Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2021 Greenbone AGOPENVAS:13614125623114201505501
HistoryJun 09, 2021 - 12:00 a.m.

SUSE: Security Advisory (SUSE-SU-2015:0550-1)

2021-06-0900:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
1

8.9 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.107 Low

EPSS

Percentile

95.0%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.4.2015.0550.1");
  script_cve_id("CVE-2013-7423", "CVE-2014-0475", "CVE-2014-7817", "CVE-2014-9402", "CVE-2015-1472");
  script_tag(name:"creation_date", value:"2021-06-09 14:58:13 +0000 (Wed, 09 Jun 2021)");
  script_version("2024-02-02T14:37:48+0000");
  script_tag(name:"last_modification", value:"2024-02-02 14:37:48 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");

  script_name("SUSE: Security Advisory (SUSE-SU-2015:0550-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2021 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES10\.0SP4)");

  script_xref(name:"Advisory-ID", value:"SUSE-SU-2015:0550-1");
  script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2015/suse-su-20150550-1/");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'glibc' package(s) announced via the SUSE-SU-2015:0550-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"glibc has been updated to fix four security issues:

 * CVE-2014-0475: Directory traversal in locale environment handling
 (bnc#887022)
 * CVE-2014-7817: wordexp failed to honour WRDE_NOCMD (bsc#906371)
 * CVE-2014-9402: Avoid infinite loop in nss_dns getnetbyname
 (bsc#910599)
 * CVE-2015-1472: Fixed buffer overflow in wscanf (bsc#916222)

This non-security issue has been fixed:

 * Fix missing zero termination (bnc#918233)

Security Issues:

 * CVE-2015-1472
 * CVE-2013-7423
 * CVE-2014-7817
 * CVE-2014-9402");

  script_tag(name:"affected", value:"'glibc' package(s) on SUSE Linux Enterprise Server 10-SP4.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "SLES10.0SP4") {

  if(!isnull(res = isrpmvuln(pkg:"glibc", rpm:"glibc~2.4~31.117.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-32bit", rpm:"glibc-32bit~2.4~31.117.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-devel", rpm:"glibc-devel~2.4~31.117.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-devel-32bit", rpm:"glibc-devel-32bit~2.4~31.117.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-html", rpm:"glibc-html~2.4~31.117.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-i18ndata", rpm:"glibc-i18ndata~2.4~31.117.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-info", rpm:"glibc-info~2.4~31.117.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-locale", rpm:"glibc-locale~2.4~31.117.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-locale-32bit", rpm:"glibc-locale-32bit~2.4~31.117.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-profile", rpm:"glibc-profile~2.4~31.117.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"glibc-profile-32bit", rpm:"glibc-profile-32bit~2.4~31.117.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"nscd", rpm:"nscd~2.4~31.117.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

nessus 56
openvas 45
ibm 19
fedora 2
ubuntu 2
oraclelinux 7
gentoo 1
centos 5
redhat 7
prion 5
f5 8
ubuntucve 5
cve 5
debiancve 5
mageia 3
debian 3
archlinux 2
amazon 4
securityvulns 9
veracode 1
osv 3
suse 2
nessus
nessus
SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0551-1)
2015-05-20 00:00:00
SUSE SLES10 Security Update : glibc (SUSE-SU-2015:0550-1)
2015-05-20 00:00:00
SuSE 11.3 Security Update : glibc (SAT Patch Number 10357)
2015-03-06 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:0551-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0439-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0526-1)
2021-04-19 00:00:00
ibm
ibm
Security Bulletin: IBM BladeCenter Advanced Management Module is affected by glibc vulnerabilities (CVE-2015-1472, CVE-2013-7423, CVE-2014-7817, and CVE-2014-9402)
2019-01-31 01:55:01
Security Bulletin: Vulnerabilities in GNU C Library Affect Power Hardware Management Console (CVE-2013-7423, CVE-2014-7817, CVE-2014-9402, CVE-2015-1472)
2021-09-23 01:31:39
Security Bulletin: Vulnerabilities in glibc affect IBM Integrated Management Module II (IMM2) for System x, BladeCenter and Flex Systems (CVE-2015-1472, CVE-2013-7423, CVE-2014-7817, CVE-2014-9402)
2023-04-18 18:22:18
fedora
fedora
[SECURITY] Fedora 21 Update: glibc-2.20-8.fc21
2015-03-04 10:27:01
[SECURITY] Fedora 20 Update: glibc-2.18-14.fc20
2014-08-28 15:31:23
ubuntu
ubuntu
GNU C Library vulnerabilities
2015-02-26 00:00:00
GNU C Library vulnerability
2014-08-29 00:00:00
oraclelinux
oraclelinux
glibc security and bug fix update
2014-12-18 00:00:00
glibc security update
2015-01-27 00:00:00
glibc security, bug fix, and enhancement update
2015-11-24 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2016-02-17 00:00:00
centos
centos
glibc, nscd security update
2015-11-30 19:30:07
glibc, nscd security update
2014-12-19 12:43:11
glibc, nscd security update
2015-04-21 13:07:39
redhat
redhat
(RHSA-2015:2199) Moderate: glibc security, bug fix, and enhancement update
2015-11-19 14:39:58
(RHSA-2016:1207) Moderate: glibc security update
2016-06-07 05:18:46
(RHSA-2015:2589) Important: glibc security update
2015-12-09 08:43:11
prion
prion
Design/Logic Flaw
2015-02-24 15:59:00
Design/Logic Flaw
2015-02-24 15:59:00
Input validation
2014-11-24 15:59:00
f5
f5
SOL16841 - GNU C Library (glibc) vulnerability CVE-2013-7423
2015-07-02 00:00:00
K16841 : GNU C Library (glibc) vulnerability CVE-2013-7423
2015-11-12 00:00:00
K16365 : glibc vulnerability CVE-2014-9402
2015-07-23 00:00:00
ubuntucve
ubuntucve
CVE-2013-7423
2015-02-24 00:00:00
CVE-2014-7817
2014-11-24 00:00:00
CVE-2014-9402
2015-02-24 00:00:00
cve
cve
CVE-2013-7423
2015-02-24 15:59:00
CVE-2014-7817
2014-11-24 15:59:00
CVE-2014-9402
2015-02-24 15:59:00
debiancve
debiancve
CVE-2013-7423
2015-02-24 15:59:00
CVE-2014-9402
2015-02-24 15:59:00
CVE-2014-7817
2014-11-24 15:59:00
mageia
mageia
Updated glibc packages fix CVE-2014-7817
2014-11-26 20:29:06
Updated glibc packages fix security vulnerabilities
2015-01-08 15:24:22
Updated glibc packages fix security issues
2014-08-06 00:08:48
debian
debian
[SECURITY] [DLA 122-1] eglibc security update
2014-12-22 23:19:26
[SECURITY] [DSA 2976-1] eglibc security update
2014-07-10 18:52:35
[DLA 43-1] eglibc security update
2014-09-02 18:03:40
archlinux
archlinux
glibc: command execution
2014-11-21 00:00:00
glibc: arbitrary code execution
2014-12-18 00:00:00
amazon
amazon
Important: glibc
2015-12-14 10:00:00
Medium: glibc
2014-09-17 21:41:00
Medium: glibc
2015-04-22 16:12:00
securityvulns
securityvulns
GNU glibc code execution
2014-11-30 00:00:00
[ MDVSA-2014:232 ] glibc
2014-11-30 00:00:00
[SECURITY] [DSA 2976-1] eglibc security update
2014-07-14 00:00:00
veracode
veracode
Directory Traversal
2019-01-15 08:59:56
osv
osv
eglibc - security update
2014-07-10 00:00:00
eglibc - security update
2014-09-02 00:00:00
eglibc - security update
2015-02-23 00:00:00
suse
suse
Security update for bash (critical)
2014-09-25 01:05:27
Security update for bash (critical)
2014-09-25 01:04:17

8.9 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.107 Low

EPSS

Percentile

95.0%

JSON
Related for OPENVAS:13614125623114201505501
nessus56openvas45ibm19fedora2ubuntu2oraclelinux7gentoo1centos5redhat7prion5f58ubuntucve5cve5debiancve5mageia3debian3archlinux2amazon4securityvulns9veracode1osv3suse2