RedHat Update for glibc RHSA-2012:0397-01

RedHat Update for glibc RHSA-2012:0397-01. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. An integer overflow flaw was found in the implementation of the printf functions family, allowing attackers to execute arbitrary code using a format string flaw. Upgrade to the updated packages is advised

Reporter	Title	Published	Views	Family All 93
0day.today	Sudo v1.8.0-1.8.3p1 (sudo_debug) - Root Exploit	1 May 201300:00	–	zdt
Amazon	Medium: glibc	23 Mar 201200:00	–	amazon
Tenable Nessus	Amazon Linux AMI : glibc (ALAS-2012-57)	4 Sep 201300:00	–	nessus
Tenable Nessus	CentOS 6 : glibc (CESA-2012:0393)	20 Mar 201200:00	–	nessus
Tenable Nessus	CentOS 5 : glibc (CESA-2012:0397)	21 Mar 201200:00	–	nessus
Tenable Nessus	Fedora 17 : glibc-2.15-23.fc17 (2012-2123)	29 Feb 201200:00	–	nessus
Tenable Nessus	Fedora 15 : glibc-2.14.1-6 (2012-2144)	8 Mar 201200:00	–	nessus
Tenable Nessus	Fedora 16 : glibc-2.14.90-24.fc16.6 (2012-2162)	27 Feb 201200:00	–	nessus
Tenable Nessus	GLSA-201312-01 : GNU C Library: Multiple vulnerabilities	3 Dec 201300:00	–	nessus
Tenable Nessus	MiracleLinux 4 : glibc-2.12-1.47.AXS4.9 (AXSA:2012-399:03)	14 Jan 202600:00	–	nessus

Source	Link
redhat	www.redhat.com/archives/rhsa-announce/2012-March/msg00013.html

###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for glibc RHSA-2012:0397-01
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "The glibc packages provide the standard C and standard math libraries used
  by multiple programs on the system. Without these libraries, the Linux
  system cannot function correctly.

  An integer overflow flaw was found in the implementation of the printf
  functions family. This could allow an attacker to bypass FORTIFY_SOURCE
  protections and execute arbitrary code using a format string flaw in an
  application, even though these protections are expected to limit the impact
  of such flaws to an application abort. (CVE-2012-0864)

  All users of glibc are advised to upgrade to these updated packages, which
  contain a patch to resolve this issue.";

tag_affected = "glibc on Red Hat Enterprise Linux (v. 5 server)";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "https://www.redhat.com/archives/rhsa-announce/2012-March/msg00013.html");
  script_id(870576);
  script_version("$Revision: 8267 $");
  script_tag(name:"last_modification", value:"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $");
  script_tag(name:"creation_date", value:"2012-03-22 10:42:41 +0530 (Thu, 22 Mar 2012)");
  script_cve_id("CVE-2012-0864");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_xref(name: "RHSA", value: "2012:0397-01");
  script_name("RedHat Update for glibc RHSA-2012:0397-01");

  script_tag(name: "summary" , value: "Check for the Version of glibc");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
  script_family("Red Hat Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "RHENT_5")
{

  if ((res = isrpmvuln(pkg:"glibc", rpm:"glibc~2.5~81.el5_8.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-common", rpm:"glibc-common~2.5~81.el5_8.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-debuginfo", rpm:"glibc-debuginfo~2.5~81.el5_8.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-debuginfo-common", rpm:"glibc-debuginfo-common~2.5~81.el5_8.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-devel", rpm:"glibc-devel~2.5~81.el5_8.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-headers", rpm:"glibc-headers~2.5~81.el5_8.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"glibc-utils", rpm:"glibc-utils~2.5~81.el5_8.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"nscd", rpm:"nscd~2.5~81.el5_8.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

02 Jan 2018 00:00Current

EPSS0.03036