Lucene search
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2023-3298)
🗓️ 12 Dec 2023 00:00:00Reported by Copyright (C) 2023 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 14 Views
Huawei EulerOS 'glibc' package update advisory. Vulnerabilities allow application crash via freed memory access
Show more
| Reporter | Title | Published | Views | Family All 199 |
|---|---|---|---|---|
 | EulerOS 2.0 SP9 : glibc (EulerOS-SA-2023-3298) | 16 Jan 202400:00 | – | nessus |
| EulerOS 2.0 SP9 : glibc (EulerOS-SA-2023-3330) | 16 Jan 202400:00 | – | nessus |
| EulerOS 2.0 SP8 : glibc (EulerOS-SA-2024-1268) | 12 Mar 202400:00 | – | nessus |
| Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : GNU C Library vulnerabilities (USN-6541-1) | 7 Dec 202300:00 | – | nessus |
| EulerOS Virtualization 2.9.1 : glibc (EulerOS-SA-2024-1034) | 16 Jan 202400:00 | – | nessus |
| EulerOS Virtualization 2.9.0 : glibc (EulerOS-SA-2024-1008) | 16 Jan 202400:00 | – | nessus |
| EulerOS Virtualization 3.0.6.0 : glibc (EulerOS-SA-2024-1682) | 17 May 202400:00 | – | nessus |
| EulerOS Virtualization 2.11.0 : glibc (EulerOS-SA-2024-1426) | 21 Mar 202400:00 | – | nessus |
| EulerOS Virtualization 2.11.1 : glibc (EulerOS-SA-2024-1398) | 21 Mar 202400:00 | – | nessus |
| EulerOS 2.0 SP11 : glibc (EulerOS-SA-2023-3269) | 16 Jan 202400:00 | – | nessus |
10
| Source | Link |
|---|---|
| developer | www.developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html |
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2023.3298");
script_cve_id("CVE-2023-4806", "CVE-2023-4813", "CVE-2023-5156");
script_tag(name:"creation_date", value:"2023-12-12 04:35:10 +0000 (Tue, 12 Dec 2023)");
script_version("2024-02-05T14:36:57+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:57 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-09-26 15:02:42 +0000 (Tue, 26 Sep 2023)");
script_name("Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2023-3298)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP9");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2023-3298");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2023-3298");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'glibc' package(s) announced via the EulerOS-SA-2023-3298 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.(CVE-2023-4806)
A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.(CVE-2023-5156)
A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.(CVE-2023-4813)");
script_tag(name:"affected", value:"'glibc' package(s) on Huawei EulerOS V2.0SP9.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP9") {
if(!isnull(res = isrpmvuln(pkg:"glibc", rpm:"glibc~2.28~61.h45.eulerosv2r9", rls:"EULEROS-2.0SP9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-all-langpacks", rpm:"glibc-all-langpacks~2.28~61.h45.eulerosv2r9", rls:"EULEROS-2.0SP9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-common", rpm:"glibc-common~2.28~61.h45.eulerosv2r9", rls:"EULEROS-2.0SP9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-debugutils", rpm:"glibc-debugutils~2.28~61.h45.eulerosv2r9", rls:"EULEROS-2.0SP9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-locale-source", rpm:"glibc-locale-source~2.28~61.h45.eulerosv2r9", rls:"EULEROS-2.0SP9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libnsl", rpm:"libnsl~2.28~61.h45.eulerosv2r9", rls:"EULEROS-2.0SP9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"nscd", rpm:"nscd~2.28~61.h45.eulerosv2r9", rls:"EULEROS-2.0SP9"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo12 Dec 2023 00:00Current
7.3High risk
Vulners AI Score7.3
CVSS37.5
EPSS0.01076