Lucene search

K

CentOS Update for glibc CESA-2014:1110 centos7

πŸ—“οΈΒ 10 Sep 2014Β 00:00:00Reported byΒ Copyright (C) 2014 Greenbone AGTypeΒ 
openvas
Β openvas
πŸ”—Β plugins.openvas.orgπŸ‘Β 20Β Views

CentOS Update for glibc CESA-2014:1110 centos7. The update addresses off-by-one heap-based buffer overflow and directory traversal flaws in glibc, allowing arbitrary code execution

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
OSV
eglibc - security update
2 Sep 201400:00
–osv
OSV
Red Hat Security Advisory: glibc security update
15 Sep 202421:56
–osv
OSV
eglibc - security update
27 Aug 201400:00
–osv
OSV
Red Hat Security Advisory: glibc security update
15 Sep 202421:56
–osv
OSV
eglibc - security update
10 Jul 201400:00
–osv
OSV
glibc-2.24-2.3 on GA media
15 Jun 202400:00
–osv
Ubuntu
GNU C Library vulnerability
29 Aug 201400:00
–ubuntu
Ubuntu
GNU C Library regression
5 Aug 201400:00
–ubuntu
Ubuntu
GNU C Library vulnerabilities
4 Aug 201400:00
–ubuntu
Ubuntu
GNU C Library regression
8 Sep 201400:00
–ubuntu
Rows per page
# SPDX-FileCopyrightText: 2014 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.882019");
  script_version("2023-07-10T08:07:43+0000");
  script_tag(name:"last_modification", value:"2023-07-10 08:07:43 +0000 (Mon, 10 Jul 2023)");
  script_tag(name:"creation_date", value:"2014-09-10 06:20:44 +0200 (Wed, 10 Sep 2014)");
  script_cve_id("CVE-2014-0475", "CVE-2014-5119");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_name("CentOS Update for glibc CESA-2014:1110 centos7");
  script_tag(name:"insight", value:"The glibc packages contain the standard C
libraries used by multiple programs on the system. These packages contain the
standard C and the standard math libraries. Without these two libraries, a Linux
system cannot function properly.

An off-by-one heap-based buffer overflow flaw was found in glibc's internal
__gconv_translit_find() function. An attacker able to make an application
call the iconv_open() function with a specially crafted argument could
possibly use this flaw to execute arbitrary code with the privileges of
that application. (CVE-2014-5119)

A directory traversal flaw was found in the way glibc loaded locale files.
An attacker able to make an application use a specially crafted locale name
value (for example, specified in an LC_* environment variable) could
possibly use this flaw to execute arbitrary code with the privileges of
that application. (CVE-2014-0475)

Red Hat would like to thank Stephane Chazelas for reporting CVE-2014-0475.

All glibc users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at the linked references.

5. Bugs fixed:

1102353 - CVE-2014-0475 glibc: directory traversal in LC_* locale handling
1119128 - CVE-2014-5119 glibc: off-by-one error leading to a heap-based buffer overflow flaw in __gconv_translit_find()

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
glibc-2.5-118.el5_10.3.src.rpm

i386:
glibc-2.5-118.el5_10.3.i386.rpm
glibc-2.5-118.el5_10.3.i686.rpm
glibc-common-2.5-118.el5_10.3.i386.rpm
glibc-debuginfo-2.5-118.el5_10.3.i386.rpm
glibc-debuginfo-2.5-118.el5_10.3.i686.rpm
glibc-debuginfo-common-2.5-118.el5_10.3.i386.rpm
glibc-devel-2.5-118.el5_10.3.i386.rpm
glibc-headers-2.5-118.el5_10.3.i386.rpm
glibc-utils-2.5-118.el5_10.3.i386.rpm
nscd-2.5-118.el5_10.3.i386.rpm

x86_64:
glibc-2.5-118.el5_10.3.i686.rpm
glibc-2.5-118.el5_10.3.x86_64.rpm
glibc-common-2.5-118.el5_10.3.x86_64.rpm
glibc-debuginfo-2.5-118.el5_10.3.i386.rpm
glibc-debuginfo-2.5-118.el5_10.3.i686.rpm
glibc-debuginfo-2.5-118.el5_10.3.x86_64.rpm
glibc-debuginfo-common-2.5-118.el5_10.3.i386.rpm
glibc-devel-2.5-118.el5_10.3.i386.rpm
glibc-devel-2.5-118.el5_10.3.x86_64.rpm
glibc-headers-2 ...

  Description truncated, please see the referenced URL(s) for more information.");
  script_tag(name:"affected", value:"glibc on CentOS 7");
  script_tag(name:"solution", value:"Please install the updated packages.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  script_xref(name:"CESA", value:"2014:1110");
  script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2014-August/020520.html");
  script_xref(name:"URL", value:"https://access.redhat.com/articles/11258");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'glibc'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2014 Greenbone AG");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS7");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "CentOS7")
{

  if ((res = isrpmvuln(pkg:"glibc", rpm:"glibc~2.17~55.el7_0.1", rls:"CentOS7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-common", rpm:"glibc-common~2.17~55.el7_0.1", rls:"CentOS7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-devel", rpm:"glibc-devel~2.17~55.el7_0.1", rls:"CentOS7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-headers", rpm:"glibc-headers~2.17~55.el7_0.1", rls:"CentOS7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-static", rpm:"glibc-static~2.17~55.el7_0.1", rls:"CentOS7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-utils", rpm:"glibc-utils~2.17~55.el7_0.1", rls:"CentOS7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"nscd", rpm:"nscd~2.17~55.el7_0.1", rls:"CentOS7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
10 Sep 2014 00:00Current
7.8High risk
Vulners AI Score7.8
EPSS0.012
20
.json
Report