Lucene search
Copyright (C) 2021 Greenbone AGOPENVAS:13614125623114201505511HistoryJun 09, 2021 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2015:0551-1)
2021-06-0900:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
8.9 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.107 Low
EPSS
Percentile
95.0%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2015.0551.1");
script_cve_id("CVE-2013-7423", "CVE-2014-0475", "CVE-2014-7817", "CVE-2014-9402", "CVE-2015-1472");
script_tag(name:"creation_date", value:"2021-06-09 14:58:13 +0000 (Wed, 09 Jun 2021)");
script_version("2024-02-02T14:37:48+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:48 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_name("SUSE: Security Advisory (SUSE-SU-2015:0551-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES11\.0SP1|SLES11\.0SP2)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2015:0551-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2015/suse-su-20150551-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'glibc' package(s) announced via the SUSE-SU-2015:0551-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"glibc has been updated to fix four security issues:
* CVE-2014-0475: Directory traversal in locale environment handling
(bnc#887022)
* CVE-2014-7817: wordexp failed to honour WRDE_NOCMD (bsc#906371)
* CVE-2014-9402: Avoid infinite loop in nss_dns getnetbyname
(bsc#910599)
* CVE-2015-1472: Fixed buffer overflow in wscanf (bsc#916222)
* CVE-2013-7423: getaddrinfo() wrote DNS queries to random file
descriptors under high load. (bnc#915526)
This non-security issue was fixed:
* Fix missing zero termination (bnc#918233)
Security Issues:
* CVE-2015-1472
* CVE-2013-7423
* CVE-2014-7817
* CVE-2014-9402");
script_tag(name:"affected", value:"'glibc' package(s) on SUSE Linux Enterprise Server 11-SP1, SUSE Linux Enterprise Server 11-SP2.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES11.0SP1") {
if(!isnull(res = isrpmvuln(pkg:"glibc", rpm:"glibc~2.11.1~0.64.1", rls:"SLES11.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-32bit", rpm:"glibc-32bit~2.11.1~0.64.1", rls:"SLES11.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-devel", rpm:"glibc-devel~2.11.1~0.64.1", rls:"SLES11.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-devel-32bit", rpm:"glibc-devel-32bit~2.11.1~0.64.1", rls:"SLES11.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-html", rpm:"glibc-html~2.11.1~0.64.1", rls:"SLES11.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-i18ndata", rpm:"glibc-i18ndata~2.11.1~0.64.1", rls:"SLES11.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-info", rpm:"glibc-info~2.11.1~0.64.1", rls:"SLES11.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-locale", rpm:"glibc-locale~2.11.1~0.64.1", rls:"SLES11.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-locale-32bit", rpm:"glibc-locale-32bit~2.11.1~0.64.1", rls:"SLES11.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-profile", rpm:"glibc-profile~2.11.1~0.64.1", rls:"SLES11.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-profile-32bit", rpm:"glibc-profile-32bit~2.11.1~0.64.1", rls:"SLES11.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"nscd", rpm:"nscd~2.11.1~0.64.1", rls:"SLES11.0SP1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES11.0SP2") {
if(!isnull(res = isrpmvuln(pkg:"glibc", rpm:"glibc~2.11.3~17.45.59.1", rls:"SLES11.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-32bit", rpm:"glibc-32bit~2.11.3~17.45.59.1", rls:"SLES11.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-devel", rpm:"glibc-devel~2.11.3~17.45.59.1", rls:"SLES11.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-devel-32bit", rpm:"glibc-devel-32bit~2.11.3~17.45.59.1", rls:"SLES11.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-html", rpm:"glibc-html~2.11.3~17.45.59.1", rls:"SLES11.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-i18ndata", rpm:"glibc-i18ndata~2.11.3~17.45.59.1", rls:"SLES11.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-info", rpm:"glibc-info~2.11.3~17.45.59.1", rls:"SLES11.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-locale", rpm:"glibc-locale~2.11.3~17.45.59.1", rls:"SLES11.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-locale-32bit", rpm:"glibc-locale-32bit~2.11.3~17.45.59.1", rls:"SLES11.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-profile", rpm:"glibc-profile~2.11.3~17.45.59.1", rls:"SLES11.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-profile-32bit", rpm:"glibc-profile-32bit~2.11.3~17.45.59.1", rls:"SLES11.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"nscd", rpm:"nscd~2.11.3~17.45.59.1", rls:"SLES11.0SP2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:0550-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0439-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0526-1)
2021-04-19 00:00:00
nessus
nessus
SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0551-1)
2015-05-20 00:00:00
SUSE SLES10 Security Update : glibc (SUSE-SU-2015:0550-1)
2015-05-20 00:00:00
SuSE 11.3 Security Update : glibc (SAT Patch Number 10357)
2015-03-06 00:00:00
ibm
ibm
Security Bulletin: IBM BladeCenter Advanced Management Module is affected by glibc vulnerabilities (CVE-2015-1472, CVE-2013-7423, CVE-2014-7817, and CVE-2014-9402)
2019-01-31 01:55:01
fedora
fedora
[SECURITY] Fedora 21 Update: glibc-2.20-8.fc21
2015-03-04 10:27:01
[SECURITY] Fedora 20 Update: glibc-2.18-14.fc20
2014-08-28 15:31:23
ubuntu
ubuntu
GNU C Library vulnerabilities
2015-02-26 00:00:00
GNU C Library vulnerability
2014-08-29 00:00:00
oraclelinux
oraclelinux
glibc security and bug fix update
2014-12-18 00:00:00
glibc security update
2015-01-27 00:00:00
glibc security, bug fix, and enhancement update
2015-11-24 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2016-02-17 00:00:00
redhat
redhat
(RHSA-2015:2199) Moderate: glibc security, bug fix, and enhancement update
2015-11-19 14:39:58
(RHSA-2016:1207) Moderate: glibc security update
2016-06-07 05:18:46
(RHSA-2015:2589) Important: glibc security update
2015-12-09 08:43:11
centos
centos
glibc, nscd security update
2015-11-30 19:30:07
glibc, nscd security update
2014-12-19 12:43:11
glibc, nscd security update
2015-04-21 13:07:39
prion
prion
Design/Logic Flaw
2015-02-24 15:59:00
Design/Logic Flaw
2015-02-24 15:59:00
Input validation
2014-11-24 15:59:00
ubuntucve
ubuntucve
f5
f5
K16841 : GNU C Library (glibc) vulnerability CVE-2013-7423
2015-11-12 00:00:00
SOL16841 - GNU C Library (glibc) vulnerability CVE-2013-7423
2015-07-02 00:00:00
K16365 : glibc vulnerability CVE-2014-9402
2015-07-23 00:00:00
debiancve
debiancve
cve
cve
mageia
mageia
Updated glibc packages fix CVE-2014-7817
2014-11-26 20:29:06
Updated glibc packages fix security vulnerabilities
2015-01-08 15:24:22
Updated glibc packages fix security issues
2014-08-06 00:08:48
archlinux
archlinux
glibc: command execution
2014-11-21 00:00:00
glibc: arbitrary code execution
2014-12-18 00:00:00
debian
debian
[SECURITY] [DLA 122-1] eglibc security update
2014-12-22 23:19:26
[SECURITY] [DSA 2976-1] eglibc security update
2014-07-10 18:52:35
[DLA 43-1] eglibc security update
2014-09-02 18:03:40
amazon
amazon
securityvulns
securityvulns
GNU glibc code execution
2014-11-30 00:00:00
[ MDVSA-2014:232 ] glibc
2014-11-30 00:00:00
[SECURITY] [DSA 2976-1] eglibc security update
2014-07-14 00:00:00
veracode
veracode
Directory Traversal
2019-01-15 08:59:56
osv
osv
eglibc - security update
2014-07-10 00:00:00
eglibc - security update
2014-09-02 00:00:00
eglibc - security update
2015-02-23 00:00:00
suse
suse
Security update for bash (critical)
2014-09-25 01:05:27
Security update for bash (critical)
2014-09-25 01:04:17
8.9 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.107 Low
EPSS
Percentile
95.0%
Related for OPENVAS:13614125623114201505511