | 16 Sep 201500:00 | – | nessus |
| SuSE 10 Security Update : boost (ZYPP Patch Number 8210) | 17 Jul 201200:00 | – | nessus |
| RHEL 5 / 6 : boost (RHSA-2013:0668) | 22 Mar 201300:00 | – | nessus |
| CentOS 5 / 6 : boost (CESA-2013:0668) | 22 Mar 201300:00 | – | nessus |
| Fedora 17 : boost-1.48.0-13.fc17 (2012-9818) | 28 Jun 201200:00 | – | nessus |
| SuSE 11.1 Security Update : boost (SAT Patch Number 6507) | 25 Jan 201300:00 | – | nessus |
| Oracle Linux 5 / 6 : boost (ELSA-2013-0668) | 12 Jul 201300:00 | – | nessus |
| GLSA-202105-04 : Boost: Buffer overflow | 27 May 202100:00 | – | nessus |
10
| Source | Link |
|---|---|
| redhat | www.redhat.com/archives/rhsa-announce/2013-March/msg00061.html |
# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_xref(name:"URL", value:"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00061.html");
script_oid("1.3.6.1.4.1.25623.1.0.870968");
script_version("2024-03-21T05:06:54+0000");
script_tag(name:"last_modification", value:"2024-03-21 05:06:54 +0000 (Thu, 21 Mar 2024)");
script_tag(name:"creation_date", value:"2013-03-22 10:40:04 +0530 (Fri, 22 Mar 2013)");
script_cve_id("CVE-2012-2677");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_xref(name:"RHSA", value:"2013:0668-01");
script_name("RedHat Update for boost RHSA-2013:0668-01");
script_tag(name:"summary", value:"The remote host is missing an update for the 'boost'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone AG");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms", re:"ssh/login/release=RHENT_(6|5)");
script_tag(name:"affected", value:"boost on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_tag(name:"insight", value:"The boost packages provide free, peer-reviewed, portable C++ source
libraries with emphasis on libraries which work well with the C++ Standard
Library.
A flaw was found in the way the ordered_malloc() routine in Boost sanitized
the 'next_size' and 'max_size' parameters when allocating memory. If an
application used the Boost C++ libraries for memory allocation, and
performed memory allocation based on user-supplied input, an attacker could
use this flaw to crash the application or, potentially, execute arbitrary
code with the privileges of the user running the application.
(CVE-2012-2677)
All users of boost are advised to upgrade to these updated packages, which
contain a backported patch to fix this issue.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release) exit(0);
res = "";
if(release == "RHENT_6")
{
if ((res = isrpmvuln(pkg:"boost", rpm:"boost~1.41.0~15.el6_4", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"boost-date-time", rpm:"boost-date-time~1.41.0~15.el6_4", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"boost-debuginfo", rpm:"boost-debuginfo~1.41.0~15.el6_4", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"boost-devel", rpm:"boost-devel~1.41.0~15.el6_4", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"boost-filesystem", rpm:"boost-filesystem~1.41.0~15.el6_4", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"boost-graph", rpm:"boost-graph~1.41.0~15.el6_4", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"boost-iostreams", rpm:"boost-iostreams~1.41.0~15.el6_4", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"boost-program-options", rpm:"boost-program-options~1.41.0~15.el6_4", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"boost-python", rpm:"boost-python~1.41.0~15.el6_4", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"boost-regex", rpm:"boost-regex~1.41.0~15.el6_4", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"boost-serialization", rpm:"boost-serialization~1.41.0~15.el6_4", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"boost-signals", rpm:"boost-signals~1.41.0~15.el6_4", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"boost-system", rpm:"boost-system~1.41.0~15.el6_4", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"boost-test", rpm:"boost-test~1.41.0~15.el6_4", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"boost-thread", rpm:"boost-thread~1.41.0~15.el6_4", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"boost-wave", rpm:"boost-wave~1.41.0~15.el6_4", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "RHENT_5")
{
if ((res = isrpmvuln(pkg:"boost", rpm:"boost~1.33.1~16.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"boost-debuginfo", rpm:"boost-debuginfo~1.33.1~16.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"boost-devel", rpm:"boost-devel~1.33.1~16.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"boost-doc", rpm:"boost-doc~1.33.1~16.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo22 Mar 2013 00:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS25
EPSS0.02082