DATABASE RESOURCES PRICING ABOUT US

{"id": "SECURITYVULNS:DOC:27395", "vendorId": null, "type": "securityvulns", "bulletinFamily": "software", "title": "[ MDVSA-2011:178 ] glibc", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2011:178\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : glibc\r\n Date : November 25, 2011\r\n Affected: 2010.1, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities was discovered and fixed in glibc:\r\n \r\n Multiple untrusted search path vulnerabilities in elf/dl-object.c in\r\n certain modified versions of the GNU C Library (aka glibc or libc6),\r\n including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat\r\n Enterprise Linux, allow local users to gain privileges via a crafted\r\n dynamic shared object (DSO) in a subdirectory of the current working\r\n directory during execution of a (1) setuid or (2) setgid program that\r\n has in (a) RPATH or (b) RUNPATH. NOTE: this issue exists because\r\n of an incorrect fix for CVE-2010-3847 (CVE-2011-0536).\r\n \r\n The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC\r\n (EGLIBC) allow context-dependent attackers to execute arbitrary code\r\n or cause a denial of service (memory consumption) via a long UTF8\r\n string that is used in an fnmatch call, aka a stack extension attack,\r\n a related issue to CVE-2010-2898, as originally reported for use of\r\n this library by Google Chrome (CVE-2011-1071).\r\n \r\n The addmntent function in the GNU C Library (aka glibc or libc6) 2.13\r\n and earlier does not report an error status for failed attempts to\r\n write to the /etc/mtab file, which makes it easier for local users\r\n to trigger corruption of this file, as demonstrated by writes from\r\n a process with a small RLIMIT_FSIZE value, a different vulnerability\r\n than CVE-2010-0296 (CVE-2011-1089).\r\n \r\n locale/programs/locale.c in locale in the GNU C Library (aka glibc\r\n or libc6) before 2.13 does not quote its output, which might allow\r\n local users to gain privileges via a crafted localization environment\r\n variable, in conjunction with a program that executes a script that\r\n uses the eval function (CVE-2011-1095).\r\n \r\n Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or\r\n libc6) 2.13 and earlier allows context-dependent attackers to cause a\r\n denial of service (application crash) via a long UTF8 string that is\r\n used in an fnmatch call with a crafted pattern argument, a different\r\n vulnerability than CVE-2011-1071 (CVE-2011-1659).\r\n \r\n crypt_blowfish before 1.1, as used in glibc on certain platforms,\r\n does not properly handle 8-bit characters, which makes it easier\r\n for context-dependent attackers to determine a cleartext password by\r\n leveraging knowledge of a password hash (CVE-2011-2483).\r\n \r\n The updated packages have been patched to correct these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0536\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1071\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1089\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1095\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1659\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2010.1:\r\n 4af7f6efb12c5be3ad435a6d9865be57 2010.1/i586/glibc-2.11.1-8.3mnb2.i586.rpm\r\n 82f97e43fc7ab7ee2fbfc92d9ed844f0 2010.1/i586/glibc-devel-2.11.1-8.3mnb2.i586.rpm\r\n 013f4da3b270a6860e9ae171b456a488 2010.1/i586/glibc-doc-2.11.1-8.3mnb2.i586.rpm\r\n 65da2025a253885a3a3e0699eb407a61 2010.1/i586/glibc-doc-pdf-2.11.1-8.3mnb2.i586.rpm\r\n e5b6f256bad2b8afa7674e2f4d3c80bc 2010.1/i586/glibc-i18ndata-2.11.1-8.3mnb2.i586.rpm\r\n 319ecf5d08bc0e0aab9b0cf3e5cf6a6e 2010.1/i586/glibc-profile-2.11.1-8.3mnb2.i586.rpm\r\n 99c144bfc7581d9f3b885c7a630c89ce 2010.1/i586/glibc-static-devel-2.11.1-8.3mnb2.i586.rpm\r\n 966e023400d62e841942b69bae4d06de 2010.1/i586/glibc-utils-2.11.1-8.3mnb2.i586.rpm\r\n 577f1f88b14add8ea8753b17d730cb8a 2010.1/i586/nscd-2.11.1-8.3mnb2.i586.rpm \r\n 2e1bffb07071cb21ef6363c21588f4b7 2010.1/SRPMS/glibc-2.11.1-8.3mnb2.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n 05e4da86aea47726b27c00e3f26e3445 2010.1/x86_64/glibc-2.11.1-8.3mnb2.x86_64.rpm\r\n d3689fe0a7ae8e4c0e309b34c82cabfd 2010.1/x86_64/glibc-devel-2.11.1-8.3mnb2.x86_64.rpm\r\n b8be4de2a9c6a8e3effe06234429a227 2010.1/x86_64/glibc-doc-2.11.1-8.3mnb2.x86_64.rpm\r\n 1ac19950a67c4ee965b0ae9d2d6a0396 2010.1/x86_64/glibc-doc-pdf-2.11.1-8.3mnb2.x86_64.rpm\r\n 54031c917cb54a5abc42ebaf30dfe894 2010.1/x86_64/glibc-i18ndata-2.11.1-8.3mnb2.x86_64.rpm\r\n 18c2a1354df2094a7508b1990420ab5b 2010.1/x86_64/glibc-profile-2.11.1-8.3mnb2.x86_64.rpm\r\n f8cef0d317c3ccbb5446672a1cf00ad6 2010.1/x86_64/glibc-static-devel-2.11.1-8.3mnb2.x86_64.rpm\r\n 78b27e0739627abebc7c43fbf82e107b 2010.1/x86_64/glibc-utils-2.11.1-8.3mnb2.x86_64.rpm\r\n e37194682e8ef10c21a8d8483e76b3f4 2010.1/x86_64/nscd-2.11.1-8.3mnb2.x86_64.rpm \r\n 2e1bffb07071cb21ef6363c21588f4b7 2010.1/SRPMS/glibc-2.11.1-8.3mnb2.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 73cffaaa03648c9eb01ed50b5fdd0cee mes5/i586/glibc-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 5e9ec7d6e3f319b5076dd51506d47032 mes5/i586/glibc-devel-2.8-1.20080520.5.8mnb2.i586.rpm\r\n c80b37f1a750968735f8ce51c920e84e mes5/i586/glibc-doc-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 7de1f541c2bf6e17a4f3007cad517140 mes5/i586/glibc-doc-pdf-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 27a365665846989b629b0cb3fb15acfd mes5/i586/glibc-i18ndata-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 3f2f68a0bc47bace3586919671c7f1b4 mes5/i586/glibc-profile-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 17019cf79cf3864c537e12aefd48a23d mes5/i586/glibc-static-devel-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 7ad8f634ee4e0c5fc0f340dcfebcf0fb mes5/i586/glibc-utils-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 53a5dc175995723322a13a7e3bbd6c41 mes5/i586/nscd-2.8-1.20080520.5.8mnb2.i586.rpm \r\n 6fcd77d9eac9fa71f91dcb1218afd628 mes5/SRPMS/glibc-2.8-1.20080520.5.8mnb2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 33f73ece95aa39c59e0370449f13d3af mes5/x86_64/glibc-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n 626f8e4774270e50c5e9bf2bc7dfa64c mes5/x86_64/glibc-devel-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n c9d59258ac0fc0463c585405bb46327a mes5/x86_64/glibc-doc-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n f81b494a1d394c48921c99983288c538 mes5/x86_64/glibc-doc-pdf-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n 1c972a49ecbfc91d0a156dd743894c14 mes5/x86_64/glibc-i18ndata-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n 45aa431a8a9920d188698ae64fe5466d mes5/x86_64/glibc-profile-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n ecf5dca4c8bc49c1e3ebeb2a698b38a3 mes5/x86_64/glibc-static-devel-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n 8de7d2dfa8ea598aac75faf24f606f13 mes5/x86_64/glibc-utils-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n 7615c6e96903c8c146d5ae2d2912c6ee mes5/x86_64/nscd-2.8-1.20080520.5.8mnb2.x86_64.rpm \r\n 6fcd77d9eac9fa71f91dcb1218afd628 mes5/SRPMS/glibc-2.8-1.20080520.5.8mnb2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niD8DBQFOz9t8mqjQ0CJFipgRApgMAKDCqECazAj1XIHHxrkgU20PDJYFkgCgwVPy\r\nTvvKkY3VN0Zc9M0LYEgkNUg=\r\n=P3KM\r\n-----END PGP SIGNATURE-----\r\n", "published": "2011-12-04T00:00:00", "modified": "2011-12-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27395", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2010-2898", "CVE-2010-0296", "CVE-2011-2483", "CVE-2011-1659", "CVE-2011-1071", "CVE-2011-1095", "CVE-2010-3847", "CVE-2011-0536", "CVE-2011-1089"], "immutableFields": [], "lastseen": "2018-08-31T11:10:43", "viewCount": 14, "enchantments": {"score": {"value": 1.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2011-007", "ALAS-2011-012"]}, {"type": "canvas", "idList": ["CVE_2010_3847"]}, {"type": "centos", "idList": ["CESA-2010:0787", "CESA-2011:0412", "CESA-2011:1377", "CESA-2011:1378", "CESA-2011:1423", "CESA-2012:0125", "CESA-2012:0126"]}, {"type": "cert", "idList": ["VU:537223"]}, {"type": "cve", "idList": ["CVE-2010-0296", "CVE-2010-2898", "CVE-2010-3847", "CVE-2011-0536", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2011-1658", "CVE-2011-1659", "CVE-2011-1675", "CVE-2011-1678", "CVE-2011-1679", "CVE-2011-1681", "CVE-2011-1749", "CVE-2011-2483", "CVE-2011-3189", "CVE-2011-3268"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2058-1:E81DD", "DEBIAN:DSA-2058-1:F253E", "DEBIAN:DSA-2122-1:511C4", "DEBIAN:DSA-2122-2:623C4", "DEBIAN:DSA-2340-1:1241F", "DEBIAN:DSA-2399-1:367BF", "DEBIAN:DSA-2399-2:BC1FA"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2010-0296", "DEBIANCVE:CVE-2010-2898", "DEBIANCVE:CVE-2010-3847", "DEBIANCVE:CVE-2011-0536", "DEBIANCVE:CVE-2011-1071", "DEBIANCVE:CVE-2011-1089", "DEBIANCVE:CVE-2011-1095", "DEBIANCVE:CVE-2011-1659", "DEBIANCVE:CVE-2011-1675", "DEBIANCVE:CVE-2011-1678", "DEBIANCVE:CVE-2011-1681", "DEBIANCVE:CVE-2011-1749", "DEBIANCVE:CVE-2011-2483"]}, {"type": "exploitdb", "idList": ["EDB-ID:15274", "EDB-ID:15304", "EDB-ID:44025"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:9571A81F83EBE5EF35F4ED20FAF4AFA8", "EXPLOITPACK:FC124E21A6FD828BCB8AB10DC2D60915"]}, {"type": "f5", "idList": ["F5:K09408132", "F5:K13518", "F5:K13519", "SOL13518", "SOL13519", "SOL15885"]}, {"type": "fedora", "idList": ["FEDORA:25045C0AD1", "FEDORA:2AA70C0AD2", "FEDORA:302AF1111AE", "FEDORA:398CE111054", "FEDORA:420B0E7205", "FEDORA:510BA87E81", "FEDORA:6126137D07", "FEDORA:7869DC0ACF", "FEDORA:7F9E2C0AD1", "FEDORA:805B3C0ACF", "FEDORA:836B9C0AD2", "FEDORA:A5086111467", "FEDORA:C7110110508"]}, {"type": "freebsd", "idList": ["057BF770-CAC4-11E0-AEA3-00215C6A37BB"]}, {"type": "gentoo", "idList": ["GLSA-201011-01", "GLSA-201110-06", "GLSA-201110-22", "GLSA-201312-01"]}, {"type": "ibm", "idList": ["A3D6D9F86CE29E7AB19CF5C1D180331D27DE05EC91D726E0FACE559173F92FDE"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-LINUX-LOCAL-GLIBC_LD_AUDIT_DSO_LOAD_PRIV_ESC-", "MSF:EXPLOIT-LINUX-LOCAL-GLIBC_ORIGIN_EXPANSION_PRIV_ESC-"]}, {"type": "nessus", "idList": ["6015.PRM", "6303.PRM", "800906.PRM", "801087.PRM", "ALA_ALAS-2011-07.NASL", "ALA_ALAS-2011-12.NASL", "ALA_ALAS-2011-7.NASL", "CENTOS_RHSA-2010-0787.NASL", "CENTOS_RHSA-2011-0412.NASL", "CENTOS_RHSA-2011-1377.NASL", "CENTOS_RHSA-2011-1378.NASL", "CENTOS_RHSA-2011-1423.NASL", "CENTOS_RHSA-2012-0125.NASL", "CENTOS_RHSA-2012-0126.NASL", "DEBIAN_DSA-2058.NASL", "DEBIAN_DSA-2122.NASL", "DEBIAN_DSA-2340.NASL", "DEBIAN_DSA-2399.NASL", "F5_BIGIP_SOL09408132.NASL", "F5_BIGIP_SOL13519.NASL", "F5_BIGIP_SOL15885.NASL", "FEDORA_2010-16308.NASL", "FEDORA_2010-16594.NASL", "FEDORA_2010-16641.NASL", "FEDORA_2011-11464.NASL", "FEDORA_2011-11528.NASL", "FEDORA_2011-11537.NASL", "FREEBSD_PKG_057BF770CAC411E0AEA300215C6A37BB.NASL", "GENTOO_GLSA-201011-01.NASL", "GENTOO_GLSA-201110-06.NASL", "GENTOO_GLSA-201110-22.NASL", "GENTOO_GLSA-201312-01.NASL", "GOOGLE_CHROME_5_0_375_125.NASL", "HPSMH_7_0_0_24.NASL", "MACOSX_10_7_3.NASL", "MACOSX_SECUPD2012-001.NASL", "MANDRIVA_MDVSA-2010-111.NASL", "MANDRIVA_MDVSA-2010-112.NASL", "MANDRIVA_MDVSA-2010-207.NASL", "MANDRIVA_MDVSA-2011-148.NASL", "MANDRIVA_MDVSA-2011-161.NASL", "MANDRIVA_MDVSA-2011-165.NASL", "MANDRIVA_MDVSA-2011-178.NASL", "MANDRIVA_MDVSA-2011-179.NASL", "MANDRIVA_MDVSA-2011-180.NASL", "MANDRIVA_MDVSA-2012-083.NASL", "MANDRIVA_MDVSA-2012-084.NASL", "MANDRIVA_MDVSA-2013-048.NASL", "NEWSTART_CGSL_NS-SA-2019-0012_GLIBC.NASL", "OPENSUSE-2012-214.NASL", "OPENSUSE-2013-849.NASL", "ORACLELINUX_ELSA-2010-0787.NASL", "ORACLELINUX_ELSA-2010-0872.NASL", "ORACLELINUX_ELSA-2011-0412.NASL", "ORACLELINUX_ELSA-2011-0413.NASL", "ORACLELINUX_ELSA-2011-1377.NASL", "ORACLELINUX_ELSA-2011-1378.NASL", "ORACLELINUX_ELSA-2011-1423.NASL", "ORACLELINUX_ELSA-2012-0125.NASL", "ORACLELINUX_ELSA-2012-0126.NASL", "ORACLEVM_OVMSA-2015-0023.NASL", "PHP_5_3_7.NASL", "PHP_5_4_0.NASL", "REDHAT-RHSA-2010-0787.NASL", "REDHAT-RHSA-2010-0872.NASL", "REDHAT-RHSA-2011-0412.NASL", "REDHAT-RHSA-2011-0413.NASL", "REDHAT-RHSA-2011-1377.NASL", "REDHAT-RHSA-2011-1378.NASL", "REDHAT-RHSA-2011-1423.NASL", "REDHAT-RHSA-2011-1526.NASL", "REDHAT-RHSA-2012-0125.NASL", "REDHAT-RHSA-2012-0126.NASL", "REDHAT-RHSA-2012-0168.NASL", "SLACKWARE_SSA_2010-295-01.NASL", "SLACKWARE_SSA_2011-237-01.NASL", "SL_20101020_GLIBC_ON_SL5_X.NASL", "SL_20101110_GLIBC_ON_SL6_X.NASL", "SL_20110404_GLIBC_ON_SL5_X.NASL", "SL_20111017_POSTGRESQL84_ON_SL5_X.NASL", "SL_20111017_POSTGRESQL_ON_SL4_X.NASL", "SL_20111102_PHP53_AND_PHP_ON_SL5_X.NASL", "SL_20111206_GLIBC_ON_SL6_X.NASL", "SL_20120213_GLIBC_ON_SL4_X.NASL", "SL_20120213_GLIBC_ON_SL5_X.NASL", "SUSE9_12641.NASL", "SUSE9_12775.NASL", "SUSE9_12813.NASL", "SUSE_11_1_GLIBC-101026.NASL", "SUSE_11_2_GLIBC-101027.NASL", "SUSE_11_3_APACHE2-MOD_PHP5-110907.NASL", "SUSE_11_3_GLIBC-101027.NASL", "SUSE_11_3_GLIBC-110729.NASL", "SUSE_11_3_LIBXCRYPT-110824.NASL", "SUSE_11_3_MAN-PAGES-110823.NASL", "SUSE_11_3_NCPFS-110824.NASL", "SUSE_11_3_YAST2-CORE-110822.NASL", "SUSE_11_4_APACHE2-MOD_PHP5-110907.NASL", "SUSE_11_4_GLIBC-110729.NASL", "SUSE_11_4_LIBXCRYPT-110824.NASL", "SUSE_11_4_MAN-PAGES-110823.NASL", "SUSE_11_4_NCPFS-110824.NASL", "SUSE_11_4_YAST2-CORE-110822.NASL", "SUSE_11_GLIBC-100708.NASL", "SUSE_11_GLIBC-100709.NASL", "SUSE_11_GLIBC-101025.NASL", "SUSE_11_GLIBC-110516.NASL", "SUSE_11_GLIBC-110517.NASL", "SUSE_11_GLIBC-110729.NASL", "SUSE_11_GLIBC-BLOWFISH-110729.NASL", "SUSE_11_LIBXCRYPT-110824.NASL", "SUSE_11_MAN-PAGES-110825.NASL", "SUSE_11_NCPFS-110824.NASL", "SUSE_11_YAST2-CORE-110830.NASL", "SUSE_GLIBC-7201.NASL", "SUSE_GLIBC-7574.NASL", "SUSE_GLIBC-7575.NASL", "SUSE_GLIBC-7659.NASL", "SUSE_GLIBC-7663.NASL", "SUSE_GLIBC-8351.NASL", "SUSE_GLIBC-BLOWFISH-7663.NASL", "SUSE_NCPFS-7710.NASL", "SUSE_NCPFS-7711.NASL", "SUSE_POSTGRESQL-8311.NASL", "SUSE_SU-2012-1336-1.NASL", "SUSE_SU-2012-1488-1.NASL", "SUSE_SU-2013-1251-1.NASL", "SUSE_SU-2013-1287-1.NASL", "SUSE_YAST2-CORE-7725.NASL", "SUSE_YAST2-CORE-7726.NASL", "UBUNTU_USN-1009-1.NASL", "UBUNTU_USN-1009-2.NASL", "UBUNTU_USN-1229-1.NASL", "UBUNTU_USN-1231-1.NASL", "UBUNTU_USN-1396-1.NASL", "UBUNTU_USN-944-1.NASL", "VMWARE_ESXI_5_0_BUILD_515841_REMOTE.NASL", "VMWARE_ESXI_5_0_BUILD_912577_REMOTE.NASL", "VMWARE_ESXI_5_1_BUILD_1063671_REMOTE.NASL", "VMWARE_VMSA-2011-0001.NASL", "VMWARE_VMSA-2011-0001_REMOTE.NASL", "VMWARE_VMSA-2011-0010.NASL", "VMWARE_VMSA-2011-0010_REMOTE.NASL", "VMWARE_VMSA-2011-0012.NASL", "VMWARE_VMSA-2011-0012_REMOTE.NASL", "VMWARE_VMSA-2012-0013.NASL", "VMWARE_VMSA-2012-0013_REMOTE.NASL", "VMWARE_VMSA-2012-0018.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:103455", "OPENVAS:103558", "OPENVAS:103627", "OPENVAS:1361412562310103229", "OPENVAS:1361412562310103455", "OPENVAS:1361412562310103558", "OPENVAS:1361412562310103627", "OPENVAS:1361412562310120517", "OPENVAS:1361412562310120570", "OPENVAS:1361412562310121082", "OPENVAS:1361412562310122033", "OPENVAS:1361412562310122061", "OPENVAS:1361412562310122072", "OPENVAS:1361412562310122073", "OPENVAS:1361412562310122202", "OPENVAS:1361412562310122203", "OPENVAS:1361412562310122249", "OPENVAS:1361412562310122307", "OPENVAS:1361412562310123990", "OPENVAS:136141256231067542", "OPENVAS:136141256231068463", "OPENVAS:136141256231068474", "OPENVAS:136141256231068981", "OPENVAS:136141256231069035", "OPENVAS:136141256231070257", "OPENVAS:136141256231070716", "OPENVAS:136141256231070717", "OPENVAS:136141256231070769", "OPENVAS:136141256231070785", "OPENVAS:136141256231071962", "OPENVAS:1361412562310802330", "OPENVAS:1361412562310802392", "OPENVAS:1361412562310830966", "OPENVAS:1361412562310830967", "OPENVAS:1361412562310831068", "OPENVAS:1361412562310831073", "OPENVAS:1361412562310831212", "OPENVAS:1361412562310831466", "OPENVAS:1361412562310831478", "OPENVAS:1361412562310831484", "OPENVAS:1361412562310831500", "OPENVAS:1361412562310831514", "OPENVAS:1361412562310831606", "OPENVAS:1361412562310831682", "OPENVAS:1361412562310840435", "OPENVAS:1361412562310840525", "OPENVAS:1361412562310840567", "OPENVAS:1361412562310840772", "OPENVAS:1361412562310840782", "OPENVAS:1361412562310840929", "OPENVAS:1361412562310850148", "OPENVAS:1361412562310850170", "OPENVAS:1361412562310862474", "OPENVAS:1361412562310862496", "OPENVAS:1361412562310862510", "OPENVAS:1361412562310862646", "OPENVAS:1361412562310863518", "OPENVAS:1361412562310863520", "OPENVAS:1361412562310863523", "OPENVAS:1361412562310863524", "OPENVAS:1361412562310863527", "OPENVAS:1361412562310863531", "OPENVAS:1361412562310863788", "OPENVAS:1361412562310863794", "OPENVAS:1361412562310863875", "OPENVAS:1361412562310870346", "OPENVAS:1361412562310870417", "OPENVAS:1361412562310870503", "OPENVAS:1361412562310870506", "OPENVAS:1361412562310870510", "OPENVAS:1361412562310870545", "OPENVAS:1361412562310870556", "OPENVAS:1361412562310870629", "OPENVAS:1361412562310870670", "OPENVAS:1361412562310880538", "OPENVAS:1361412562310880639", "OPENVAS:1361412562310881024", "OPENVAS:1361412562310881025", "OPENVAS:1361412562310881028", "OPENVAS:1361412562310881042", "OPENVAS:1361412562310881084", "OPENVAS:1361412562310881217", "OPENVAS:1361412562310881310", "OPENVAS:1361412562310881328", "OPENVAS:1361412562310881333", "OPENVAS:1361412562310881408", "OPENVAS:1361412562310881449", "OPENVAS:1361412562310902092", "OPENVAS:67542", "OPENVAS:68463", "OPENVAS:68474", "OPENVAS:68981", "OPENVAS:69035", "OPENVAS:70257", "OPENVAS:70716", "OPENVAS:70717", "OPENVAS:70769", "OPENVAS:70785", "OPENVAS:71962", "OPENVAS:802392", "OPENVAS:830966", "OPENVAS:830967", "OPENVAS:831068", "OPENVAS:831073", "OPENVAS:831212", "OPENVAS:831466", "OPENVAS:831478", "OPENVAS:831484", "OPENVAS:831500", "OPENVAS:831514", "OPENVAS:831606", "OPENVAS:831682", "OPENVAS:840435", "OPENVAS:840525", "OPENVAS:840567", "OPENVAS:840772", "OPENVAS:840782", "OPENVAS:840929", "OPENVAS:850148", "OPENVAS:850170", "OPENVAS:862474", "OPENVAS:862496", "OPENVAS:862510", "OPENVAS:862646", "OPENVAS:863518", "OPENVAS:863520", "OPENVAS:863523", "OPENVAS:863524", "OPENVAS:863527", "OPENVAS:863531", "OPENVAS:863788", "OPENVAS:863794", "OPENVAS:863875", "OPENVAS:870346", "OPENVAS:870417", "OPENVAS:870503", "OPENVAS:870506", "OPENVAS:870510", "OPENVAS:870545", "OPENVAS:870556", "OPENVAS:870629", "OPENVAS:870670", "OPENVAS:880538", "OPENVAS:880639", "OPENVAS:881024", "OPENVAS:881025", "OPENVAS:881028", "OPENVAS:881042", "OPENVAS:881084", "OPENVAS:881217", "OPENVAS:881310", "OPENVAS:881328", "OPENVAS:881333", "OPENVAS:881408", "OPENVAS:881449", "OPENVAS:902092"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0787", "ELSA-2010-0872", "ELSA-2011-0412", "ELSA-2011-0413", "ELSA-2011-1377", "ELSA-2011-1378", "ELSA-2011-1423", "ELSA-2011-1526", "ELSA-2012-0125", "ELSA-2012-0126", "ELSA-2012-0677", "ELSA-2012-1046"]}, {"type": "osv", "idList": ["OSV:DSA-2058-1", "OSV:DSA-2122-1", "OSV:DSA-2122-2", "OSV:DSA-2340-1", "OSV:DSA-2399-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:146337", "PACKETSTORM:146338", "PACKETSTORM:146975", "PACKETSTORM:153278", "PACKETSTORM:94955", "PACKETSTORM:95098"]}, {"type": "redhat", "idList": ["RHSA-2010:0787", "RHSA-2010:0872", "RHSA-2011:0412", "RHSA-2011:0413", "RHSA-2011:1377", "RHSA-2011:1378", "RHSA-2011:1423", "RHSA-2011:1526", "RHSA-2012:0125", "RHSA-2012:0126", "RHSA-2012:0168"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23941", "SECURITYVULNS:DOC:24977", "SECURITYVULNS:DOC:24988", "SECURITYVULNS:DOC:26931", "SECURITYVULNS:DOC:27147", "SECURITYVULNS:DOC:27600", "SECURITYVULNS:DOC:27743", "SECURITYVULNS:DOC:28070", "SECURITYVULNS:DOC:28907", "SECURITYVULNS:VULN:10874", "SECURITYVULNS:VULN:11210", "SECURITYVULNS:VULN:11879", "SECURITYVULNS:VULN:12065", "SECURITYVULNS:VULN:12164"]}, {"type": "seebug", "idList": ["SSV:70027", "SSV:70046"]}, {"type": "slackware", "idList": ["SSA-2010-295-01", "SSA-2011-237-01"]}, {"type": "suse", "idList": ["SUSE-SA:2010:052", "SUSE-SA:2011:035"]}, {"type": "ubuntu", "idList": ["USN-1009-1", "USN-1009-2", "USN-1229-1", "USN-1231-1", "USN-1396-1", "USN-944-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-0296", "UB:CVE-2010-2898", "UB:CVE-2010-3847", "UB:CVE-2011-0536", "UB:CVE-2011-1071", "UB:CVE-2011-1089", "UB:CVE-2011-1095", "UB:CVE-2011-1658", "UB:CVE-2011-1659", "UB:CVE-2011-1675", "UB:CVE-2011-1678", "UB:CVE-2011-1679", "UB:CVE-2011-1681", "UB:CVE-2011-1749", "UB:CVE-2011-2483", "UB:CVE-2011-3189", "UB:CVE-2011-3268"]}, {"type": "veracode", "idList": ["VERACODE:24454", "VERACODE:24480", "VERACODE:24481", "VERACODE:24482", "VERACODE:24483", "VERACODE:24485", "VERACODE:24727", "VERACODE:24907"]}, {"type": "vmware", "idList": ["VMSA-2011-0001", "VMSA-2011-0001.3", "VMSA-2011-0010", "VMSA-2011-0010.3", "VMSA-2011-0012", "VMSA-2011-0012.3", "VMSA-2012-0013", "VMSA-2012-0013.2", "VMSA-2012-0018", "VMSA-2012-0018.2"]}, {"type": "zdt", "idList": ["1337DAY-ID-29764", "1337DAY-ID-29765", "1337DAY-ID-30090"]}]}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2011-012"]}, {"type": "canvas", "idList": ["CVE_2010_3847"]}, {"type": "centos", "idList": ["CESA-2010:0787", "CESA-2011:0412", "CESA-2011:1377", "CESA-2011:1378", "CESA-2011:1423", "CESA-2012:0125", "CESA-2012:0126"]}, {"type": "cve", "idList": ["CVE-2010-0296"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2058-1:F253E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2010-0296", "DEBIANCVE:CVE-2010-3847", "DEBIANCVE:CVE-2011-0536", "DEBIANCVE:CVE-2011-1071", "DEBIANCVE:CVE-2011-1089", "DEBIANCVE:CVE-2011-1095", "DEBIANCVE:CVE-2011-1659"]}, {"type": "exploitdb", "idList": ["EDB-ID:44024"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:9571A81F83EBE5EF35F4ED20FAF4AFA8"]}, {"type": "f5", "idList": ["F5:K09408132", "SOL13518", "SOL13519", "SOL15885"]}, {"type": "fedora", "idList": ["FEDORA:2AA70C0AD2"]}, {"type": "freebsd", "idList": ["057BF770-CAC4-11E0-AEA3-00215C6A37BB"]}, {"type": "gentoo", "idList": ["GLSA-201110-06"]}, {"type": "ibm", "idList": ["A3D6D9F86CE29E7AB19CF5C1D180331D27DE05EC91D726E0FACE559173F92FDE"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/LINUX/LOCAL/GLIBC_ORIGIN_EXPANSION_PRIV_ESC"]}, {"type": "nessus", "idList": ["FEDORA_2011-11528.NASL", "MACOSX_SECUPD2012-001.NASL", "MANDRIVA_MDVSA-2011-180.NASL", "NEWSTART_CGSL_NS-SA-2019-0012_GLIBC.NASL", "ORACLELINUX_ELSA-2012-0125.NASL", "SUSE_11_2_GLIBC-101027.NASL", "SUSE_11_3_MAN-PAGES-110823.NASL", "SUSE_11_MAN-PAGES-110825.NASL", "SUSE_11_NCPFS-110824.NASL", "SUSE_YAST2-CORE-7726.NASL", "VMWARE_ESXI_5_0_BUILD_515841_REMOTE.NASL", "VMWARE_VMSA-2011-0001.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120517", "OPENVAS:1361412562310120570", "OPENVAS:1361412562310122203", "OPENVAS:1361412562310831212", "OPENVAS:1361412562310881028", "OPENVAS:840567", "OPENVAS:863518", "OPENVAS:863523", "OPENVAS:863875", "OPENVAS:881310"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0787", "ELSA-2010-0872", "ELSA-2011-1526", "ELSA-2012-0126"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:146337"]}, {"type": "redhat", "idList": ["RHSA-2010:0787", "RHSA-2010:0872", "RHSA-2011:1526", "RHSA-2012:0126"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23941"]}, {"type": "seebug", "idList": ["SSV:70046"]}, {"type": "slackware", "idList": ["SSA-2010-295-01"]}, {"type": "suse", "idList": ["SUSE-SA:2010:052"]}, {"type": "ubuntu", "idList": ["USN-1396-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-0296", "UB:CVE-2011-0536", "UB:CVE-2011-1095", "UB:CVE-2011-1659"]}, {"type": "vmware", "idList": ["VMSA-2011-0012.3"]}, {"type": "zdt", "idList": ["1337DAY-ID-30090"]}]}, "exploitation": null, "affected_software": {"major_version": []}, "epss": [{"cve": "CVE-2010-2898", "epss": "0.002130000", "percentile": "0.575340000", "modified": "2023-03-20"}, {"cve": "CVE-2010-0296", "epss": "0.000440000", "percentile": "0.081850000", "modified": "2023-03-19"}, {"cve": "CVE-2011-2483", "epss": "0.004370000", "percentile": "0.707310000", "modified": "2023-03-19"}, {"cve": "CVE-2011-1659", "epss": "0.014250000", "percentile": "0.845030000", "modified": "2023-03-19"}, {"cve": "CVE-2011-1071", "epss": "0.019070000", "percentile": "0.867150000", "modified": "2023-03-19"}, {"cve": "CVE-2011-1095", "epss": "0.000440000", "percentile": "0.081850000", "modified": "2023-03-19"}, {"cve": "CVE-2010-3847", "epss": "0.000670000", "percentile": "0.273650000", "modified": "2023-03-19"}, {"cve": "CVE-2011-0536", "epss": "0.000440000", "percentile": "0.081850000", "modified": "2023-03-19"}, {"cve": "CVE-2011-1089", "epss": "0.000440000", "percentile": "0.081850000", "modified": "2023-03-19"}], "vulnersScore": 1.5}, "_state": {"dependencies": 1678962961, "score": 1698853398, "affected_software_major_version": 0, "epss": 1679322135}, "_internal": {"score_hash": "9dca73fa38a4e70cf7227673f3082f12"}, "sourceData": "", "affectedSoftware": [], "appercut": {}, "exploitpack": {}, "hackapp": {}, "toolHref": "", "w3af": {}}

{"nessus": [{"lastseen": "2023-12-05T15:27:43", "description": "Multiple vulnerabilities was discovered and fixed in glibc :\n\nMultiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has in (a) RPATH or (b) RUNPATH. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847 (CVE-2011-0536).\n\nThe GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a stack extension attack, a related issue to CVE-2010-2898, as originally reported for use of this library by Google Chrome (CVE-2011-1071).\n\nThe addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296 (CVE-2011-1089).\n\nlocale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function (CVE-2011-1095).\n\nInteger overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071 (CVE-2011-1659).\n\ncrypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483).\n\nThe updated packages have been patched to correct these issues.", "cvss3": {}, "published": "2011-11-28T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : glibc (MDVSA-2011:178)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0296", "CVE-2010-2898", "CVE-2010-3847", "CVE-2011-0536", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2011-1659", "CVE-2011-2483"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:glibc", "p-cpe:/a:mandriva:linux:glibc-devel", "p-cpe:/a:mandriva:linux:glibc-doc", "p-cpe:/a:mandriva:linux:glibc-doc-pdf", "p-cpe:/a:mandriva:linux:glibc-i18ndata", "p-cpe:/a:mandriva:linux:glibc-profile", "p-cpe:/a:mandriva:linux:glibc-static-devel", "p-cpe:/a:mandriva:linux:glibc-utils", "p-cpe:/a:mandriva:linux:nscd", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2011-178.NASL", "href": "https://www.tenable.com/plugins/nessus/56953", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:178. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56953);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2011-0536\",\n \"CVE-2011-1071\",\n \"CVE-2011-1089\",\n \"CVE-2011-1095\",\n \"CVE-2011-1659\",\n \"CVE-2011-2483\"\n );\n script_bugtraq_id(\n 46563,\n 46740,\n 47370,\n 49241\n );\n script_xref(name:\"MDVSA\", value:\"2011:178\");\n\n script_name(english:\"Mandriva Linux Security Advisory : glibc (MDVSA-2011:178)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities was discovered and fixed in glibc :\n\nMultiple untrusted search path vulnerabilities in elf/dl-object.c in\ncertain modified versions of the GNU C Library (aka glibc or libc6),\nincluding glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat\nEnterprise Linux, allow local users to gain privileges via a crafted\ndynamic shared object (DSO) in a subdirectory of the current working\ndirectory during execution of a (1) setuid or (2) setgid program that\nhas in (a) RPATH or (b) RUNPATH. NOTE: this issue exists because of an\nincorrect fix for CVE-2010-3847 (CVE-2011-0536).\n\nThe GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded\nGLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary\ncode or cause a denial of service (memory consumption) via a long UTF8\nstring that is used in an fnmatch call, aka a stack extension attack,\na related issue to CVE-2010-2898, as originally reported for use of\nthis library by Google Chrome (CVE-2011-1071).\n\nThe addmntent function in the GNU C Library (aka glibc or libc6) 2.13\nand earlier does not report an error status for failed attempts to\nwrite to the /etc/mtab file, which makes it easier for local users to\ntrigger corruption of this file, as demonstrated by writes from a\nprocess with a small RLIMIT_FSIZE value, a different vulnerability\nthan CVE-2010-0296 (CVE-2011-1089).\n\nlocale/programs/locale.c in locale in the GNU C Library (aka glibc or\nlibc6) before 2.13 does not quote its output, which might allow local\nusers to gain privileges via a crafted localization environment\nvariable, in conjunction with a program that executes a script that\nuses the eval function (CVE-2011-1095).\n\nInteger overflow in posix/fnmatch.c in the GNU C Library (aka glibc or\nlibc6) 2.13 and earlier allows context-dependent attackers to cause a\ndenial of service (application crash) via a long UTF8 string that is\nused in an fnmatch call with a crafted pattern argument, a different\nvulnerability than CVE-2011-1071 (CVE-2011-1659).\n\ncrypt_blowfish before 1.1, as used in glibc on certain platforms, does\nnot properly handle 8-bit characters, which makes it easier for\ncontext-dependent attackers to determine a cleartext password by\nleveraging knowledge of a password hash (CVE-2011-2483).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"glibc-2.11.1-8.3mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"glibc-devel-2.11.1-8.3mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"glibc-doc-2.11.1-8.3mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"glibc-doc-pdf-2.11.1-8.3mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"glibc-i18ndata-2.11.1-8.3mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"glibc-profile-2.11.1-8.3mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"glibc-static-devel-2.11.1-8.3mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"glibc-utils-2.11.1-8.3mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"nscd-2.11.1-8.3mnb2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:12:58", "description": "Multiple vulnerabilities was discovered and fixed in glibc :\n\nThe addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296 (CVE-2011-1089).\n\nInteger overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071 (CVE-2011-1659).\n\ncrypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483).\n\nThe updated packages have been patched to correct these issues.", "cvss3": {}, "published": "2012-09-06T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : glibc (MDVSA-2011:179)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0296", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1659", "CVE-2011-2483"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:glibc", "p-cpe:/a:mandriva:linux:glibc-devel", "p-cpe:/a:mandriva:linux:glibc-doc", "p-cpe:/a:mandriva:linux:glibc-doc-pdf", "p-cpe:/a:mandriva:linux:glibc-i18ndata", "p-cpe:/a:mandriva:linux:glibc-profile", "p-cpe:/a:mandriva:linux:glibc-static-devel", "p-cpe:/a:mandriva:linux:glibc-utils", "p-cpe:/a:mandriva:linux:nscd", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2011-179.NASL", "href": "https://www.tenable.com/plugins/nessus/61938", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:179. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61938);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2011-1089\",\n \"CVE-2011-1659\",\n \"CVE-2011-2483\"\n );\n script_bugtraq_id(\n 46740,\n 49241\n );\n script_xref(name:\"MDVSA\", value:\"2011:179\");\n\n script_name(english:\"Mandriva Linux Security Advisory : glibc (MDVSA-2011:179)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities was discovered and fixed in glibc :\n\nThe addmntent function in the GNU C Library (aka glibc or libc6) 2.13\nand earlier does not report an error status for failed attempts to\nwrite to the /etc/mtab file, which makes it easier for local users to\ntrigger corruption of this file, as demonstrated by writes from a\nprocess with a small RLIMIT_FSIZE value, a different vulnerability\nthan CVE-2010-0296 (CVE-2011-1089).\n\nInteger overflow in posix/fnmatch.c in the GNU C Library (aka glibc or\nlibc6) 2.13 and earlier allows context-dependent attackers to cause a\ndenial of service (application crash) via a long UTF8 string that is\nused in an fnmatch call with a crafted pattern argument, a different\nvulnerability than CVE-2011-1071 (CVE-2011-1659).\n\ncrypt_blowfish before 1.1, as used in glibc on certain platforms, does\nnot properly handle 8-bit characters, which makes it easier for\ncontext-dependent attackers to determine a cleartext password by\nleveraging knowledge of a password hash (CVE-2011-2483).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", reference:\"glibc-2.13-6.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"glibc-devel-2.13-6.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"glibc-doc-2.13-6.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"glibc-doc-pdf-2.13-6.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"glibc-i18ndata-2.13-6.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"glibc-profile-2.13-6.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"glibc-static-devel-2.13-6.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"glibc-utils-2.13-6.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"nscd-2.13-6.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:38:07", "description": "Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nThe fix for CVE-2010-3847 introduced a regression in the way the dynamic loader expanded the $ORIGIN dynamic string token specified in the RPATH and RUNPATH entries in the ELF library header. A local attacker could use this flaw to escalate their privileges via a setuid or setgid program using such a library. (CVE-2011-0536)\n\nIt was discovered that the glibc addmntent() function did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into /etc/mtab via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296)\n\nIt was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071)\n\nIt was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker's, it could execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAll users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2011-04-15T00:00:00", "type": "nessus", "title": "CentOS 5 : glibc (CESA-2011:0412)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0296", "CVE-2010-3847", "CVE-2011-0536", "CVE-2011-1071", "CVE-2011-1095", "CVE-2011-1658", "CVE-2011-1659"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-0412.NASL", "href": "https://www.tenable.com/plugins/nessus/53430", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0412 and \n# CentOS Errata and Security Advisory 2011:0412 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53430);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-0296\", \"CVE-2010-3847\", \"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\", \"CVE-2011-1658\", \"CVE-2011-1659\");\n script_bugtraq_id(46563, 46740, 64465);\n script_xref(name:\"RHSA\", value:\"2011:0412\");\n\n script_name(english:\"CentOS 5 : glibc (CESA-2011:0412)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nThe fix for CVE-2010-3847 introduced a regression in the way the\ndynamic loader expanded the $ORIGIN dynamic string token specified in\nthe RPATH and RUNPATH entries in the ELF library header. A local\nattacker could use this flaw to escalate their privileges via a setuid\nor setgid program using such a library. (CVE-2011-0536)\n\nIt was discovered that the glibc addmntent() function did not sanitize\nits input properly. A local attacker could possibly use this flaw to\ninject malformed lines into /etc/mtab via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAll users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017297.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bc4bb2e0\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017298.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aeec5e19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"$ORIGIN\" Expansion Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-2.5-58.el5_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-common-2.5-58.el5_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-devel-2.5-58.el5_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-headers-2.5-58.el5_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-utils-2.5-58.el5_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"nscd-2.5-58.el5_6.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:17:38", "description": "Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nThe fix for CVE-2010-3847 introduced a regression in the way the dynamic loader expanded the $ORIGIN dynamic string token specified in the RPATH and RUNPATH entries in the ELF library header. A local attacker could use this flaw to escalate their privileges via a setuid or setgid program using such a library. (CVE-2011-0536)\n\nIt was discovered that the glibc addmntent() function did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into /etc/mtab via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296)\n\nIt was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071)\n\nIt was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker's, it could execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAll users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2011-04-05T00:00:00", "type": "nessus", "title": "RHEL 5 : glibc (RHSA-2011:0412)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0296", "CVE-2010-3847", "CVE-2011-0536", "CVE-2011-1071", "CVE-2011-1095", "CVE-2011-1658", "CVE-2011-1659"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.6"], "id": "REDHAT-RHSA-2011-0412.NASL", "href": "https://www.tenable.com/plugins/nessus/53291", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0412. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53291);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0296\", \"CVE-2010-3847\", \"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\", \"CVE-2011-1658\", \"CVE-2011-1659\");\n script_bugtraq_id(46563, 46740, 64465);\n script_xref(name:\"RHSA\", value:\"2011:0412\");\n\n script_name(english:\"RHEL 5 : glibc (RHSA-2011:0412)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nThe fix for CVE-2010-3847 introduced a regression in the way the\ndynamic loader expanded the $ORIGIN dynamic string token specified in\nthe RPATH and RUNPATH entries in the ELF library header. A local\nattacker could use this flaw to escalate their privileges via a setuid\nor setgid program using such a library. (CVE-2011-0536)\n\nIt was discovered that the glibc addmntent() function did not sanitize\nits input properly. A local attacker could possibly use this flaw to\ninject malformed lines into /etc/mtab via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAll users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0412\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"$ORIGIN\" Expansion Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0412\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-2.5-58.el5_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-common-2.5-58.el5_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-common-2.5-58.el5_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-common-2.5-58.el5_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-devel-2.5-58.el5_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-headers-2.5-58.el5_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-headers-2.5-58.el5_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-headers-2.5-58.el5_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-utils-2.5-58.el5_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-utils-2.5-58.el5_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-utils-2.5-58.el5_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nscd-2.5-58.el5_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nscd-2.5-58.el5_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nscd-2.5-58.el5_6.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:21:25", "description": "From Red Hat Security Advisory 2011:0412 :\n\nUpdated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nThe fix for CVE-2010-3847 introduced a regression in the way the dynamic loader expanded the $ORIGIN dynamic string token specified in the RPATH and RUNPATH entries in the ELF library header. A local attacker could use this flaw to escalate their privileges via a setuid or setgid program using such a library. (CVE-2011-0536)\n\nIt was discovered that the glibc addmntent() function did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into /etc/mtab via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296)\n\nIt was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071)\n\nIt was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker's, it could execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAll users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : glibc (ELSA-2011-0412)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0296", "CVE-2010-3847", "CVE-2011-0536", "CVE-2011-1071", "CVE-2011-1095", "CVE-2011-1658", "CVE-2011-1659"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2011-0412.NASL", "href": "https://www.tenable.com/plugins/nessus/68244", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0412 and \n# Oracle Linux Security Advisory ELSA-2011-0412 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68244);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0296\", \"CVE-2010-3847\", \"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\", \"CVE-2011-1658\", \"CVE-2011-1659\");\n script_bugtraq_id(46563, 46740, 64465);\n script_xref(name:\"RHSA\", value:\"2011:0412\");\n\n script_name(english:\"Oracle Linux 5 : glibc (ELSA-2011-0412)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0412 :\n\nUpdated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nThe fix for CVE-2010-3847 introduced a regression in the way the\ndynamic loader expanded the $ORIGIN dynamic string token specified in\nthe RPATH and RUNPATH entries in the ELF library header. A local\nattacker could use this flaw to escalate their privileges via a setuid\nor setgid program using such a library. (CVE-2011-0536)\n\nIt was discovered that the glibc addmntent() function did not sanitize\nits input properly. A local attacker could possibly use this flaw to\ninject malformed lines into /etc/mtab via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAll users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-April/002053.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"$ORIGIN\" Expansion Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"glibc-2.5-58.el5_6.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-common-2.5-58.el5_6.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-devel-2.5-58.el5_6.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-headers-2.5-58.el5_6.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-utils-2.5-58.el5_6.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nscd-2.5-58.el5_6.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:47:33", "description": "The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nThe fix for CVE-2010-3847 introduced a regression in the way the dynamic loader expanded the $ORIGIN dynamic string token specified in the RPATH and RUNPATH entries in the ELF library header. A local attacker could use this flaw to escalate their privileges via a setuid or setgid program using such a library. (CVE-2011-0536)\n\nIt was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071)\n\nIt was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker's, it could execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAll users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL5.x,SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3847", "CVE-2011-0536", "CVE-2011-1071", "CVE-2011-1095"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110404_GLIBC_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61008", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61008);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3847\", \"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL5.x,SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nThe fix for CVE-2010-3847 introduced a regression in the way the\ndynamic loader expanded the $ORIGIN dynamic string token specified in\nthe RPATH and RUNPATH entries in the ELF library header. A local\nattacker could use this flaw to escalate their privileges via a setuid\nor setgid program using such a library. (CVE-2011-0536)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAll users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1104&L=scientific-linux-errata&T=0&P=583\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?500923b0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"$ORIGIN\" Expansion Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"glibc-2.5-58.el5_6.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-common-2.5-58.el5_6.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-devel-2.5-58.el5_6.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-headers-2.5-58.el5_6.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-utils-2.5-58.el5_6.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nscd-2.5-58.el5_6.2\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"glibc-2.12-1.7.el6_0.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-common-2.12-1.7.el6_0.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-devel-2.12-1.7.el6_0.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-headers-2.12-1.7.el6_0.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-static-2.12-1.7.el6_0.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-utils-2.12-1.7.el6_0.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nscd-2.12-1.7.el6_0.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:17:56", "description": "Updated glibc packages that fix three security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nThe fix for CVE-2010-3847 introduced a regression in the way the dynamic loader expanded the $ORIGIN dynamic string token specified in the RPATH and RUNPATH entries in the ELF library header. A local attacker could use this flaw to escalate their privileges via a setuid or setgid program using such a library. (CVE-2011-0536)\n\nIt was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071)\n\nIt was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker's, it could execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAll users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2011-04-05T00:00:00", "type": "nessus", "title": "RHEL 6 : glibc (RHSA-2011:0413)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3847", "CVE-2011-0536", "CVE-2011-1071", "CVE-2011-1095", "CVE-2011-1658", "CVE-2011-1659"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2011-0413.NASL", "href": "https://www.tenable.com/plugins/nessus/53292", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0413. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53292);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3847\", \"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\", \"CVE-2011-1658\", \"CVE-2011-1659\");\n script_bugtraq_id(46563, 64465);\n script_xref(name:\"RHSA\", value:\"2011:0413\");\n\n script_name(english:\"RHEL 6 : glibc (RHSA-2011:0413)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nThe fix for CVE-2010-3847 introduced a regression in the way the\ndynamic loader expanded the $ORIGIN dynamic string token specified in\nthe RPATH and RUNPATH entries in the ELF library header. A local\nattacker could use this flaw to escalate their privileges via a setuid\nor setgid program using such a library. (CVE-2011-0536)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAll users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0413\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"$ORIGIN\" Expansion Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0413\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-2.12-1.7.el6_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-common-2.12-1.7.el6_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-common-2.12-1.7.el6_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.7.el6_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-2.12-1.7.el6_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-devel-2.12-1.7.el6_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-headers-2.12-1.7.el6_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-headers-2.12-1.7.el6_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.7.el6_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-static-2.12-1.7.el6_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-static-2.12-1.7.el6_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-static-2.12-1.7.el6_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-utils-2.12-1.7.el6_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-utils-2.12-1.7.el6_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.7.el6_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"nscd-2.12-1.7.el6_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"nscd-2.12-1.7.el6_0.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"nscd-2.12-1.7.el6_0.5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:21:51", "description": "From Red Hat Security Advisory 2011:0413 :\n\nUpdated glibc packages that fix three security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nThe fix for CVE-2010-3847 introduced a regression in the way the dynamic loader expanded the $ORIGIN dynamic string token specified in the RPATH and RUNPATH entries in the ELF library header. A local attacker could use this flaw to escalate their privileges via a setuid or setgid program using such a library. (CVE-2011-0536)\n\nIt was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071)\n\nIt was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker's, it could execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAll users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : glibc (ELSA-2011-0413)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3847", "CVE-2011-0536", "CVE-2011-1071", "CVE-2011-1095", "CVE-2011-1658", "CVE-2011-1659"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-static", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2011-0413.NASL", "href": "https://www.tenable.com/plugins/nessus/68245", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0413 and \n# Oracle Linux Security Advisory ELSA-2011-0413 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68245);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3847\", \"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\", \"CVE-2011-1658\", \"CVE-2011-1659\");\n script_bugtraq_id(46563, 64465);\n script_xref(name:\"RHSA\", value:\"2011:0413\");\n\n script_name(english:\"Oracle Linux 6 : glibc (ELSA-2011-0413)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0413 :\n\nUpdated glibc packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nThe fix for CVE-2010-3847 introduced a regression in the way the\ndynamic loader expanded the $ORIGIN dynamic string token specified in\nthe RPATH and RUNPATH entries in the ELF library header. A local\nattacker could use this flaw to escalate their privileges via a setuid\nor setgid program using such a library. (CVE-2011-0536)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAll users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-April/002054.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"$ORIGIN\" Expansion Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"glibc-2.12-1.7.el6_0.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-common-2.12-1.7.el6_0.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-devel-2.12-1.7.el6_0.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-headers-2.12-1.7.el6_0.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-static-2.12-1.7.el6_0.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"glibc-utils-2.12-1.7.el6_0.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nscd-2.12-1.7.el6_0.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:28:47", "description": "The remote host is affected by the vulnerability described in GLSA-201312-01 (GNU C Library: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in GNU C Library. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A local attacker could trigger vulnerabilities in dynamic library loader, making it possible to load attacker-controlled shared objects during execution of setuid/setgid programs to escalate privileges.\n A context-dependent attacker could trigger various vulnerabilities in GNU C Library, including a buffer overflow, leading to execution of arbitrary code or a Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2013-12-03T00:00:00", "type": "nessus", "title": "GLSA-201312-01 : GNU C Library: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5029", "CVE-2010-3847", "CVE-2011-0536", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2011-1658", "CVE-2011-1659", "CVE-2012-0864"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:glibc", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201312-01.NASL", "href": "https://www.tenable.com/plugins/nessus/71167", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201312-01.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71167);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2010-3847\", \"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1658\", \"CVE-2011-1659\", \"CVE-2012-0864\");\n script_bugtraq_id(44154, 46563, 46740, 47370, 50898, 52201);\n script_xref(name:\"GLSA\", value:\"201312-01\");\n\n script_name(english:\"GLSA-201312-01 : GNU C Library: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201312-01\n(GNU C Library: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in GNU C Library. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A local attacker could trigger vulnerabilities in dynamic library\n loader, making it possible to load attacker-controlled shared objects\n during execution of setuid/setgid programs to escalate privileges.\n A context-dependent attacker could trigger various vulnerabilities in\n GNU C Library, including a buffer overflow, leading to execution of\n arbitrary code or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201312-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All GNU C Library users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-libs/glibc-2.15-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"$ORIGIN\" Expansion Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-libs/glibc\", unaffected:make_list(\"ge 2.15-r3\"), vulnerable:make_list(\"lt 2.15-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GNU C Library\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:47:37", "description": "The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including arbitrary code execution vulnerabilities, in several third-party components and libraries :\n\n - DHCP\n - glibc", "cvss3": {}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0010) (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0296", "CVE-2011-0536", "CVE-2011-0997", "CVE-2011-1071", "CVE-2011-1095", "CVE-2011-1658", "CVE-2011-1659"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx"], "id": "VMWARE_VMSA-2011-0010_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89679", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89679);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2010-0296\",\n \"CVE-2011-0536\",\n \"CVE-2011-0997\",\n \"CVE-2011-1071\",\n \"CVE-2011-1095\",\n \"CVE-2011-1658\",\n \"CVE-2011-1659\"\n );\n script_bugtraq_id(\n 44154,\n 46563,\n 47176,\n 47370\n );\n script_xref(name:\"VMSA\", value:\"2011-0010\");\n script_xref(name:\"CERT\", value:\"537223\");\n script_xref(name:\"CERT\", value:\"107886\");\n\n script_name(english:\"VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0010) (remote check)\");\n script_summary(english:\"Checks the ESX version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESX host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX host is missing a security-related patch. It is,\ntherefore, affected by multiple vulnerabilities, including arbitrary\ncode execution vulnerabilities, in several third-party components and\nlibraries :\n\n - DHCP\n - glibc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2011-0010\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2012/000163.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESX version 3.5 / 4.0 / 4.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"$ORIGIN\" Expansion Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Misc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\nesx = 'ESX';\n\nif (\"ESX\" >!< rel || \"ESXi\" >< rel)\n audit(AUDIT_OS_NOT, \"VMware ESX\");\n\nextract = eregmatch(pattern:\"^ESX (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, \"VMware ESX\");\nelse\n ver = extract[1];\n\nfixes = make_array(\n \"3.5\", \"604481\",\n \"4.0\", \"480973\",\n \"4.1\", \"433742\"\n );\n\nfix = FALSE;\nfix = fixes[ver];\n\n# get the build before checking the fix for the most complete audit trail\nextract = eregmatch(pattern:'^VMware ESX.* build-([0-9]+)$', string:rel);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_BUILD, \"VMware \" + esx, ver);\nelse\n build = int(extract[1]);\n\n# if there is no fix in the array, fix is FALSE\nif (!fix)\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + esx, ver, build);\n\nif (build < fix)\n{\n\n report = '\\n Version : ' + esx + \" \" + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n exit(0);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + esx, ver, build);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:25:10", "description": "a. Service Console update for DHCP\n\n The DHCP client daemon, dhclient, does not properly sanatize certain options in DHCP server replies. An attacker could send a specially crafted DHCP server reply, that is saved on the client system and evaluated by a process that assumes the option is trusted. This could lead to arbitrary code execution with the privileges of the evaluating process.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-0997 to this issue.\n\nb. Service Console update for glibc\n\n This patch updates the glibc package for ESX service console to glibc-2.5-58.7602.vmw. This fixes multiple security issues in glibc, glibc-common and nscd including possible local privilege escalation.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2010-0296, CVE-2011-0536, CVE-2011-1095, CVE-2011-1071, CVE-2011-1658 and CVE-2011-1659 to these issues.", "cvss3": {}, "published": "2011-08-01T00:00:00", "type": "nessus", "title": "VMSA-2011-0010 : VMware ESX third-party updates for Service Console packages glibc and dhcp", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0296", "CVE-2011-0536", "CVE-2011-0997", "CVE-2011-1071", "CVE-2011-1095", "CVE-2011-1658", "CVE-2011-1659"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx:3.5", "cpe:/o:vmware:esx:4.0", "cpe:/o:vmware:esx:4.1"], "id": "VMWARE_VMSA-2011-0010.NASL", "href": "https://www.tenable.com/plugins/nessus/55747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2011-0010. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55747);\n script_version(\"1.40\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-0296\", \"CVE-2011-0536\", \"CVE-2011-0997\", \"CVE-2011-1071\", \"CVE-2011-1095\", \"CVE-2011-1658\", \"CVE-2011-1659\");\n script_bugtraq_id(44154, 46563, 47176, 47370);\n script_xref(name:\"VMSA\", value:\"2011-0010\");\n\n script_name(english:\"VMSA-2011-0010 : VMware ESX third-party updates for Service Console packages glibc and dhcp\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESX host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"a. Service Console update for DHCP\n\n The DHCP client daemon, dhclient, does not properly sanatize\n certain options in DHCP server replies. An attacker could send a\n specially crafted DHCP server reply, that is saved on\n the client system and evaluated by a process that assumes the\n option is trusted. This could lead to arbitrary code execution\n with the privileges of the evaluating process.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2011-0997 to this issue.\n\nb. Service Console update for glibc\n\n This patch updates the glibc package for ESX service console to\n glibc-2.5-58.7602.vmw. This fixes multiple security issues in\n glibc, glibc-common and nscd including possible local privilege\n escalation.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifiers CVE-2010-0296, CVE-2011-0536,\n CVE-2011-1095, CVE-2011-1071, CVE-2011-1658 and CVE-2011-1659 to\n these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2012/000163.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"$ORIGIN\" Expansion Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2011-07-28\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 3.5.0\", patch:\"ESX350-201203405-SG\")) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201110406-SG\",\n patch_updates : make_list(\"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201110408-SG\",\n patch_updates : make_list(\"ESX400-Update04\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201107405-SG\",\n patch_updates : make_list(\"ESX410-Update02\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201107406-SG\",\n patch_updates : make_list(\"ESX410-201208104-SG\", \"ESX410-Update02\", \"ESX410-Update03\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:27:28", "description": "The remote VMware ESXi 5.0 host is affected by the following security vulnerabilities :\n\n - A security bypass vulnerability exists in the e1000 driver in the Linux kernel due to improper handling of Ethernet frames that exceed the MTU. An unauthenticated, remote attacker can exploit this, via trailing payload data, to bypass packet filters. (CVE-2009-4536)\n\n - An error exists in the file misc/mntent_r.c that could allow a local attacker to cause denial of service conditions. (CVE-2010-0296)\n\n - An error exists related to glibc, the dynamic linker and '$ORIGIN' substitution that could allow privilege escalation. (CVE-2011-0536)\n\n - An error exists in the function 'fnmatch' in the file posix/fnmatch.c that could allow arbitrary code execution. (CVE-2011-1071)\n\n - An error exists in the file locale/programs/locale.c related to localization environment variables that could allow privilege escalation. (CVE-2011-1095)\n\n - An error exists related to glibc, the dynamic linker and 'RPATH' that could allow privilege escalation.\n (CVE-2011-1658)\n\n - An error exists in the function 'fnmatch' related to UTF-8 string handling that could allow privilege escalation. (CVE-2011-1659)", "cvss3": {}, "published": "2013-11-13T00:00:00", "type": "nessus", "title": "ESXi 5.0 < Build 515841 Multiple Vulnerabilities (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4536", "CVE-2010-0296", "CVE-2011-0536", "CVE-2011-1071", "CVE-2011-1095", "CVE-2011-1658", "CVE-2011-1659"], "modified": "2019-11-27T00:00:00", "cpe": ["cpe:/o:vmware:esxi:5.0"], "id": "VMWARE_ESXI_5_0_BUILD_515841_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/70880", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70880);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2009-4536\",\n \"CVE-2010-0296\",\n \"CVE-2011-0536\",\n \"CVE-2011-1071\",\n \"CVE-2011-1095\",\n \"CVE-2011-1658\",\n \"CVE-2011-1659\"\n );\n script_bugtraq_id(37519, 46563, 47370);\n script_xref(name:\"EDB-ID\", value:\"15274\");\n script_xref(name:\"VMSA\", value:\"2011-0009\");\n script_xref(name:\"VMSA\", value:\"2011-0012\");\n\n script_name(english:\"ESXi 5.0 < Build 515841 Multiple Vulnerabilities (remote check)\");\n script_summary(english:\"Checks the ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi 5.0 host is affected by multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi 5.0 host is affected by the following security\nvulnerabilities :\n\n - A security bypass vulnerability exists in the e1000\n driver in the Linux kernel due to improper handling of\n Ethernet frames that exceed the MTU. An unauthenticated,\n remote attacker can exploit this, via trailing payload\n data, to bypass packet filters. (CVE-2009-4536)\n\n - An error exists in the file misc/mntent_r.c that could\n allow a local attacker to cause denial of service\n conditions. (CVE-2010-0296)\n\n - An error exists related to glibc, the dynamic linker\n and '$ORIGIN' substitution that could allow privilege\n escalation. (CVE-2011-0536)\n\n - An error exists in the function 'fnmatch' in the file\n posix/fnmatch.c that could allow arbitrary code\n execution. (CVE-2011-1071)\n\n - An error exists in the file locale/programs/locale.c\n related to localization environment variables that\n could allow privilege escalation. (CVE-2011-1095)\n\n - An error exists related to glibc, the dynamic linker\n and 'RPATH' that could allow privilege escalation.\n (CVE-2011-1658)\n\n - An error exists in the function 'fnmatch' related to\n UTF-8 string handling that could allow privilege\n escalation. (CVE-2011-1659)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2011-0012.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2011-0009.html\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2007671\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c402a9a2\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2007673\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?635686b4\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2007680\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fce8c282\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply patches ESXi500-201112401-SG and ESXi500-201112403-SG.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-0296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is (C) 2013-2019 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.0\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.0\");\n\nmatch = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 515841;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse exit(0, \"The host has \"+ver+\" build \"+build+\" and thus is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:23:16", "description": "This update contains the following fixes :\n\n - Specially crafted input to the fnmatch function could cause an integer overflow. (CVE-2011-1071)\n\n - The output of the 'locale' command was not properly quoted. (CVE-2011-1095)\n\n - Don't search the current directory if $ORIGIN is in RPATH of libraries called by setuid binaries.\n (CVE-2011-0536)", "cvss3": {}, "published": "2011-06-28T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : glibc (YOU Patch Number 12775)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0536", "CVE-2011-1071", "CVE-2011-1095"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12775.NASL", "href": "https://www.tenable.com/plugins/nessus/55440", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55440);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\");\n\n script_name(english:\"SuSE9 Security Update : glibc (YOU Patch Number 12775)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains the following fixes :\n\n - Specially crafted input to the fnmatch function could\n cause an integer overflow. (CVE-2011-1071)\n\n - The output of the 'locale' command was not properly\n quoted. (CVE-2011-1095)\n\n - Don't search the current directory if $ORIGIN is in\n RPATH of libraries called by setuid binaries.\n (CVE-2011-0536)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0536.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1071.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1095.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12775.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-2.3.3-98.121\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-devel-2.3.3-98.121\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-html-2.3.3-98.121\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-i18ndata-2.3.3-98.121\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-info-2.3.3-98.121\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-locale-2.3.3-98.121\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-profile-2.3.3-98.121\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"nscd-2.3.3-98.121\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"timezone-2.3.3-98.121\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"glibc-32bit-9-201106161950\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-9-201106161606\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-9-201106161606\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:40:16", "description": "The following bugs have been fixed :\n\n - Specially crafted input to the fnmatch function could cause an integer overflow. (CVE-2011-1071)\n\n - The output of the 'locale' command was not properly quoted. (CVE-2011-1095)\n\n - Don't search the current directory if $ORIGIN is in RPATH of libraries called by setuid binaries.\n (CVE-2011-0536)\n\n - The update also includes fixes for non-security bugs.\n Please refer to the package changelog for details.", "cvss3": {}, "published": "2011-06-28T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : glibc (ZYPP Patch Number 7575)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0536", "CVE-2011-1071", "CVE-2011-1095"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GLIBC-7575.NASL", "href": "https://www.tenable.com/plugins/nessus/55442", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55442);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\");\n\n script_name(english:\"SuSE 10 Security Update : glibc (ZYPP Patch Number 7575)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following bugs have been fixed :\n\n - Specially crafted input to the fnmatch function could\n cause an integer overflow. (CVE-2011-1071)\n\n - The output of the 'locale' command was not properly\n quoted. (CVE-2011-1095)\n\n - Don't search the current directory if $ORIGIN is in\n RPATH of libraries called by setuid binaries.\n (CVE-2011-0536)\n\n - The update also includes fixes for non-security bugs.\n Please refer to the package changelog for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0536.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1071.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1095.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7575.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-2.4-31.77.84.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-devel-2.4-31.77.84.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-html-2.4-31.77.84.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-i18ndata-2.4-31.77.84.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-info-2.4-31.77.84.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-locale-2.4-31.77.84.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-profile-2.4-31.77.84.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"nscd-2.4-31.77.84.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.77.84.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.77.84.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.77.84.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.4-31.77.84.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:35", "description": "This update contains the following fixes :\n\n - Specially crafted input to the fnmatch function could cause an integer overflow. (CVE-2011-1071)\n\n - The output of the 'locale' command was not properly quoted. (CVE-2011-1095)\n\n - Don't search the current directory if $ORIGIN is in RPATH of libraries called by setuid binaries.\n (CVE-2011-0536)\n\n - The update also includes fixes for non-security bugs.\n Please refer to the package changelog for details.", "cvss3": {}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : glibc (ZYPP Patch Number 7574)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0536", "CVE-2011-1071", "CVE-2011-1095"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GLIBC-7574.NASL", "href": "https://www.tenable.com/plugins/nessus/57201", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57201);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\");\n\n script_name(english:\"SuSE 10 Security Update : glibc (ZYPP Patch Number 7574)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains the following fixes :\n\n - Specially crafted input to the fnmatch function could\n cause an integer overflow. (CVE-2011-1071)\n\n - The output of the 'locale' command was not properly\n quoted. (CVE-2011-1095)\n\n - Don't search the current directory if $ORIGIN is in\n RPATH of libraries called by setuid binaries.\n (CVE-2011-0536)\n\n - The update also includes fixes for non-security bugs.\n Please refer to the package changelog for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0536.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1071.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1095.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7574.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-devel-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-html-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-i18ndata-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-info-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-locale-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"nscd-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-devel-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-html-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-i18ndata-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-info-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-locale-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-profile-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"nscd-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.4-31.91.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:39:46", "description": "Updated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various mount helper utilities, did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into the mtab (mounted file systems table) file via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker's, it could execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If an attacker supplied a long UTF-8 string to an application linked against glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the glibc package, the nscd service could fail to start. This update makes the nscd package require a specific glibc version to prevent this problem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these issues.", "cvss3": {}, "published": "2012-02-14T00:00:00", "type": "nessus", "title": "RHEL 4 : glibc (RHSA-2012:0125)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0296", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2011-1659", "CVE-2011-4609"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-profile", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nptl-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2012-0125.NASL", "href": "https://www.tenable.com/plugins/nessus/57928", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0125. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57928);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46563, 46740, 47370, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0125\");\n\n script_name(english:\"RHEL 4 : glibc (RHSA-2012:0125)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the\nglibc package, the nscd service could fail to start. This update makes\nthe nscd package require a specific glibc version to prevent this\nproblem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0830\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nptl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0125\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"nscd-2.3.4-2.57\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-profile / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:39:51", "description": "Updated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various mount helper utilities, did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into the mtab (mounted file systems table) file via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker's, it could execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If an attacker supplied a long UTF-8 string to an application linked against glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the glibc package, the nscd service could fail to start. This update makes the nscd package require a specific glibc version to prevent this problem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these issues.", "cvss3": {}, "published": "2012-02-14T00:00:00", "type": "nessus", "title": "CentOS 4 : glibc (CESA-2012:0125)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0296", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2011-1659", "CVE-2011-4609"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc-profile", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:nptl-devel", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2012-0125.NASL", "href": "https://www.tenable.com/plugins/nessus/57923", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0125 and \n# CentOS Errata and Security Advisory 2012:0125 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57923);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46563, 46740, 47370, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0125\");\n\n script_name(english:\"CentOS 4 : glibc (CESA-2012:0125)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the\nglibc package, the nscd service could fail to start. This update makes\nthe nscd package require a specific glibc version to prevent this\nproblem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018427.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?04137bde\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-0296\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nptl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"nscd-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"nscd-2.3.4-2.57\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-profile / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:40:16", "description": "This update fixes the following security issues found in glibc :\n\n - Specially crafted input to the fnmatch function could cause an integer overflow. (CVE-2011-1071)\n\n - The output of the 'locale' command was not properly quoted. (CVE-2011-1095)\n\n - Unprivileged users could read the NIS shadow database.\n (CVE-2010-0015)\n\n - Don't search the current directory if $ORIGIN is in RPATH of libraries called by setuid binaries.\n (CVE-2011-0536) The update also includes fixes for non-security bugs. Please refer to the package changelog for details.", "cvss3": {}, "published": "2011-06-28T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : glibc (SAT Patch Number 4572)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0015", "CVE-2011-0536", "CVE-2011-1071", "CVE-2011-1095"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:glibc", "p-cpe:/a:novell:suse_linux:11:glibc-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-devel", "p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-html", "p-cpe:/a:novell:suse_linux:11:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:11:glibc-info", "p-cpe:/a:novell:suse_linux:11:glibc-locale", "p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-profile", "p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit", "p-cpe:/a:novell:suse_linux:11:nscd", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_GLIBC-110516.NASL", "href": "https://www.tenable.com/plugins/nessus/55441", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55441);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-0015\", \"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\");\n\n script_name(english:\"SuSE 11.1 Security Update : glibc (SAT Patch Number 4572)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues found in glibc :\n\n - Specially crafted input to the fnmatch function could\n cause an integer overflow. (CVE-2011-1071)\n\n - The output of the 'locale' command was not properly\n quoted. (CVE-2011-1095)\n\n - Unprivileged users could read the NIS shadow database.\n (CVE-2010-0015)\n\n - Don't search the current directory if $ORIGIN is in\n RPATH of libraries called by setuid binaries.\n (CVE-2011-0536) The update also includes fixes for\n non-security bugs. Please refer to the package changelog\n for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=569091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=585879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=625591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=625835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=645303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=647965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=659090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=664541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=666179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=673111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=677787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=678031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=685405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=687510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0536.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1071.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1095.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4572.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"glibc-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"glibc-devel-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"glibc-i18ndata-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"glibc-locale-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"nscd-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i686\", reference:\"glibc-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i686\", reference:\"glibc-devel-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-devel-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-i18ndata-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-locale-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"nscd-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"glibc-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"glibc-devel-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"glibc-html-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"glibc-i18ndata-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"glibc-info-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"glibc-locale-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"glibc-profile-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"nscd-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i686\", reference:\"glibc-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i686\", reference:\"glibc-devel-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-devel-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-html-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-i18ndata-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-info-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-locale-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-profile-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"nscd-2.11.1-0.30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:21:30", "description": "From Red Hat Security Advisory 2012:0125 :\n\nUpdated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various mount helper utilities, did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into the mtab (mounted file systems table) file via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker's, it could execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If an attacker supplied a long UTF-8 string to an application linked against glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the glibc package, the nscd service could fail to start. This update makes the nscd package require a specific glibc version to prevent this problem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : glibc (ELSA-2012-0125)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0296", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2011-1659", "CVE-2011-4609"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-profile", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nptl-devel", "p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2012-0125.NASL", "href": "https://www.tenable.com/plugins/nessus/68455", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0125 and \n# Oracle Linux Security Advisory ELSA-2012-0125 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68455);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46563, 46740, 47370, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0125\");\n\n script_name(english:\"Oracle Linux 4 : glibc (ELSA-2012-0125)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0125 :\n\nUpdated glibc packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the\nglibc package, the nscd service could fail to start. This update makes\nthe nscd package require a specific glibc version to prevent this\nproblem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002604.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nptl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"glibc-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"nscd-2.3.4-2.57\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-profile / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:45:41", "description": "The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various mount helper utilities, did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into the mtab (mounted file systems table) file via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker's, it could execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If an attacker supplied a long UTF-8 string to an application linked against glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nThis update also fixes the following bug :\n\n - When using an nscd package that is a different version than the glibc package, the nscd service could fail to start. This update makes the nscd package require a specific glibc version to prevent this problem.\n\nUsers should upgrade to these updated packages, which resolve these issues.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL4.x i386/x86_64 (20120213)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0296", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2011-1659", "CVE-2011-4609"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:glibc-headers", "p-cpe:/a:fermilab:scientific_linux:glibc-profile", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:nptl-devel", "p-cpe:/a:fermilab:scientific_linux:nscd", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120213_GLIBC_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61243", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61243);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-4609\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL4.x i386/x86_64 (20120213)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nThis update also fixes the following bug :\n\n - When using an nscd package that is a different version\n than the glibc package, the nscd service could fail to\n start. This update makes the nscd package require a\n specific glibc version to prevent this problem.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1202&L=scientific-linux-errata&T=0&P=2559\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c13b3468\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nptl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 4.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"glibc-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-debuginfo-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-debuginfo-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nscd-2.3.4-2.57\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:29:18", "description": "This update fixes the following security issues found in glibc :\n\n - Specially crafted input to the fnmatch function could cause an integer overflow. (CVE-2011-1071)\n\n - The output of the 'locale' command was not properly quoted. (CVE-2011-1095)\n\n - Unprivileged users could read the NIS shadow database.\n (CVE-2010-0015)\n\n - Don't search the current directory if $ORIGIN is in RPATH of libraries called by setuid binaries.\n (CVE-2011-0536) The update also includes fixes for non-security bugs. Please refer to the package changelog for details.", "cvss3": {}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : glibc (SAT Patch Number 4572)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0015", "CVE-2011-0536", "CVE-2011-1071", "CVE-2011-1095"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:glibc", "p-cpe:/a:novell:suse_linux:11:glibc-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-devel", "p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-html", "p-cpe:/a:novell:suse_linux:11:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:11:glibc-info", "p-cpe:/a:novell:suse_linux:11:glibc-locale", "p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-profile", "p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit", "p-cpe:/a:novell:suse_linux:11:nscd", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_GLIBC-110517.NASL", "href": "https://www.tenable.com/plugins/nessus/57106", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57106);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-0015\", \"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\");\n\n script_name(english:\"SuSE 11.1 Security Update : glibc (SAT Patch Number 4572)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues found in glibc :\n\n - Specially crafted input to the fnmatch function could\n cause an integer overflow. (CVE-2011-1071)\n\n - The output of the 'locale' command was not properly\n quoted. (CVE-2011-1095)\n\n - Unprivileged users could read the NIS shadow database.\n (CVE-2010-0015)\n\n - Don't search the current directory if $ORIGIN is in\n RPATH of libraries called by setuid binaries.\n (CVE-2011-0536) The update also includes fixes for\n non-security bugs. Please refer to the package changelog\n for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=569091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=585879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=625591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=625835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=645303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=647965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=659090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=664541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=666179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=673111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=677787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=678031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=685405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=687510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0536.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1071.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1095.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4572.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-32bit-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-devel-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-html-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-i18ndata-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-info-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-locale-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-profile-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"nscd-2.11.1-0.30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:23:44", "description": "Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.", "cvss3": {}, "published": "2016-08-19T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : glibc vulnerability (SOL09408132)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1071", "CVE-2011-1659"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL09408132.NASL", "href": "https://www.tenable.com/plugins/nessus/93030", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL09408132.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93030);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2011-1071\", \"CVE-2011-1659\");\n script_bugtraq_id(46563, 64464);\n\n script_name(english:\"F5 Networks BIG-IP : glibc vulnerability (SOL09408132)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or\nlibc6) 2.13 and earlier allows context-dependent attackers to cause a\ndenial of service (application crash) via a long UTF8 string that is\nused in an fnmatch call with a crafted pattern argument, a different\nvulnerability than CVE-2011-1071.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K09408132\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL09408132.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL09408132\";\nvmatrix = make_array();\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.2.1-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0-12.1.0\",\"11.4.0-11.6.1\",\"11.2.1\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"10.2.1-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0-12.1.0\",\"11.4.0-11.6.1\",\"11.2.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"10.2.1-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.4.0-11.6.1\",\"11.2.1\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"10.2.1-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0-12.1.0\",\"11.4.0-11.6.1\",\"11.2.1\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"10.2.1-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0-12.1.0\",\"11.4.0-11.6.1\",\"11.2.1\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"10.2.1-10.2.4\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.4.0-11.4.1\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"10.2.1-10.2.4\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.2.1\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.2.1-10.2.4\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.2.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:58:12", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Switch to use malloc when the input line is too long [Orabug 19951108]\n\n - Use a /sys/devices/system/cpu/online for\n _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin)\n\n - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532).\n\n - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, \n\n - Fix patch for integer overflows in *valloc and memalign.\n (CVE-2013-4332, #1011805).\n\n - Fix return code when starting an already started nscd daemon (#979413).\n\n - Fix getnameinfo for many PTR record queries (#1020486).\n\n - Return EINVAL error for negative sizees to getgroups (#995207).\n\n - Fix integer overflows in *valloc and memalign.\n (CVE-2013-4332, #1011805).\n\n - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420).\n\n - Revert incomplete fix for bug #758193.\n\n - Fix _nl_find_msg malloc failure case, and callers (#957089).\n\n - Test on init_fct, not result->__init_fct, after demangling (#816647).\n\n - Don't handle ttl == 0 specially (#929035).\n\n - Fix multibyte character processing crash in regexp (CVE-2013-0242, #951132)\n\n - Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951132)\n\n - Add missing patch to avoid use after free (#816647)\n\n - Fix race in initgroups compat_call (#706571)\n\n - Fix return value from getaddrinfo when servers are down.\n (#758193)\n\n - Fix fseek on wide character streams. Sync's seeking code with RHEL 6 (#835828)\n\n - Call feraiseexcept only if exceptions are not masked (#861871).\n\n - Always demangle function before checking for NULL value.\n (#816647).\n\n - Do not fail in ttyname if /proc is not available (#851450).\n\n - Fix errno for various overflow situations in vfprintf.\n Add missing overflow checks. (#857387)\n\n - Handle failure of _nl_explode_name in all cases (#848481)\n\n - Define the default fuzz factor to 2 to make it easier to manipulate RHEL 5 RPMs on RHEL 6 and newer systems.\n\n - Fix race in intl/* testsuite (#849202)\n\n - Fix out of bounds array access in strto* exposed by 847930 patch.\n\n - Really fix POWER4 strncmp crash (#766832).\n\n - Fix integer overflow leading to buffer overflow in strto* (#847930)\n\n - Fix race in msort/qsort (#843672)\n\n - Fix regression due to 797096 changes (#845952)\n\n - Do not use PT_IEEE_IP ptrace calls (#839572)\n\n - Update ULPs (#837852)\n\n - Fix various transcendentals in non-default rounding modes (#837852)\n\n - Fix unbound alloca in vfprintf (#826947)\n\n - Fix iconv segfault if the invalid multibyte character 0xffff is input when converting from IBM930. (#823905)\n\n - Fix fnmatch when '*' wildcard is applied on a file name containing multibyte chars. (#819430)\n\n - Fix unbound allocas use in glob_in_dir, getaddrinfo and others. (#797096)\n\n - Fix segfault when running ld.so --verify on some DSO's in current working directory. (#808342)\n\n - Incorrect initialization order for dynamic loader (#813348)\n\n - Fix return code when stopping already stopped nscd daemon (#678227)\n\n - Remove MAP_32BIT for pthread stack mappings, use MAP_STACK instead (#641094)\n\n - Fix setuid vs sighandler_setxid race (#769852)\n\n - Fix access after end of search string in regex matcher (#757887)\n\n - Fix POWER4 strncmp crash (#766832)\n\n - Fix SC_*CACHE detection for X5670 cpus (#692182)\n\n - Fix parsing IPV6 entries in /etc/resolv.conf (#703239)\n\n - Fix double-free in nss_nis code (#500767)\n\n - Add kernel VDSO support for s390x (#795896)\n\n - Fix race in malloc arena creation and make implementation match documented behaviour (#800240)\n\n - Do not override TTL of CNAME with TTL of its alias (#808014)\n\n - Fix short month names in fi_FI locale #(657266).\n\n - Fix nscd crash for group with large number of members (#788989)\n\n - Fix Slovakia currency (#799853)\n\n - Fix getent malloc failure check (#806403)\n\n - Fix short month names in zh_CN locale (#657588)\n\n - Fix decimal point symbol for Portuguese currency (#710216)\n\n - Avoid integer overflow in sbrk (#767358)\n\n - Avoid race between [,__de]allocate_stack and\n __reclaim_stacks during fork (#738665)\n\n - Fix race between IO_flush_all_lockp & pthread_cancel (#751748)\n\n - Fix memory leak in NIS endgrent (#809325)\n\n - Allow getaddr to accept SCTP socket types in hints (#765710)\n\n - Fix errno handling in vfprintf (#794814)\n\n - Filter out <built-in> when building file lists (#784646).\n\n - Avoid 'nargs' integer overflow which could be used to bypass FORTIFY_SOURCE (#794814)\n\n - Fix currency_symbol for uk_UA (#639000)\n\n - Correct test for detecting cycle during topo sort (#729661)\n\n - Check values from TZ file header (#767688)\n\n - Complete the numeric settings fix (#675259)\n\n - Complete the change for error codes from pthread_create (#707998)\n\n - Truncate time values in Linux futimes when falling back to utime (#758252)\n\n - Update systemtaparches\n\n - Add rules to build libresolv with SSP flags (#756453)\n\n - Fix PLT reference\n\n - Workaround misconfigured system (#702300)\n\n - Update systemtaparches\n\n - Correct cycle detection during dependency sorting (#729661)\n\n - Add gdb hooks (#711924)\n\n - Fix alloca accounting in strxfm and strcoll (#585433)\n\n - Correct cycle detection during dependency sorting (#729661)\n\n - ldd: never run file directly (#531160)\n\n - Implement greedy matching of weekday and month names (#657570)\n\n - Fix incorrect numeric settings (#675259)\n\n - Implement new mode for NIS passwd.adjunct.byname table (#678318)\n\n - Query NIS domain only when needed (#703345)\n\n - Count total processors using sysfs (#706894)\n\n - Translate clone error if necessary (#707998)\n\n - Workaround kernel clobbering robust list (#711531)\n\n - Use correct type when casting d_tag (#599056, CVE-2010-0830)\n\n - Report write error in addmnt even for cached streams (#688980, CVE-2011-1089)\n\n - Don't underestimate length of DST substitution (#694655)\n\n - Don't allocate executable stack when it cannot be allocated in the first 4G (#448011)\n\n - Initialize resolver state in nscd (#676039)\n\n - No cancel signal in unsafe places (#684808)\n\n - Check size of pattern in wide character representation in fnmatch (#681054)\n\n - Avoid too much stack use in fnmatch (#681054, CVE-2011-1071)\n\n - Properly quote output of locale (#625893, CVE-2011-1095)\n\n - Don't leave empty element in rpath when skipping the first element, ignore rpath elements containing non-isolated use of $ORIGIN when privileged (#667974, CVE-2011-0536)\n\n - Fix handling of newline in addmntent (#559579, CVE-2010-0296)\n\n - Don't ignore $ORIGIN in libraries (#670988)\n\n - Fix false assertion (#604796)\n\n - Fix ordering of DSO constructors and destructors (#604796)\n\n - Fix typo (#531576)\n\n - Fix concurrency problem between dl_open and dl_iterate_phdr (#649956)\n\n - Require suid bit on audit objects in privileged programs (#645678, CVE-2010-3856)\n\n - Never expand $ORIGIN in privileged programs (#643819, CVE-2010-3847)\n\n - Add timestamps to nscd logs (#527558)\n\n - Fix index wraparound handling in memusage (#531576)\n\n - Handle running out of buffer space with IPv6 mapping enabled (#533367)\n\n - Don't deadlock in __dl_iterate_phdr while (un)loading objects (#549813)\n\n - Avoid alloca in setenv for long strings (#559974)\n\n - Recognize POWER7 and ISA 2.06 (#563563)\n\n - Add support for AT_BASE_PLATFORM (#563599)\n\n - Restore locking in free_check (#585674)\n\n - Fix lookup of collation sequence value during regexp matching (#587360)\n\n - Fix POWER6 memcpy/memset (#579011)\n\n - Fix scope handling during dl_close (#593675)\n\n - Enable -fasynchronous-unwind-tables throughout (#593047)\n\n - Fix crash when aio thread creation fails (#566712)", "cvss3": {}, "published": "2015-02-02T00:00:00", "type": "nessus", "title": "OracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0296", "CVE-2010-0830", "CVE-2010-3847", "CVE-2010-3856", "CVE-2011-0536", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4332", "CVE-2014-0475", "CVE-2014-5119", "CVE-2015-0235"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:glibc", "p-cpe:/a:oracle:vm:glibc-common", "p-cpe:/a:oracle:vm:nscd", "cpe:/o:oracle:vm_server:3.2"], "id": "ORACLEVM_OVMSA-2015-0023.NASL", "href": "https://www.tenable.com/plugins/nessus/81118", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0023.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81118);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2010-3847\", \"CVE-2010-3856\", \"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2013-0242\", \"CVE-2013-1914\", \"CVE-2013-4332\", \"CVE-2014-0475\", \"CVE-2014-5119\", \"CVE-2015-0235\");\n script_bugtraq_id(40063, 44154, 44347, 46563, 46740, 47370, 57638, 58839, 62324, 64465, 68505, 68983, 69738, 72325);\n\n script_name(english:\"OracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Switch to use malloc when the input line is too long\n [Orabug 19951108]\n\n - Use a /sys/devices/system/cpu/online for\n _SC_NPROCESSORS_ONLN implementation [Orabug 17642251]\n (Joe Jin)\n\n - Fix parsing of numeric hosts in gethostbyname_r\n (CVE-2015-0235, #1183532).\n\n - Remove gconv transliteration loadable modules support\n (CVE-2014-5119, - _nl_find_locale: Improve handling of\n crafted locale names (CVE-2014-0475, \n\n - Fix patch for integer overflows in *valloc and memalign.\n (CVE-2013-4332, #1011805).\n\n - Fix return code when starting an already started nscd\n daemon (#979413).\n\n - Fix getnameinfo for many PTR record queries (#1020486).\n\n - Return EINVAL error for negative sizees to getgroups\n (#995207).\n\n - Fix integer overflows in *valloc and memalign.\n (CVE-2013-4332, #1011805).\n\n - Add support for newer L3 caches on x86-64 and correctly\n count the number of hardware threads sharing a cacheline\n (#1003420).\n\n - Revert incomplete fix for bug #758193.\n\n - Fix _nl_find_msg malloc failure case, and callers\n (#957089).\n\n - Test on init_fct, not result->__init_fct, after\n demangling (#816647).\n\n - Don't handle ttl == 0 specially (#929035).\n\n - Fix multibyte character processing crash in regexp\n (CVE-2013-0242, #951132)\n\n - Fix getaddrinfo stack overflow resulting in application\n crash (CVE-2013-1914, #951132)\n\n - Add missing patch to avoid use after free (#816647)\n\n - Fix race in initgroups compat_call (#706571)\n\n - Fix return value from getaddrinfo when servers are down.\n (#758193)\n\n - Fix fseek on wide character streams. Sync's seeking code\n with RHEL 6 (#835828)\n\n - Call feraiseexcept only if exceptions are not masked\n (#861871).\n\n - Always demangle function before checking for NULL value.\n (#816647).\n\n - Do not fail in ttyname if /proc is not available\n (#851450).\n\n - Fix errno for various overflow situations in vfprintf.\n Add missing overflow checks. (#857387)\n\n - Handle failure of _nl_explode_name in all cases\n (#848481)\n\n - Define the default fuzz factor to 2 to make it easier to\n manipulate RHEL 5 RPMs on RHEL 6 and newer systems.\n\n - Fix race in intl/* testsuite (#849202)\n\n - Fix out of bounds array access in strto* exposed by\n 847930 patch.\n\n - Really fix POWER4 strncmp crash (#766832).\n\n - Fix integer overflow leading to buffer overflow in\n strto* (#847930)\n\n - Fix race in msort/qsort (#843672)\n\n - Fix regression due to 797096 changes (#845952)\n\n - Do not use PT_IEEE_IP ptrace calls (#839572)\n\n - Update ULPs (#837852)\n\n - Fix various transcendentals in non-default rounding\n modes (#837852)\n\n - Fix unbound alloca in vfprintf (#826947)\n\n - Fix iconv segfault if the invalid multibyte character\n 0xffff is input when converting from IBM930. (#823905)\n\n - Fix fnmatch when '*' wildcard is applied on a file name\n containing multibyte chars. (#819430)\n\n - Fix unbound allocas use in glob_in_dir, getaddrinfo and\n others. (#797096)\n\n - Fix segfault when running ld.so --verify on some DSO's\n in current working directory. (#808342)\n\n - Incorrect initialization order for dynamic loader\n (#813348)\n\n - Fix return code when stopping already stopped nscd\n daemon (#678227)\n\n - Remove MAP_32BIT for pthread stack mappings, use\n MAP_STACK instead (#641094)\n\n - Fix setuid vs sighandler_setxid race (#769852)\n\n - Fix access after end of search string in regex matcher\n (#757887)\n\n - Fix POWER4 strncmp crash (#766832)\n\n - Fix SC_*CACHE detection for X5670 cpus (#692182)\n\n - Fix parsing IPV6 entries in /etc/resolv.conf (#703239)\n\n - Fix double-free in nss_nis code (#500767)\n\n - Add kernel VDSO support for s390x (#795896)\n\n - Fix race in malloc arena creation and make\n implementation match documented behaviour (#800240)\n\n - Do not override TTL of CNAME with TTL of its alias\n (#808014)\n\n - Fix short month names in fi_FI locale #(657266).\n\n - Fix nscd crash for group with large number of members\n (#788989)\n\n - Fix Slovakia currency (#799853)\n\n - Fix getent malloc failure check (#806403)\n\n - Fix short month names in zh_CN locale (#657588)\n\n - Fix decimal point symbol for Portuguese currency\n (#710216)\n\n - Avoid integer overflow in sbrk (#767358)\n\n - Avoid race between [,__de]allocate_stack and\n __reclaim_stacks during fork (#738665)\n\n - Fix race between IO_flush_all_lockp & pthread_cancel\n (#751748)\n\n - Fix memory leak in NIS endgrent (#809325)\n\n - Allow getaddr to accept SCTP socket types in hints\n (#765710)\n\n - Fix errno handling in vfprintf (#794814)\n\n - Filter out <built-in> when building file lists\n (#784646).\n\n - Avoid 'nargs' integer overflow which could be used to\n bypass FORTIFY_SOURCE (#794814)\n\n - Fix currency_symbol for uk_UA (#639000)\n\n - Correct test for detecting cycle during topo sort\n (#729661)\n\n - Check values from TZ file header (#767688)\n\n - Complete the numeric settings fix (#675259)\n\n - Complete the change for error codes from pthread_create\n (#707998)\n\n - Truncate time values in Linux futimes when falling back\n to utime (#758252)\n\n - Update systemtaparches\n\n - Add rules to build libresolv with SSP flags (#756453)\n\n - Fix PLT reference\n\n - Workaround misconfigured system (#702300)\n\n - Update systemtaparches\n\n - Correct cycle detection during dependency sorting\n (#729661)\n\n - Add gdb hooks (#711924)\n\n - Fix alloca accounting in strxfm and strcoll (#585433)\n\n - Correct cycle detection during dependency sorting\n (#729661)\n\n - ldd: never run file directly (#531160)\n\n - Implement greedy matching of weekday and month names\n (#657570)\n\n - Fix incorrect numeric settings (#675259)\n\n - Implement new mode for NIS passwd.adjunct.byname table\n (#678318)\n\n - Query NIS domain only when needed (#703345)\n\n - Count total processors using sysfs (#706894)\n\n - Translate clone error if necessary (#707998)\n\n - Workaround kernel clobbering robust list (#711531)\n\n - Use correct type when casting d_tag (#599056,\n CVE-2010-0830)\n\n - Report write error in addmnt even for cached streams\n (#688980, CVE-2011-1089)\n\n - Don't underestimate length of DST substitution (#694655)\n\n - Don't allocate executable stack when it cannot be\n allocated in the first 4G (#448011)\n\n - Initialize resolver state in nscd (#676039)\n\n - No cancel signal in unsafe places (#684808)\n\n - Check size of pattern in wide character representation\n in fnmatch (#681054)\n\n - Avoid too much stack use in fnmatch (#681054,\n CVE-2011-1071)\n\n - Properly quote output of locale (#625893, CVE-2011-1095)\n\n - Don't leave empty element in rpath when skipping the\n first element, ignore rpath elements containing\n non-isolated use of $ORIGIN when privileged (#667974,\n CVE-2011-0536)\n\n - Fix handling of newline in addmntent (#559579,\n CVE-2010-0296)\n\n - Don't ignore $ORIGIN in libraries (#670988)\n\n - Fix false assertion (#604796)\n\n - Fix ordering of DSO constructors and destructors\n (#604796)\n\n - Fix typo (#531576)\n\n - Fix concurrency problem between dl_open and\n dl_iterate_phdr (#649956)\n\n - Require suid bit on audit objects in privileged programs\n (#645678, CVE-2010-3856)\n\n - Never expand $ORIGIN in privileged programs (#643819,\n CVE-2010-3847)\n\n - Add timestamps to nscd logs (#527558)\n\n - Fix index wraparound handling in memusage (#531576)\n\n - Handle running out of buffer space with IPv6 mapping\n enabled (#533367)\n\n - Don't deadlock in __dl_iterate_phdr while (un)loading\n objects (#549813)\n\n - Avoid alloca in setenv for long strings (#559974)\n\n - Recognize POWER7 and ISA 2.06 (#563563)\n\n - Add support for AT_BASE_PLATFORM (#563599)\n\n - Restore locking in free_check (#585674)\n\n - Fix lookup of collation sequence value during regexp\n matching (#587360)\n\n - Fix POWER6 memcpy/memset (#579011)\n\n - Fix scope handling during dl_close (#593675)\n\n - Enable -fasynchronous-unwind-tables throughout (#593047)\n\n - Fix crash when aio thread creation fails (#566712)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2015-January/000260.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?acafac78\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc / glibc-common / nscd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/02\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.2\", reference:\"glibc-2.5-123.0.1.el5_11.1\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"glibc-common-2.5-123.0.1.el5_11.1\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"nscd-2.5-123.0.1.el5_11.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / nscd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T16:45:53", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1526 advisory.\n\n - ** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc. (CVE-2009-5064)\n\n - The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. (CVE-2011-1089)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : glibc (ELSA-2011-1526)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5064", "CVE-2010-0296", "CVE-2011-1089"], "modified": "2023-09-07T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-static", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nscd"], "id": "ORACLELINUX_ELSA-2011-1526.NASL", "href": "https://www.tenable.com/plugins/nessus/181065", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2011-1526.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(181065);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\"CVE-2009-5064\", \"CVE-2011-1089\");\n\n script_name(english:\"Oracle Linux 6 : glibc (ELSA-2011-1526)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2011-1526 advisory.\n\n - ** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain\n privileges via a Trojan horse executable file linked with a modified loader that omits certain\n LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states This is just nonsense. There are a\n gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in\n appropriate directories or set LD_LIBRARY_PATH etc. (CVE-2009-5064)\n\n - The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error\n status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to\n trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value,\n a different vulnerability than CVE-2010-0296. (CVE-2011-1089)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2011-1526.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-5064\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'glibc-2.12-1.47.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-common-2.12-1.47.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-2.12-1.47.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-headers-2.12-1.47.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-static-2.12-1.47.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-utils-2.12-1.47.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nscd-2.12-1.47.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-2.12-1.47.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-common-2.12-1.47.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-2.12-1.47.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-headers-2.12-1.47.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-static-2.12-1.47.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-utils-2.12-1.47.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nscd-2.12-1.47.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc / glibc-common / glibc-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:11:40", "description": "USN-1009-1 fixed vulnerabilities in the GNU C library. Colin Watson discovered that the fixes were incomplete and introduced flaws with setuid programs loading libraries that used dynamic string tokens in their RPATH. If the 'man' program was installed setuid, a local attacker could exploit this to gain 'man' user privileges, potentially leading to further privilege escalations. Default Ubuntu installations were not affected.\n\nTavis Ormandy discovered multiple flaws in the GNU C Library's handling of the LD_AUDIT environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges. (CVE-2010-3847, CVE-2010-3856).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-01-12T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : eglibc, glibc vulnerability (USN-1009-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3847", "CVE-2010-3856", "CVE-2011-0536"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:eglibc-source", "p-cpe:/a:canonical:ubuntu_linux:glibc-doc", "p-cpe:/a:canonical:ubuntu_linux:glibc-source", "p-cpe:/a:canonical:ubuntu_linux:libc-bin", "p-cpe:/a:canonical:ubuntu_linux:libc-dev-bin", "p-cpe:/a:canonical:ubuntu_linux:libc6", "p-cpe:/a:canonical:ubuntu_linux:libc6-amd64", "p-cpe:/a:canonical:ubuntu_linux:libc6-dbg", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev-amd64", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev-i386", "p-cpe:/a:canonical:ubuntu_linux:libc6-i386", "p-cpe:/a:canonical:ubuntu_linux:libc6-i686", "p-cpe:/a:canonical:ubuntu_linux:libc6-pic", "p-cpe:/a:canonical:ubuntu_linux:libc6-prof", "p-cpe:/a:canonical:ubuntu_linux:libc6-xen", "p-cpe:/a:canonical:ubuntu_linux:nscd", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-1009-2.NASL", "href": "https://www.tenable.com/plugins/nessus/51501", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1009-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51501);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-3847\", \"CVE-2010-3856\", \"CVE-2011-0536\");\n script_bugtraq_id(44154, 44347);\n script_xref(name:\"USN\", value:\"1009-2\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : eglibc, glibc vulnerability (USN-1009-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1009-1 fixed vulnerabilities in the GNU C library. Colin Watson\ndiscovered that the fixes were incomplete and introduced flaws with\nsetuid programs loading libraries that used dynamic string tokens in\ntheir RPATH. If the 'man' program was installed setuid, a local\nattacker could exploit this to gain 'man' user privileges, potentially\nleading to further privilege escalations. Default Ubuntu installations\nwere not affected.\n\nTavis Ormandy discovered multiple flaws in the GNU C Library's\nhandling of the LD_AUDIT environment variable when running a\nprivileged binary. A local attacker could exploit this to gain root\nprivileges. (CVE-2010-3847, CVE-2010-3856).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1009-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:eglibc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:glibc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc-dev-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-pic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-prof\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"glibc-doc\", pkgver:\"2.7-10ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"glibc-source\", pkgver:\"2.7-10ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6\", pkgver:\"2.7-10ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-amd64\", pkgver:\"2.7-10ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-dbg\", pkgver:\"2.7-10ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-dev\", pkgver:\"2.7-10ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-dev-amd64\", pkgver:\"2.7-10ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-dev-i386\", pkgver:\"2.7-10ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-i386\", pkgver:\"2.7-10ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-i686\", pkgver:\"2.7-10ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-pic\", pkgver:\"2.7-10ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-prof\", pkgver:\"2.7-10ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-xen\", pkgver:\"2.7-10ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"nscd\", pkgver:\"2.7-10ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"eglibc-source\", pkgver:\"2.10.1-0ubuntu19\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"glibc-doc\", pkgver:\"2.10.1-0ubuntu19\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc-bin\", pkgver:\"2.10.1-0ubuntu19\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc-dev-bin\", pkgver:\"2.10.1-0ubuntu19\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6\", pkgver:\"2.10.1-0ubuntu19\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-amd64\", pkgver:\"2.10.1-0ubuntu19\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-dbg\", pkgver:\"2.10.1-0ubuntu19\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-dev\", pkgver:\"2.10.1-0ubuntu19\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-dev-amd64\", pkgver:\"2.10.1-0ubuntu19\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-dev-i386\", pkgver:\"2.10.1-0ubuntu19\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-i386\", pkgver:\"2.10.1-0ubuntu19\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-i686\", pkgver:\"2.10.1-0ubuntu19\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-pic\", pkgver:\"2.10.1-0ubuntu19\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-prof\", pkgver:\"2.10.1-0ubuntu19\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-xen\", pkgver:\"2.10.1-0ubuntu19\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"nscd\", pkgver:\"2.10.1-0ubuntu19\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"eglibc-source\", pkgver:\"2.11.1-0ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"glibc-doc\", pkgver:\"2.11.1-0ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc-bin\", pkgver:\"2.11.1-0ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc-dev-bin\", pkgver:\"2.11.1-0ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6\", pkgver:\"2.11.1-0ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-amd64\", pkgver:\"2.11.1-0ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-dbg\", pkgver:\"2.11.1-0ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-dev\", pkgver:\"2.11.1-0ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-dev-amd64\", pkgver:\"2.11.1-0ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-dev-i386\", pkgver:\"2.11.1-0ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-i386\", pkgver:\"2.11.1-0ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-i686\", pkgver:\"2.11.1-0ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-pic\", pkgver:\"2.11.1-0ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-prof\", pkgver:\"2.11.1-0ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-xen\", pkgver:\"2.11.1-0ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"nscd\", pkgver:\"2.11.1-0ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"eglibc-source\", pkgver:\"2.12.1-0ubuntu10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"glibc-doc\", pkgver:\"2.12.1-0ubuntu10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc-bin\", pkgver:\"2.12.1-0ubuntu10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc-dev-bin\", pkgver:\"2.12.1-0ubuntu10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6\", pkgver:\"2.12.1-0ubuntu10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6-amd64\", pkgver:\"2.12.1-0ubuntu10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6-dbg\", pkgver:\"2.12.1-0ubuntu10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6-dev\", pkgver:\"2.12.1-0ubuntu10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6-dev-amd64\", pkgver:\"2.12.1-0ubuntu10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6-dev-i386\", pkgver:\"2.12.1-0ubuntu10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6-i386\", pkgver:\"2.12.1-0ubuntu10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6-pic\", pkgver:\"2.12.1-0ubuntu10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6-prof\", pkgver:\"2.12.1-0ubuntu10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6-xen\", pkgver:\"2.12.1-0ubuntu10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"nscd\", pkgver:\"2.12.1-0ubuntu10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"eglibc-source / glibc-doc / glibc-source / libc-bin / libc-dev-bin / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:38:33", "description": "Tavis Ormandy discovered multiple flaws in the GNU C Library's handling of the LD_AUDIT environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges. (CVE-2010-3847, CVE-2010-3856).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-10-24T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : glibc, eglibc vulnerabilities (USN-1009-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3847", "CVE-2010-3856", "CVE-2011-0536"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:eglibc-source", "p-cpe:/a:canonical:ubuntu_linux:glibc-doc", "p-cpe:/a:canonical:ubuntu_linux:glibc-source", "p-cpe:/a:canonical:ubuntu_linux:libc-bin", "p-cpe:/a:canonical:ubuntu_linux:libc-dev-bin", "p-cpe:/a:canonical:ubuntu_linux:libc6", "p-cpe:/a:canonical:ubuntu_linux:libc6-amd64", "p-cpe:/a:canonical:ubuntu_linux:libc6-dbg", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev-amd64", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev-i386", "p-cpe:/a:canonical:ubuntu_linux:libc6-i386", "p-cpe:/a:canonical:ubuntu_linux:libc6-i686", "p-cpe:/a:canonical:ubuntu_linux:libc6-pic", "p-cpe:/a:canonical:ubuntu_linux:libc6-prof", "p-cpe:/a:canonical:ubuntu_linux:libc6-xen", "p-cpe:/a:canonical:ubuntu_linux:nscd", "cpe:/o:canonical:ubuntu_linux:9.10", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.04"], "id": "UBUNTU_USN-1009-1.NASL", "href": "https://www.tenable.com/plugins/nessus/50318", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1009-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50318);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-3847\", \"CVE-2010-3856\", \"CVE-2011-0536\");\n script_bugtraq_id(44154, 44347);\n script_xref(name:\"USN\", value:\"1009-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : glibc, eglibc vulnerabilities (USN-1009-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tavis Ormandy discovered multiple flaws in the GNU C Library's\nhandling of the LD_AUDIT environment variable when running a\nprivileged binary. A local attacker could exploit this to gain root\nprivileges. (CVE-2010-3847, CVE-2010-3856).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1009-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:eglibc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:glibc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc-dev-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-pic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-prof\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|9\\.04|9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 9.04 / 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"glibc-doc\", pkgver:\"2.7-10ubuntu7\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"glibc-source\", pkgver:\"2.7-10ubuntu7\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6\", pkgver:\"2.7-10ubuntu7\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-amd64\", pkgver:\"2.7-10ubuntu7\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-dbg\", pkgver:\"2.7-10ubuntu7\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-dev\", pkgver:\"2.7-10ubuntu7\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-dev-amd64\", pkgver:\"2.7-10ubuntu7\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-dev-i386\", pkgver:\"2.7-10ubuntu7\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-i386\", pkgver:\"2.7-10ubuntu7\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-i686\", pkgver:\"2.7-10ubuntu7\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-pic\", pkgver:\"2.7-10ubuntu7\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-prof\", pkgver:\"2.7-10ubuntu7\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6-xen\", pkgver:\"2.7-10ubuntu7\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"nscd\", pkgver:\"2.7-10ubuntu7\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"glibc-doc\", pkgver:\"2.9-4ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"glibc-source\", pkgver:\"2.9-4ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6\", pkgver:\"2.9-4ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-amd64\", pkgver:\"2.9-4ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-dbg\", pkgver:\"2.9-4ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-dev\", pkgver:\"2.9-4ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-dev-amd64\", pkgver:\"2.9-4ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-dev-i386\", pkgver:\"2.9-4ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-i386\", pkgver:\"2.9-4ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-i686\", pkgver:\"2.9-4ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-pic\", pkgver:\"2.9-4ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-prof\", pkgver:\"2.9-4ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libc6-xen\", pkgver:\"2.9-4ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"nscd\", pkgver:\"2.9-4ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"eglibc-source\", pkgver:\"2.10.1-0ubuntu18\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"glibc-doc\", pkgver:\"2.10.1-0ubuntu18\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc-bin\", pkgver:\"2.10.1-0ubuntu18\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc-dev-bin\", pkgver:\"2.10.1-0ubuntu18\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6\", pkgver:\"2.10.1-0ubuntu18\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-amd64\", pkgver:\"2.10.1-0ubuntu18\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-dbg\", pkgver:\"2.10.1-0ubuntu18\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-dev\", pkgver:\"2.10.1-0ubuntu18\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-dev-amd64\", pkgver:\"2.10.1-0ubuntu18\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-dev-i386\", pkgver:\"2.10.1-0ubuntu18\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-i386\", pkgver:\"2.10.1-0ubuntu18\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-i686\", pkgver:\"2.10.1-0ubuntu18\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-pic\", pkgver:\"2.10.1-0ubuntu18\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-prof\", pkgver:\"2.10.1-0ubuntu18\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libc6-xen\", pkgver:\"2.10.1-0ubuntu18\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"nscd\", pkgver:\"2.10.1-0ubuntu18\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"eglibc-source\", pkgver:\"2.11.1-0ubuntu7.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"glibc-doc\", pkgver:\"2.11.1-0ubuntu7.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc-bin\", pkgver:\"2.11.1-0ubuntu7.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc-dev-bin\", pkgver:\"2.11.1-0ubuntu7.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6\", pkgver:\"2.11.1-0ubuntu7.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-amd64\", pkgver:\"2.11.1-0ubuntu7.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-dbg\", pkgver:\"2.11.1-0ubuntu7.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-dev\", pkgver:\"2.11.1-0ubuntu7.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-dev-amd64\", pkgver:\"2.11.1-0ubuntu7.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-dev-i386\", pkgver:\"2.11.1-0ubuntu7.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-i386\", pkgver:\"2.11.1-0ubuntu7.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-i686\", pkgver:\"2.11.1-0ubuntu7.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-pic\", pkgver:\"2.11.1-0ubuntu7.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-prof\", pkgver:\"2.11.1-0ubuntu7.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6-xen\", pkgver:\"2.11.1-0ubuntu7.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"nscd\", pkgver:\"2.11.1-0ubuntu7.5\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"eglibc-source\", pkgver:\"2.12.1-0ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"glibc-doc\", pkgver:\"2.12.1-0ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc-bin\", pkgver:\"2.12.1-0ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc-dev-bin\", pkgver:\"2.12.1-0ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6\", pkgver:\"2.12.1-0ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6-amd64\", pkgver:\"2.12.1-0ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6-dbg\", pkgver:\"2.12.1-0ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6-dev\", pkgver:\"2.12.1-0ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6-dev-amd64\", pkgver:\"2.12.1-0ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6-dev-i386\", pkgver:\"2.12.1-0ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6-i386\", pkgver:\"2.12.1-0ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6-pic\", pkgver:\"2.12.1-0ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6-prof\", pkgver:\"2.12.1-0ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6-xen\", pkgver:\"2.12.1-0ubuntu8\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"nscd\", pkgver:\"2.12.1-0ubuntu8\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"eglibc-source / glibc-doc / glibc-source / libc-bin / libc-dev-bin / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:40:42", "description": "It was discovered that the GNU C Library did not properly handle integer overflows in the timezone handling code. An attacker could use this to possibly execute arbitrary code by convincing an application to load a maliciously constructed tzfile. (CVE-2009-5029)\n\nIt was discovered that the GNU C Library did not properly handle passwd.adjunct.byname map entries in the Network Information Service (NIS) code in the name service caching daemon (nscd). An attacker could use this to obtain the encrypted passwords of NIS accounts. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-0015)\n\nChris Evans reported that the GNU C Library did not properly calculate the amount of memory to allocate in the fnmatch() code. An attacker could use this to cause a denial of service or possibly execute arbitrary code via a maliciously crafted UTF-8 string. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 10.10.\n(CVE-2011-1071)\n\nTomas Hoger reported that an additional integer overflow was possible in the GNU C Library fnmatch() code. An attacker could use this to cause a denial of service via a maliciously crafted UTF-8 string. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1659)\n\nDan Rosenberg discovered that the addmntent() function in the GNU C Library did not report an error status for failed attempts to write to the /etc/mtab file. This could allow an attacker to corrupt /etc/mtab, possibly causing a denial of service or otherwise manipulate mount options. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1089)\n\nHarald van Dijk discovered that the locale program included with the GNU C library did not properly quote its output. This could allow a local attacker to possibly execute arbitrary code using a crafted localization string that was evaluated in a shell script. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 10.10.\n(CVE-2011-1095)\n\nIt was discovered that the GNU C library loader expanded the $ORIGIN dynamic string token when RPATH is composed entirely of this token.\nThis could allow an attacker to gain privilege via a setuid program that had this RPATH value. (CVE-2011-1658)\n\nIt was discovered that the GNU C library implementation of memcpy optimized for Supplemental Streaming SIMD Extensions 3 (SSSE3) contained a possible integer overflow. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. (CVE-2011-2702)\n\nJohn Zimmerman discovered that the Remote Procedure Call (RPC) implementation in the GNU C Library did not properly handle large numbers of connections. This could allow a remote attacker to cause a denial of service. (CVE-2011-4609)\n\nIt was discovered that the GNU C Library vfprintf() implementation contained a possible integer overflow in the format string protection code offered by FORTIFY_SOURCE. An attacker could use this flaw in conjunction with a format string vulnerability to bypass the format string protection and possibly execute arbitrary code. (CVE-2012-0864).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-03-12T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : eglibc, glibc vulnerabilities (USN-1396-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5029", "CVE-2010-0015", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2011-1658", "CVE-2011-1659", "CVE-2011-2702", "CVE-2011-4609", "CVE-2012-0864"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libc-bin", "p-cpe:/a:canonical:ubuntu_linux:libc6", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1396-1.NASL", "href": "https://www.tenable.com/plugins/nessus/58318", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1396-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58318);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2010-0015\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1658\", \"CVE-2011-1659\", \"CVE-2011-2702\", \"CVE-2011-4609\", \"CVE-2012-0864\");\n script_bugtraq_id(37885, 46563, 46740, 47370, 50898, 51439, 52201);\n script_xref(name:\"USN\", value:\"1396-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : eglibc, glibc vulnerabilities (USN-1396-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the GNU C Library did not properly handle\ninteger overflows in the timezone handling code. An attacker could use\nthis to possibly execute arbitrary code by convincing an application\nto load a maliciously constructed tzfile. (CVE-2009-5029)\n\nIt was discovered that the GNU C Library did not properly handle\npasswd.adjunct.byname map entries in the Network Information Service\n(NIS) code in the name service caching daemon (nscd). An attacker\ncould use this to obtain the encrypted passwords of NIS accounts. This\nissue only affected Ubuntu 8.04 LTS. (CVE-2010-0015)\n\nChris Evans reported that the GNU C Library did not properly calculate\nthe amount of memory to allocate in the fnmatch() code. An attacker\ncould use this to cause a denial of service or possibly execute\narbitrary code via a maliciously crafted UTF-8 string. This issue only\naffected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 10.10.\n(CVE-2011-1071)\n\nTomas Hoger reported that an additional integer overflow was possible\nin the GNU C Library fnmatch() code. An attacker could use this to\ncause a denial of service via a maliciously crafted UTF-8 string. This\nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\nand Ubuntu 11.04. (CVE-2011-1659)\n\nDan Rosenberg discovered that the addmntent() function in the GNU C\nLibrary did not report an error status for failed attempts to write to\nthe /etc/mtab file. This could allow an attacker to corrupt /etc/mtab,\npossibly causing a denial of service or otherwise manipulate mount\noptions. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS,\nUbuntu 10.10 and Ubuntu 11.04. (CVE-2011-1089)\n\nHarald van Dijk discovered that the locale program included with the\nGNU C library did not properly quote its output. This could allow a\nlocal attacker to possibly execute arbitrary code using a crafted\nlocalization string that was evaluated in a shell script. This issue\nonly affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 10.10.\n(CVE-2011-1095)\n\nIt was discovered that the GNU C library loader expanded the $ORIGIN\ndynamic string token when RPATH is composed entirely of this token.\nThis could allow an attacker to gain privilege via a setuid program\nthat had this RPATH value. (CVE-2011-1658)\n\nIt was discovered that the GNU C library implementation of memcpy\noptimized for Supplemental Streaming SIMD Extensions 3 (SSSE3)\ncontained a possible integer overflow. An attacker could use this to\ncause a denial of service or possibly execute arbitrary code. This\nissue only affected Ubuntu 10.04 LTS. (CVE-2011-2702)\n\nJohn Zimmerman discovered that the Remote Procedure Call (RPC)\nimplementation in the GNU C Library did not properly handle large\nnumbers of connections. This could allow a remote attacker to cause a\ndenial of service. (CVE-2011-4609)\n\nIt was discovered that the GNU C Library vfprintf() implementation\ncontained a possible integer overflow in the format string protection\ncode offered by FORTIFY_SOURCE. An attacker could use this flaw in\nconjunction with a format string vulnerability to bypass the format\nstring protection and possibly execute arbitrary code. (CVE-2012-0864).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1396-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libc-bin and / or libc6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libc6\", pkgver:\"2.7-10ubuntu8.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc-bin\", pkgver:\"2.11.1-0ubuntu7.10\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6\", pkgver:\"2.11.1-0ubuntu7.10\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc-bin\", pkgver:\"2.12.1-0ubuntu10.4\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libc6\", pkgver:\"2.12.1-0ubuntu10.4\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libc6\", pkgver:\"2.13-0ubuntu13.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libc6\", pkgver:\"2.13-20ubuntu5.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libc-bin / libc6\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:21:48", "description": "The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a 'stack extension attack,' a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome. (CVE-2011-1071)", "cvss3": {}, "published": "2014-11-28T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : GNU C Library vulnerability (SOL15885)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4782", "CVE-2010-1917", "CVE-2010-2898", "CVE-2011-1071"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL15885.NASL", "href": "https://www.tenable.com/plugins/nessus/79606", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL15885.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79606);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2007-4782\", \"CVE-2010-1917\", \"CVE-2010-2898\", \"CVE-2011-1071\");\n script_bugtraq_id(26403, 41991, 46563);\n\n script_name(english:\"F5 Networks BIG-IP : GNU C Library vulnerability (SOL15885)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded\nGLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary\ncode or cause a denial of service (memory consumption) via a long UTF8\nstring that is used in an fnmatch call, aka a 'stack extension\nattack,' a related issue to CVE-2010-2898, CVE-2010-1917, and\nCVE-2007-4782, as originally reported for use of this library by\nGoogle Chrome. (CVE-2011-1071)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K15885\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL15885.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL15885\";\nvmatrix = make_array();\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"11.0.0-11.6.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"11.0.0-11.6.0\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.0.0-11.6.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"11.0.0-11.6.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"11.0.0-11.6.0\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.0.0-11.4.1\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.0.0-11.3.0\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.0.0-11.3.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:38:34", "description": "This update of glibc fixes various bugs and security issues :\n\nCVE-2010-3847: Decoding of the $ORIGIN special value in various LD_ environment variables allowed local attackers to execute code in context of e.g. setuid root programs, elevating privileges. This issue does not affect SUSE as an assertion triggers before the respective code is executed. The bug was fixed nevertheless.\n\nCVE-2010-3856: The LD_AUDIT environment was not pruned during setuid root execution and could load shared libraries from standard system library paths. This could be used by local attackers to inject code into setuid root programs and so elevated privileges.\n\nCVE-2010-0830: Integer overflow causing arbitrary code execution in ld.so\n\n--verify mode could be induced by a specially crafted binary.\n\nCVE-2010-0296: The addmntent() function would not escape the newline character properly, allowing the user to insert arbitrary newlines to the /etc/mtab; if the addmntent() is run by a setuid mount binary that does not do extra input checking, this would allow custom entries to be inserted in /etc/mtab.\n\nCVE-2008-1391: The strfmon() function contains an integer overflow vulnerability in width specifiers handling that could be triggered by an attacker that can control the format string passed to strfmon().", "cvss3": {}, "published": "2010-10-28T00:00:00", "type": "nessus", "title": "openSUSE Security Update : glibc (openSUSE-SU-2010:0913-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1391", "CVE-2010-0296", "CVE-2010-0830", "CVE-2010-3847", "CVE-2010-3856"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:glibc", "p-cpe:/a:novell:opensuse:glibc-32bit", "p-cpe:/a:novell:opensuse:glibc-devel", "p-cpe:/a:novell:opensuse:glibc-devel-32bit", "p-cpe:/a:novell:opensuse:glibc-html", "p-cpe:/a:novell:opensuse:glibc-i18ndata", "p-cpe:/a:novell:opensuse:glibc-info", "p-cpe:/a:novell:opensuse:glibc-locale", "p-cpe:/a:novell:opensuse:glibc-locale-32bit", "p-cpe:/a:novell:opensuse:glibc-obsolete", "p-cpe:/a:novell:opensuse:glibc-profile", "p-cpe:/a:novell:opensuse:glibc-profile-32bit", "p-cpe:/a:novell:opensuse:nscd", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_GLIBC-101027.NASL", "href": "https://www.tenable.com/plugins/nessus/50373", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update glibc-3400.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50373);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1391\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2010-3847\", \"CVE-2010-3856\");\n\n script_name(english:\"openSUSE Security Update : glibc (openSUSE-SU-2010:0913-1)\");\n script_summary(english:\"Check for the glibc-3400 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of glibc fixes various bugs and security issues :\n\nCVE-2010-3847: Decoding of the $ORIGIN special value in various LD_\nenvironment variables allowed local attackers to execute code in\ncontext of e.g. setuid root programs, elevating privileges. This issue\ndoes not affect SUSE as an assertion triggers before the respective\ncode is executed. The bug was fixed nevertheless.\n\nCVE-2010-3856: The LD_AUDIT environment was not pruned during setuid\nroot execution and could load shared libraries from standard system\nlibrary paths. This could be used by local attackers to inject code\ninto setuid root programs and so elevated privileges.\n\nCVE-2010-0830: Integer overflow causing arbitrary code execution in\nld.so\n\n--verify mode could be induced by a specially crafted binary.\n\nCVE-2010-0296: The addmntent() function would not escape the newline\ncharacter properly, allowing the user to insert arbitrary newlines to\nthe /etc/mtab; if the addmntent() is run by a setuid mount binary that\ndoes not do extra input checking, this would allow custom entries to\nbe inserted in /etc/mtab.\n\nCVE-2008-1391: The strfmon() function contains an integer overflow\nvulnerability in width specifiers handling that could be triggered by\nan attacker that can control the format string passed to strfmon().\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=375315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=572188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=592941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=594263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=646960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-10/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"glibc-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"glibc-devel-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"glibc-html-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"glibc-i18ndata-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"glibc-info-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"glibc-locale-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"glibc-obsolete-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"glibc-profile-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"nscd-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"glibc-32bit-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.10.1-10.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.10.1-10.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:49:48", "description": "It was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LD_AUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use this flaw to escalate their privileges. (CVE-2010-3847)", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3847"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20101020_GLIBC_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60874", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60874);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3847\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the glibc dynamic linker/loader did not handle\nthe $ORIGIN dynamic string token set in the LD_AUDIT environment\nvariable securely. A local attacker with write access to a file system\ncontaining setuid or setgid binaries could use this flaw to escalate\ntheir privileges. (CVE-2010-3847)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1010&L=scientific-linux-errata&T=0&P=2516\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?716ff22f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"$ORIGIN\" Expansion Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"glibc-2.5-49.el5_5.6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-common-2.5-49.el5_5.6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-devel-2.5-49.el5_5.6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-headers-2.5-49.el5_5.6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-utils-2.5-49.el5_5.6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nscd-2.5-49.el5_5.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:39:56", "description": "Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nIt was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LD_AUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use this flaw to escalate their privileges. (CVE-2010-3847)\n\nRed Hat would like to thank Tavis Ormandy for reporting this issue.\n\nAll users should upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {}, "published": "2010-10-21T00:00:00", "type": "nessus", "title": "RHEL 5 : glibc (RHSA-2010:0787)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3847"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0787.NASL", "href": "https://www.tenable.com/plugins/nessus/50079", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0787. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50079);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3847\");\n script_bugtraq_id(44154);\n script_xref(name:\"RHSA\", value:\"2010:0787\");\n\n script_name(english:\"RHEL 5 : glibc (RHSA-2010:0787)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nIt was discovered that the glibc dynamic linker/loader did not handle\nthe $ORIGIN dynamic string token set in the LD_AUDIT environment\nvariable securely. A local attacker with write access to a file system\ncontaining setuid or setgid binaries could use this flaw to escalate\ntheir privileges. (CVE-2010-3847)\n\nRed Hat would like to thank Tavis Ormandy for reporting this issue.\n\nAll users should upgrade to these updated packages, which contain a\nbackported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0787\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"$ORIGIN\" Expansion Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0787\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-2.5-49.el5_5.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-common-2.5-49.el5_5.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-common-2.5-49.el5_5.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-common-2.5-49.el5_5.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-devel-2.5-49.el5_5.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-headers-2.5-49.el5_5.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-headers-2.5-49.el5_5.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-headers-2.5-49.el5_5.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-utils-2.5-49.el5_5.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-utils-2.5-49.el5_5.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-utils-2.5-49.el5_5.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nscd-2.5-49.el5_5.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nscd-2.5-49.el5_5.6\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nscd-2.5-49.el5_5.6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T15:27:05", "description": "From Red Hat Security Advisory 2010:0787 :\n\nUpdated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nIt was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LD_AUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use this flaw to escalate their privileges. (CVE-2010-3847)\n\nRed Hat would like to thank Tavis Ormandy for reporting this issue.\n\nAll users should upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : glibc (ELSA-2010-0787)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3847"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2010-0787.NASL", "href": "https://www.tenable.com/plugins/nessus/68123", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0787 and \n# Oracle Linux Security Advisory ELSA-2010-0787 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68123);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3847\");\n script_bugtraq_id(44154);\n script_xref(name:\"RHSA\", value:\"2010:0787\");\n\n script_name(english:\"Oracle Linux 5 : glibc (ELSA-2010-0787)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0787 :\n\nUpdated glibc packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nIt was discovered that the glibc dynamic linker/loader did not handle\nthe $ORIGIN dynamic string token set in the LD_AUDIT environment\nvariable securely. A local attacker with write access to a file system\ncontaining setuid or setgid binaries could use this flaw to escalate\ntheir privileges. (CVE-2010-3847)\n\nRed Hat would like to thank Tavis Ormandy for reporting this issue.\n\nAll users should upgrade to these updated packages, which contain a\nbackported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-October/001703.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"$ORIGIN\" Expansion Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"glibc-2.5-49.el5_5.6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-common-2.5-49.el5_5.6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-devel-2.5-49.el5_5.6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-headers-2.5-49.el5_5.6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-utils-2.5-49.el5_5.6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nscd-2.5-49.el5_5.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:38:43", "description": "- Fix strstr and memmem algorithm (BZ#12092, #641124)\n\n - Fix handling of tail bytes of buffer in SSE2/SSSE3 x86-64 version strncmp (BZ#12077)\n\n - Never expand $ORIGIN in privileged programs (#643306, CVE-2010-3847)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-10-24T00:00:00", "type": "nessus", "title": "Fedora 13 : glibc-2.12.1-3 (2010-16594)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3847"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:glibc", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-16594.NASL", "href": "https://www.tenable.com/plugins/nessus/50312", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16594.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50312);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3847\");\n script_bugtraq_id(44154);\n script_xref(name:\"FEDORA\", value:\"2010-16594\");\n\n script_name(english:\"Fedora 13 : glibc-2.12.1-3 (2010-16594)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix strstr and memmem algorithm (BZ#12092, #641124)\n\n - Fix handling of tail bytes of buffer in SSE2/SSSE3\n x86-64 version strncmp (BZ#12077)\n\n - Never expand $ORIGIN in privileged programs (#643306,\n CVE-2010-3847)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=643306\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049730.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?343d6f52\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"$ORIGIN\" Expansion Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"glibc-2.12.1-3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:37:50", "description": "A vulnerability in the GNU C library (glibc) was discovered which could escalate the privilegies for local users (CVE-2010-3847).\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90\n\nThe updated packages have been patched to correct this issue.", "cvss3": {}, "published": "2010-10-21T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : glibc (MDVSA-2010:207)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3847"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:glibc", "p-cpe:/a:mandriva:linux:glibc-devel", "p-cpe:/a:mandriva:linux:glibc-doc", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.0", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:glibc-doc-pdf", "p-cpe:/a:mandriva:linux:glibc-i18ndata", "p-cpe:/a:mandriva:linux:glibc-profile", "p-cpe:/a:mandriva:linux:glibc-static-devel", "p-cpe:/a:mandriva:linux:glibc-utils", "p-cpe:/a:mandriva:linux:nscd", "cpe:/o:mandriva:linux:2009.0"], "id": "MANDRIVA_MDVSA-2010-207.NASL", "href": "https://www.tenable.com/plugins/nessus/50076", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:207. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50076);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-3847\");\n script_bugtraq_id(44154);\n script_xref(name:\"MDVSA\", value:\"2010:207\");\n\n script_name(english:\"Mandriva Linux Security Advisory : glibc (MDVSA-2010:207)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability in the GNU C library (glibc) was discovered which\ncould escalate the privilegies for local users (CVE-2010-3847).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4\n90\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"$ORIGIN\" Expansion Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"glibc-2.8-1.20080520.5.6mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"glibc-devel-2.8-1.20080520.5.6mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"glibc-doc-2.8-1.20080520.5.6mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"glibc-doc-pdf-2.8-1.20080520.5.6mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"glibc-i18ndata-2.8-1.20080520.5.6mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"glibc-profile-2.8-1.20080520.5.6mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"glibc-static-devel-2.8-1.20080520.5.6mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"glibc-utils-2.8-1.20080520.5.6mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nscd-2.8-1.20080520.5.6mnb2\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"glibc-2.9-0.20081113.5.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"glibc-devel-2.9-0.20081113.5.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"glibc-doc-2.9-0.20081113.5.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"glibc-doc-pdf-2.9-0.20081113.5.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"glibc-i18ndata-2.9-0.20081113.5.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"glibc-profile-2.9-0.20081113.5.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"glibc-static-devel-2.9-0.20081113.5.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"glibc-utils-2.9-0.20081113.5.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"nscd-2.9-0.20081113.5.2mnb2\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"glibc-2.10.1-6.6mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"glibc-devel-2.10.1-6.6mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"glibc-doc-2.10.1-6.6mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"glibc-doc-pdf-2.10.1-6.6mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"glibc-i18ndata-2.10.1-6.6mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"glibc-profile-2.10.1-6.6mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"glibc-static-devel-2.10.1-6.6mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"glibc-utils-2.10.1-6.6mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"nscd-2.10.1-6.6mnb2\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"glibc-2.11.1-8.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"glibc-devel-2.11.1-8.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"glibc-doc-2.11.1-8.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"glibc-doc-pdf-2.11.1-8.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"glibc-i18ndata-2.11.1-8.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"glibc-profile-2.11.1-8.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"glibc-static-devel-2.11.1-8.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"glibc-utils-2.11.1-8.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"nscd-2.11.1-8.1mnb2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:11:07", "description": "This update contains yast2 core changes to change the hash generation of new passwords to the new secure style.\n\nPlease read the general notes below :\n\nThe implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force methods (CVE-2011-2483).\n\nSUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any way? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y\n\n-> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0 <username>\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : yast2-core (openSUSE-SU-2011:0921-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:yast2-core", "p-cpe:/a:novell:opensuse:yast2-core-devel", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_YAST2-CORE-110822.NASL", "href": "https://www.tenable.com/plugins/nessus/75781", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update yast2-core-5028.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75781);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"openSUSE Security Update : yast2-core (openSUSE-SU-2011:0921-2)\");\n script_summary(english:\"Check for the yast2-core-5028 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains yast2 core changes to change the hash generation\nof new passwords to the new secure style.\n\nPlease read the general notes below :\n\nThe implementation of the blowfish based password hashing method had a\nbug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force\nmethods (CVE-2011-2483).\n\nSUSE's crypt() implementation supports the blowfish password hashing\nfunction (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After\ninstalling the update existing $2a hashes therefore no longer match\nhashes generated with the new, correct implementation if the password\ncontains 8bit characters. For system logins via PAM the pam_unix2\nmodule activates a compat mode and keeps processing existing $2a\nhashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously\nidentify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are\nadvised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords\nusing the blowfish hash do not have such a compat mode. That means\nusers with 8bit passwords that use such services will not be able to\nlog in anymore after the update. As workaround administrators may edit\nthe service's password database and change stored hashes from $2a to\n$2x. This will result in crypt() using the old algorithm. Users should\nbe required to change their passwords to make sure they are migrated\nto the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any\nway? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by\ndefault: $2x -> buggy algorithm $2a -> buggy algorithm $2y\n\n-> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0 <username>\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the\npassword database and change the '$2a' prefix of the affected users'\nhashes to '$2x'. They will be able to log in again but should change\ntheir password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set\nBLOWFISH_2a2x=no in /etc/default/passwd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=700876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00038.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected yast2-core packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:yast2-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:yast2-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"yast2-core-2.19.4-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"yast2-core-devel-2.19.4-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"yast2-core\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:40:29", "description": "New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue.", "cvss3": {}, "published": "2010-10-24T00:00:00", "type": "nessus", "title": "Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : glibc (SSA:2010-295-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3847"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:glibc", "p-cpe:/a:slackware:slackware_linux:glibc-i18n", "p-cpe:/a:slackware:slackware_linux:glibc-profile", "p-cpe:/a:slackware:slackware_linux:glibc-solibs", "p-cpe:/a:slackware:slackware_linux:glibc-zoneinfo", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2010-295-01.NASL", "href": "https://www.tenable.com/plugins/nessus/50308", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2010-295-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50308);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3847\");\n script_bugtraq_id(44154);\n script_xref(name:\"SSA\", value:\"2010-295-01\");\n\n script_name(english:\"Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : glibc (SSA:2010-295-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New glibc packages are available for Slackware 12.0, 12.1, 12.2,\n13.0, 13.1, and -current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.1039634\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f05bbac\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"$ORIGIN\" Expansion Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:glibc-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:glibc-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:glibc-zoneinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"glibc\", pkgver:\"2.5\", pkgarch:\"i486\", pkgnum:\"5_slack12.0\")) flag++;\nif (slackware_check(osver:\"12.0\", pkgname:\"glibc-i18n\", pkgver:\"2.5\", pkgarch:\"noarch\", pkgnum:\"5_slack12.0\")) flag++;\nif (slackware_check(osver:\"12.0\", pkgname:\"glibc-profile\", pkgver:\"2.5\", pkgarch:\"i486\", pkgnum:\"5_slack12.0\")) flag++;\nif (slackware_check(osver:\"12.0\", pkgname:\"glibc-solibs\", pkgver:\"2.5\", pkgarch:\"i486\", pkgnum:\"5_slack12.0\")) flag++;\nif (slackware_check(osver:\"12.0\", pkgname:\"glibc-zoneinfo\", pkgver:\"2.5\", pkgarch:\"noarch\", pkgnum:\"5_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"glibc\", pkgver:\"2.7\", pkgarch:\"i486\", pkgnum:\"11_slack12.1\")) flag++;\nif (slackware_check(osver:\"12.1\", pkgname:\"glibc-i18n\", pkgver:\"2.7\", pkgarch:\"noarch\", pkgnum:\"11_slack12.1\")) flag++;\nif (slackware_check(osver:\"12.1\", pkgname:\"glibc-profile\", pkgver:\"2.7\", pkgarch:\"i486\", pkgnum:\"11_slack12.1\")) flag++;\nif (slackware_check(osver:\"12.1\", pkgname:\"glibc-solibs\", pkgver:\"2.7\", pkgarch:\"i486\", pkgnum:\"11_slack12.1\")) flag++;\nif (slackware_check(osver:\"12.1\", pkgname:\"glibc-zoneinfo\", pkgver:\"2.7\", pkgarch:\"noarch\", pkgnum:\"11_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"glibc\", pkgver:\"2.7\", pkgarch:\"i486\", pkgnum:\"18_slack12.2\")) flag++;\nif (slackware_check(osver:\"12.2\", pkgname:\"glibc-i18n\", pkgver:\"2.7\", pkgarch:\"noarch\", pkgnum:\"18_slack12.2\")) flag++;\nif (slackware_check(osver:\"12.2\", pkgname:\"glibc-profile\", pkgver:\"2.7\", pkgarch:\"i486\", pkgnum:\"18_slack12.2\")) flag++;\nif (slackware_check(osver:\"12.2\", pkgname:\"glibc-solibs\", pkgver:\"2.7\", pkgarch:\"i486\", pkgnum:\"18_slack12.2\")) flag++;\nif (slackware_check(osver:\"12.2\", pkgname:\"glibc-zoneinfo\", pkgver:\"2.7\", pkgarch:\"noarch\", pkgnum:\"18_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"glibc\", pkgver:\"2.9\", pkgarch:\"i486\", pkgnum:\"4_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"glibc-i18n\", pkgver:\"2.9\", pkgarch:\"i486\", pkgnum:\"4_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"glibc-profile\", pkgver:\"2.9\", pkgarch:\"i486\", pkgnum:\"4_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"glibc-solibs\", pkgver:\"2.9\", pkgarch:\"i486\", pkgnum:\"4_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"glibc-zoneinfo\", pkgver:\"2.9\", pkgarch:\"noarch\", pkgnum:\"4_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"glibc\", pkgver:\"2.9\", pkgarch:\"x86_64\", pkgnum:\"4_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"glibc-i18n\", pkgver:\"2.9\", pkgarch:\"x86_64\", pkgnum:\"4_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"glibc-profile\", pkgver:\"2.9\", pkgarch:\"x86_64\", pkgnum:\"4_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"glibc-solibs\", pkgver:\"2.9\", pkgarch:\"x86_64\", pkgnum:\"4_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"glibc-zoneinfo\", pkgver:\"2.9\", pkgarch:\"noarch\", pkgnum:\"4_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"glibc\", pkgver:\"2.11.1\", pkgarch:\"i486\", pkgnum:\"4_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"glibc-i18n\", pkgver:\"2.11.1\", pkgarch:\"i486\", pkgnum:\"4_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"glibc-profile\", pkgver:\"2.11.1\", pkgarch:\"i486\", pkgnum:\"4_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"glibc-solibs\", pkgver:\"2.11.1\", pkgarch:\"i486\", pkgnum:\"4_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"glibc-zoneinfo\", pkgver:\"2.11.1\", pkgarch:\"noarch\", pkgnum:\"4_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"glibc\", pkgver:\"2.11.1\", pkgarch:\"x86_64\", pkgnum:\"4_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"glibc-i18n\", pkgver:\"2.11.1\", pkgarch:\"x86_64\", pkgnum:\"4_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"glibc-profile\", pkgver:\"2.11.1\", pkgarch:\"x86_64\", pkgnum:\"4_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"glibc-solibs\", pkgver:\"2.11.1\", pkgarch:\"x86_64\", pkgnum:\"4_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"glibc-zoneinfo\", pkgver:\"2.11.1\", pkgarch:\"noarch\", pkgnum:\"4_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"glibc\", pkgver:\"2.12.1\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"glibc-i18n\", pkgver:\"2.12.1\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"glibc-profile\", pkgver:\"2.12.1\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"glibc-solibs\", pkgver:\"2.12.1\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"glibc-zoneinfo\", pkgver:\"2.12.1\", pkgarch:\"noarch\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"glibc\", pkgver:\"2.12.1\", pkgarch:\"x86_64\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"glibc-i18n\", pkgver:\"2.12.1\", pkgarch:\"x86_64\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"glibc-profile\", pkgver:\"2.12.1\", pkgarch:\"x86_64\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"glibc-solibs\", pkgver:\"2.12.1\", pkgarch:\"x86_64\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"glibc-zoneinfo\", pkgver:\"2.12.1\", pkgarch:\"noarch\", pkgnum:\"2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:38:59", "description": "Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nIt was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LD_AUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use this flaw to escalate their privileges. (CVE-2010-3847)\n\nRed Hat would like to thank Tavis Ormandy for reporting this issue.\n\nAll users should upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {}, "published": "2010-11-24T00:00:00", "type": "nessus", "title": "CentOS 5 : glibc (CESA-2010:0787)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3847"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2010-0787.NASL", "href": "https://www.tenable.com/plugins/nessus/50795", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0787 and \n# CentOS Errata and Security Advisory 2010:0787 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50795);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-3847\");\n script_bugtraq_id(44154);\n script_xref(name:\"RHSA\", value:\"2010:0787\");\n\n script_name(english:\"CentOS 5 : glibc (CESA-2010:0787)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nIt was discovered that the glibc dynamic linker/loader did not handle\nthe $ORIGIN dynamic string token set in the LD_AUDIT environment\nvariable securely. A local attacker with write access to a file system\ncontaining setuid or setgid binaries could use this flaw to escalate\ntheir privileges. (CVE-2010-3847)\n\nRed Hat would like to thank Tavis Ormandy for reporting this issue.\n\nAll users should upgrade to these updated packages, which contain a\nbackported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-October/017099.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a326b296\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-October/017100.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78dd8315\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"$ORIGIN\" Expansion Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-2.5-49.el5_5.6\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-common-2.5-49.el5_5.6\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-devel-2.5-49.el5_5.6\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-headers-2.5-49.el5_5.6\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-utils-2.5-49.el5_5.6\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"nscd-2.5-49.el5_5.6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:41:44", "description": "The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any way? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd", "cvss3": {}, "published": "2011-08-20T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : glibc suite (YOU Patch Number 12813)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12813.NASL", "href": "https://www.tenable.com/plugins/nessus/55918", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55918);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"SuSE9 Security Update : glibc suite (YOU Patch Number 12813)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The implementation of the blowfish based password hashing method had a\nbug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force\nmethods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing\nfunction (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After\ninstalling the update existing $2a hashes therefore no longer match\nhashes generated with the new, correct implementation if the password\ncontains 8bit characters. For system logins via PAM the pam_unix2\nmodule activates a compat mode and keeps processing existing $2a\nhashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously\nidentify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are\nadvised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords\nusing the blowfish hash do not have such a compat mode. That means\nusers with 8bit passwords that use such services will not be able to\nlog in anymore after the update. As workaround administrators may edit\nthe service's password database and change stored hashes from $2a to\n$2x. This will result in crypt() using the old algorithm. Users should\nbe required to change their passwords to make sure they are migrated\nto the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any\nway? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x ->\nbuggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the\npassword database and change the '$2a' prefix of the affected users'\nhashes to '$2x'. They will be able to log in again but should change\ntheir password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set\nBLOWFISH_2a2x=no in /etc/default/passwd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12813.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-2.3.3-98.123\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-devel-2.3.3-98.123\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-html-2.3.3-98.123\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-i18ndata-2.3.3-98.123\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-info-2.3.3-98.123\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-locale-2.3.3-98.123\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-profile-2.3.3-98.123\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"libxcrypt-2.1.90-61.6\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"libxcrypt-devel-2.1.90-61.6\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"nscd-2.3.3-98.123\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"pam-modules-9-18.21\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"pwdutils-2.6.4-2.34\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"timezone-2.3.3-98.123\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"glibc-32bit-9-201108011005\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-9-201107291651\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-9-201107291651\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"libxcrypt-32bit-9-201107291733\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"pam-modules-32bit-9-201107291830\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:09:16", "description": "The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any way? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd", "cvss3": {}, "published": "2012-04-03T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : glibc (ZYPP Patch Number 7663)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GLIBC-BLOWFISH-7663.NASL", "href": "https://www.tenable.com/plugins/nessus/58576", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58576);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"SuSE 10 Security Update : glibc (ZYPP Patch Number 7663)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The implementation of the blowfish based password hashing method had a\nbug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force\nmethods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing\nfunction (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After\ninstalling the update existing $2a hashes therefore no longer match\nhashes generated with the new, correct implementation if the password\ncontains 8bit characters. For system logins via PAM the pam_unix2\nmodule activates a compat mode and keeps processing existing $2a\nhashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously\nidentify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are\nadvised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords\nusing the blowfish hash do not have such a compat mode. That means\nusers with 8bit passwords that use such services will not be able to\nlog in anymore after the update. As workaround administrators may edit\nthe service's password database and change stored hashes from $2a to\n$2x. This will result in crypt() using the old algorithm. Users should\nbe required to change their passwords to make sure they are migrated\nto the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any\nway? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x ->\nbuggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the\npassword database and change the '$2a' prefix of the affected users'\nhashes to '$2x'. They will be able to log in again but should change\ntheir password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set\nBLOWFISH_2a2x=no in /etc/default/passwd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7663.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-devel-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-html-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-i18ndata-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-info-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-locale-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libxcrypt-2.4-12.9.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"nscd-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"pam-modules-10-2.17.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"pwdutils-3.0.7.1-17.36.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"libxcrypt-32bit-2.4-12.9.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"pam-modules-32bit-10-2.17.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-devel-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-html-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-i18ndata-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-info-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-locale-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-profile-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libxcrypt-2.4-12.9.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libxcrypt-devel-2.4-12.9.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"nscd-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"pam-modules-10-2.17.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"pwdutils-3.0.7.1-17.36.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"pwdutils-plugin-audit-3.0.7.1-17.36.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"libxcrypt-32bit-2.4-12.9.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"pam-modules-32bit-10-2.17.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:26:46", "description": "Updated postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system (DBMS).\n\nA signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'.\n\nThese updated postgresql84 packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.", "cvss3": {}, "published": "2011-10-19T00:00:00", "type": "nessus", "title": "CentOS 5 : postgresql84 (CESA-2011:1378)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:postgresql84", "p-cpe:/a:centos:centos:postgresql84-contrib", "p-cpe:/a:centos:centos:postgresql84-devel", "p-cpe:/a:centos:centos:postgresql84-docs", "p-cpe:/a:centos:centos:postgresql84-libs", "p-cpe:/a:centos:centos:postgresql84-plperl", "p-cpe:/a:centos:centos:postgresql84-plpython", "p-cpe:/a:centos:centos:postgresql84-pltcl", "p-cpe:/a:centos:centos:postgresql84-python", "p-cpe:/a:centos:centos:postgresql84-server", "p-cpe:/a:centos:centos:postgresql84-tcl", "p-cpe:/a:centos:centos:postgresql84-test", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1378.NASL", "href": "https://www.tenable.com/plugins/nessus/56536", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1378 and \n# CentOS Errata and Security Advisory 2011:1378 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56536);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-2483\");\n script_bugtraq_id(49241);\n script_xref(name:\"RHSA\", value:\"2011:1378\");\n\n script_name(english:\"CentOS 5 : postgresql84 (CESA-2011:1378)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated postgresql84 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nA signedness issue was found in the way the crypt() function in the\nPostgreSQL pgcrypto module handled 8-bit characters in passwords when\nusing Blowfish hashing. Up to three characters immediately preceding a\nnon-ASCII character (one with the high bit set) had no effect on the\nhash result, thus shortening the effective password length. This made\nbrute-force guessing more efficient as several different passwords\nwere hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to applications that store user\npasswords, hashed with Blowfish using the PostgreSQL crypt() function,\nin a back-end PostgreSQL database. Unsafe processing can be re-enabled\nfor specific passwords (allowing affected users to log in) by changing\ntheir hash prefix to '$2x$'.\n\nThese updated postgresql84 packages upgrade PostgreSQL to version\n8.4.9. Refer to the PostgreSQL Release Notes for a full list of\nchanges :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct this issue. If the postgresql service is running, it\nwill be automatically restarted after installing this update.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018117.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2b316f37\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018118.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fdea9f51\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql84 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-contrib-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-devel-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-docs-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-libs-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-plperl-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-plpython-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-pltcl-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-python-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-server-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-tcl-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-test-8.4.9-1.el5_7.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql84 / postgresql84-contrib / postgresql84-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:27:07", "description": "Updated postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system (DBMS).\n\nA signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'.\n\nThese updated postgresql84 packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.", "cvss3": {}, "published": "2011-10-18T00:00:00", "type": "nessus", "title": "RHEL 5 : postgresql84 (RHSA-2011:1378)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:postgresql84", "p-cpe:/a:redhat:enterprise_linux:postgresql84-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql84-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql84-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql84-libs", "p-cpe:/a:redhat:enterprise_linux:postgresql84-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql84-plpython", "p-cpe:/a:redhat:enterprise_linux:postgresql84-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql84-python", "p-cpe:/a:redhat:enterprise_linux:postgresql84-server", "p-cpe:/a:redhat:enterprise_linux:postgresql84-tcl", "p-cpe:/a:redhat:enterprise_linux:postgresql84-test", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-1378.NASL", "href": "https://www.tenable.com/plugins/nessus/56534", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1378. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56534);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n script_bugtraq_id(49241);\n script_xref(name:\"RHSA\", value:\"2011:1378\");\n\n script_name(english:\"RHEL 5 : postgresql84 (RHSA-2011:1378)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated postgresql84 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nA signedness issue was found in the way the crypt() function in the\nPostgreSQL pgcrypto module handled 8-bit characters in passwords when\nusing Blowfish hashing. Up to three characters immediately preceding a\nnon-ASCII character (one with the high bit set) had no effect on the\nhash result, thus shortening the effective password length. This made\nbrute-force guessing more efficient as several different passwords\nwere hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to applications that store user\npasswords, hashed with Blowfish using the PostgreSQL crypt() function,\nin a back-end PostgreSQL database. Unsafe processing can be re-enabled\nfor specific passwords (allowing affected users to log in) by changing\ntheir hash prefix to '$2x$'.\n\nThese updated postgresql84 packages upgrade PostgreSQL to version\n8.4.9. Refer to the PostgreSQL Release Notes for a full list of\nchanges :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct this issue. If the postgresql service is running, it\nwill be automatically restarted after installing this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2483\"\n );\n # http://www.postgresql.org/docs/8.4/static/release.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/8.4/release.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1378\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1378\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-contrib-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-contrib-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-contrib-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"postgresql84-devel-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-docs-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-docs-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-docs-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"postgresql84-libs-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-plperl-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-plperl-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-plperl-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-plpython-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-plpython-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-plpython-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-pltcl-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-pltcl-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-pltcl-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-python-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-python-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-python-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-server-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-server-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-server-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-tcl-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-tcl-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-tcl-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-test-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-test-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-test-8.4.9-1.el5_7.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql84 / postgresql84-contrib / postgresql84-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:11:10", "description": "The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force methods (CVE-2011-2483).\n\nSUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any way? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y\n\n-> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0 <username>\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : glibc (openSUSE-SU-2011:0921-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:glibc", "p-cpe:/a:novell:opensuse:glibc-32bit", "p-cpe:/a:novell:opensuse:glibc-debuginfo", "p-cpe:/a:novell:opensuse:glibc-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-debugsource", "p-cpe:/a:novell:opensuse:glibc-devel", "p-cpe:/a:novell:opensuse:glibc-devel-32bit", "p-cpe:/a:novell:opensuse:glibc-devel-debuginfo", "p-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-html", "p-cpe:/a:novell:opensuse:glibc-i18ndata", "p-cpe:/a:novell:opensuse:glibc-info", "p-cpe:/a:novell:opensuse:glibc-locale", "p-cpe:/a:novell:opensuse:glibc-locale-32bit", "p-cpe:/a:novell:opensuse:glibc-locale-debuginfo", "p-cpe:/a:novell:opensuse:glibc-locale-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-obsolete", "p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo", "p-cpe:/a:novell:opensuse:glibc-profile", "p-cpe:/a:novell:opensuse:glibc-profile-32bit", "p-cpe:/a:novell:opensuse:libxcrypt", "p-cpe:/a:novell:opensuse:libxcrypt-32bit", "p-cpe:/a:novell:opensuse:libxcrypt-debuginfo", "p-cpe:/a:novell:opensuse:libxcrypt-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libxcrypt-debugsource", "p-cpe:/a:novell:opensuse:libxcrypt-devel", "p-cpe:/a:novell:opensuse:nscd", "p-cpe:/a:novell:opensuse:nscd-debuginfo", "p-cpe:/a:novell:opensuse:pam-modules", "p-cpe:/a:novell:opensuse:pam-modules-32bit", "p-cpe:/a:novell:opensuse:pam-modules-debuginfo", "p-cpe:/a:novell:opensuse:pam-modules-debuginfo-32bit", "p-cpe:/a:novell:opensuse:pam-modules-debugsource", "p-cpe:/a:novell:opensuse:pwdutils", "p-cpe:/a:novell:opensuse:pwdutils-debuginfo", "p-cpe:/a:novell:opensuse:pwdutils-debugsource", "p-cpe:/a:novell:opensuse:pwdutils-plugin-audit", "p-cpe:/a:novell:opensuse:pwdutils-plugin-audit-debuginfo", "p-cpe:/a:novell:opensuse:pwdutils-rpasswd", "p-cpe:/a:novell:opensuse:pwdutils-rpasswd-32bit", "p-cpe:/a:novell:opensuse:pwdutils-rpasswd-debuginfo", "p-cpe:/a:novell:opensuse:pwdutils-rpasswd-debuginfo-32bit", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_GLIBC-110729.NASL", "href": "https://www.tenable.com/plugins/nessus/75852", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update glibc-4943.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75852);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"openSUSE Security Update : glibc (openSUSE-SU-2011:0921-1)\");\n script_summary(english:\"Check for the glibc-4943 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The implementation of the blowfish based password hashing method had a\nbug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force\nmethods (CVE-2011-2483).\n\nSUSE's crypt() implementation supports the blowfish password hashing\nfunction (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After\ninstalling the update existing $2a hashes therefore no longer match\nhashes generated with the new, correct implementation if the password\ncontains 8bit characters. For system logins via PAM the pam_unix2\nmodule activates a compat mode and keeps processing existing $2a\nhashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously\nidentify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are\nadvised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords\nusing the blowfish hash do not have such a compat mode. That means\nusers with 8bit passwords that use such services will not be able to\nlog in anymore after the update. As workaround administrators may edit\nthe service's password database and change stored hashes from $2a to\n$2x. This will result in crypt() using the old algorithm. Users should\nbe required to change their passwords to make sure they are migrated\nto the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any\nway? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x ->\nbuggy algorithm $2a -> buggy algorithm $2y\n\n-> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0 <username>\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the\npassword database and change the '$2a' prefix of the affected users'\nhashes to '$2x'. They will be able to log in again but should change\ntheir password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set\nBLOWFISH_2a2x=no in /etc/default/passwd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=700876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-modules-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-modules-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-modules-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-modules-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-plugin-audit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-plugin-audit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-rpasswd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-rpasswd-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-rpasswd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-rpasswd-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-debuginfo-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-debugsource-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-devel-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-devel-debuginfo-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-html-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-i18ndata-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-info-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-locale-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-locale-debuginfo-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-obsolete-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-obsolete-debuginfo-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-profile-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libxcrypt-3.0.3-9.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libxcrypt-debuginfo-3.0.3-9.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libxcrypt-debugsource-3.0.3-9.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libxcrypt-devel-3.0.3-9.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"nscd-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"nscd-debuginfo-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pam-modules-11.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pam-modules-debuginfo-11.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pam-modules-debugsource-11.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pwdutils-3.2.14-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pwdutils-debuginfo-3.2.14-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pwdutils-debugsource-3.2.14-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pwdutils-plugin-audit-3.2.14-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pwdutils-plugin-audit-debuginfo-3.2.14-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pwdutils-rpasswd-3.2.14-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pwdutils-rpasswd-debuginfo-3.2.14-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"glibc-32bit-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"glibc-debuginfo-32bit-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"glibc-devel-debuginfo-32bit-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"glibc-locale-debuginfo-32bit-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libxcrypt-32bit-3.0.3-9.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libxcrypt-debuginfo-32bit-3.0.3-9.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"pam-modules-32bit-11.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"pam-modules-debuginfo-32bit-11.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"pwdutils-rpasswd-32bit-3.2.14-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"pwdutils-rpasswd-debuginfo-32bit-3.2.14-4.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-32bit / glibc-devel / glibc-devel-32bit / glibc-html / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:37:49", "description": "- Implement accurate fma (BZ#3268, #43358)\n\n - Fix alignment of AVX save area on x86-64 (BZ#12113)\n\n - Fix regex memory leaks (BZ#12078)\n\n - Improve output of psiginfo (BZ#12107, BZ#12108)\n\n - Don't return NULL address in getifaddrs (BZ#12093)\n\n - Fix strstr and memmem algorithm (BZ#12092, #641124)\n\n - Don't discard result of decoding ACE if AI_CANONIDN (#636642)\n\n - Never expand $ORIGIN in privileged programs (#643306, CVE-2010-3847)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-10-20T00:00:00", "type": "nessus", "title": "Fedora 14 : glibc-2.12.90-17 (2010-16308)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3847"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:glibc", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2010-16308.NASL", "href": "https://www.tenable.com/plugins/nessus/50036", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16308.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50036);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3847\");\n script_bugtraq_id(44154);\n script_xref(name:\"FEDORA\", value:\"2010-16308\");\n\n script_name(english:\"Fedora 14 : glibc-2.12.90-17 (2010-16308)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Implement accurate fma (BZ#3268, #43358)\n\n - Fix alignment of AVX save area on x86-64 (BZ#12113)\n\n - Fix regex memory leaks (BZ#12078)\n\n - Improve output of psiginfo (BZ#12107, BZ#12108)\n\n - Don't return NULL address in getifaddrs (BZ#12093)\n\n - Fix strstr and memmem algorithm (BZ#12092, #641124)\n\n - Don't discard result of decoding ACE if AI_CANONIDN\n (#636642)\n\n - Never expand $ORIGIN in privileged programs (#643306,\n CVE-2010-3847)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=643306\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049665.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3fe9fbe1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc \"$ORIGIN\" Expansion Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"glibc-2.12.90-17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:41", "description": "The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any way? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd", "cvss3": {}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : glibc (ZYPP Patch Number 7663) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2013-12-05T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GLIBC-7663.NASL", "href": "https://www.tenable.com/plugins/nessus/57202", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\n# @DEPRECATED@\n#\n# This script has been deprecated as it duplicates plugin #58576\n# (suse_glibc-blowfish-7663.nasl).\n#\n# Disabled on 2013/12/05.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57202);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/20 0:18:55\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"SuSE 10 Security Update : glibc (ZYPP Patch Number 7663) (deprecated)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The implementation of the blowfish based password hashing method had a\nbug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force\nmethods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing\nfunction (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After\ninstalling the update existing $2a hashes therefore no longer match\nhashes generated with the new, correct implementation if the password\ncontains 8bit characters. For system logins via PAM the pam_unix2\nmodule activates a compat mode and keeps processing existing $2a\nhashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously\nidentify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are\nadvised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords\nusing the blowfish hash do not have such a compat mode. That means\nusers with 8bit passwords that use such services will not be able to\nlog in anymore after the update. As workaround administrators may edit\nthe service's password database and change stored hashes from $2a to\n$2x. This will result in crypt() using the old algorithm. Users should\nbe required to change their passwords to make sure they are migrated\nto the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any\nway? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x ->\nbuggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the\npassword database and change the '$2a' prefix of the affected users'\nhashes to '$2x'. They will be able to log in again but should change\ntheir password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set\nBLOWFISH_2a2x=no in /etc/default/passwd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7663.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"The plugin duplicates #58576 (suse_glibc-blowfish-7663.nasl).\");\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif ( rpm_check( reference:\"glibc-2.4-31.93.1\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-2.4-31.93.1\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-html-2.4-31.93.1\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-i18ndata-2.4-31.93.1\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-info-2.4-31.93.1\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-2.4-31.93.1\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-profile-2.4-31.93.1\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-2.4-12.9.4\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-devel-2.4-12.9.4\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"nscd-2.4-31.93.1\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"pam-modules-10-2.17.4\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"pwdutils-3.0.7.1-17.36.2\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"pwdutils-plugin-audit-3.0.7.1-17.36.2\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-2.4-31.93.1\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-2.4-31.93.1\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-html-2.4-31.93.1\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-i18ndata-2.4-31.93.1\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-info-2.4-31.93.1\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-2.4-31.93.1\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-2.4-12.9.4\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"nscd-2.4-31.93.1\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"pam-modules-10-2.17.4\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"pwdutils-3.0.7.1-17.36.2\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:08", "description": "The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any way? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd", "cvss3": {}, "published": "2012-02-06T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : glibc (SAT Patch Number 4944) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2013-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:glibc", "p-cpe:/a:novell:suse_linux:11:glibc-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-devel", "p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-html", "p-cpe:/a:novell:suse_linux:11:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:11:glibc-info", "p-cpe:/a:novell:suse_linux:11:glibc-locale", "p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-profile", "p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit", "p-cpe:/a:novell:suse_linux:11:libxcrypt", "p-cpe:/a:novell:suse_linux:11:libxcrypt-32bit", "p-cpe:/a:novell:suse_linux:11:nscd", "p-cpe:/a:novell:suse_linux:11:pam-modules", "p-cpe:/a:novell:suse_linux:11:pam-modules-32bit", "p-cpe:/a:novell:suse_linux:11:pwdutils", "p-cpe:/a:novell:suse_linux:11:pwdutils-plugin-audit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_GLIBC-110729.NASL", "href": "https://www.tenable.com/plugins/nessus/55919", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\n# @DEPRECATED@\n#\n# This script has been deprecated as it has been replaced by\n# suse_11_glibc-blowfish-110729.nasl.\n#\n# Disabled on 2013/12/05.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55919);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/20 0:18:55\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"SuSE 11.1 Security Update : glibc (SAT Patch Number 4944) (deprecated)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The implementation of the blowfish based password hashing method had a\nbug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force\nmethods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing\nfunction (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After\ninstalling the update existing $2a hashes therefore no longer match\nhashes generated with the new, correct implementation if the password\ncontains 8bit characters. For system logins via PAM the pam_unix2\nmodule activates a compat mode and keeps processing existing $2a\nhashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously\nidentify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are\nadvised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords\nusing the blowfish hash do not have such a compat mode. That means\nusers with 8bit passwords that use such services will not be able to\nlog in anymore after the update. As workaround administrators may edit\nthe service's password database and change stored hashes from $2a to\n$2x. This will result in crypt() using the old algorithm. Users should\nbe required to change their passwords to make sure they are migrated\nto the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any\nway? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x ->\nbuggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the\npassword database and change the '$2a' prefix of the affected users'\nhashes to '$2x'. They will be able to log in again but should change\ntheir password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set\nBLOWFISH_2a2x=no in /etc/default/passwd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=645140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=680833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=700876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4944.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libxcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libxcrypt-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pam-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pam-modules-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pwdutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pwdutils-plugin-audit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/06\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\n# Deprecated.\nexit(0, \"The plugin duplicates plugin #57839 (suse_11_glibc-blowfish-110729.nasl)\");\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\nflag = 0;\n\nif ( rpm_check( reference:\"glibc-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i686\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i686\") ) flag ++;\nif ( rpm_check( reference:\"glibc-html-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-i18ndata-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-info-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-profile-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-3.0.3-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"nscd-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"pam-modules-11-1.18.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"pwdutils-3.2.8-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"pwdutils-plugin-audit-3.2.8-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-32bit-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-32bit-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-html-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-i18ndata-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-info-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-32bit-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-profile-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-profile-32bit-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-3.0.3-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-32bit-3.0.3-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"nscd-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"pam-modules-11-1.18.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"pam-modules-32bit-11-1.18.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"pwdutils-3.2.8-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"pwdutils-plugin-audit-3.2.8-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-32bit-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-32bit-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-html-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-i18ndata-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-info-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-32bit-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-profile-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-profile-32bit-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-3.0.3-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-32bit-3.0.3-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"nscd-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"pam-modules-11-1.18.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"pam-modules-32bit-11-1.18.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"pwdutils-3.2.8-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"pwdutils-plugin-audit-3.2.8-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"i686\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"i686\") ) flag ++;\nif ( rpm_check( reference:\"glibc-i18ndata-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-3.0.3-0.4.1\", release:\"SLED11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"nscd-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"pam-modules-11-1.18.1\", release:\"SLED11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"pwdutils-3.2.8-0.4.1\", release:\"SLED11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-32bit-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-32bit-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-i18ndata-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-32bit-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-3.0.3-0.4.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-32bit-3.0.3-0.4.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"nscd-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"pam-modules-11-1.18.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"pam-modules-32bit-11-1.18.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"pwdutils-3.2.8-0.4.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:42:20", "description": "Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system (DBMS).\n\nA signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'.\n\nFor Red Hat Enterprise Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nFor Red Hat Enterprise Linux 4 and 5, the updated postgresql packages contain a backported patch.\n\nAll PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.", "cvss3": {}, "published": "2011-10-18T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 / 6 : postgresql (RHSA-2011:1377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql-debuginfo", "p-cpe:/a:redhat:enterprise_linux:postgresql-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql-jdbc", "p-cpe:/a:redhat:enterprise_linux:postgresql-libs", "p-cpe:/a:redhat:enterprise_linux:postgresql-pl", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-python", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-tcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2011-1377.NASL", "href": "https://www.tenable.com/plugins/nessus/56533", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1377. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56533);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n script_bugtraq_id(49241);\n script_xref(name:\"RHSA\", value:\"2011:1377\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : postgresql (RHSA-2011:1377)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated postgresql packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nA signedness issue was found in the way the crypt() function in the\nPostgreSQL pgcrypto module handled 8-bit characters in passwords when\nusing Blowfish hashing. Up to three characters immediately preceding a\nnon-ASCII character (one with the high bit set) had no effect on the\nhash result, thus shortening the effective password length. This made\nbrute-force guessing more efficient as several different passwords\nwere hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to applications that store user\npasswords, hashed with Blowfish using the PostgreSQL crypt() function,\nin a back-end PostgreSQL database. Unsafe processing can be re-enabled\nfor specific passwords (allowing affected users to log in) by changing\ntheir hash prefix to '$2x$'.\n\nFor Red Hat Enterprise Linux 6, the updated postgresql packages\nupgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release\nNotes for a full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nFor Red Hat Enterprise Linux 4 and 5, the updated postgresql packages\ncontain a backported patch.\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct this issue. If the postgresql service is running, it\nwill be automatically restarted after installing this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2483\"\n );\n # http://www.postgresql.org/docs/8.4/static/release.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/8.4/release.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1377\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1377\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-contrib-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-devel-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-docs-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-jdbc-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-libs-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-pl-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-python-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-server-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-tcl-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-test-7.4.30-3.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-contrib-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-contrib-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-contrib-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"postgresql-devel-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-docs-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-docs-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-docs-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"postgresql-libs-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-pl-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-pl-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-pl-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-python-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-python-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-python-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-server-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-server-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-server-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-tcl-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-tcl-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-tcl-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-test-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-test-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-test-8.1.23-1.el5_7.2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"postgresql-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-contrib-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-contrib-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-contrib-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"postgresql-debuginfo-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"postgresql-devel-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-docs-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-docs-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-docs-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"postgresql-libs-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-plperl-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-plperl-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-plperl-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-plpython-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-plpython-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-plpython-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-pltcl-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-pltcl-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-pltcl-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-server-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-server-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-server-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-test-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-test-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-test-8.4.9-1.el6_1.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:10:04", "description": "The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force methods (CVE-2011-2483).\n\nSUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any way? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y\n\n-> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0 <username>\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : glibc (openSUSE-SU-2011:0921-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:glibc-obsolete", "p-cpe:/a:novell:opensuse:glibc-profile", "p-cpe:/a:novell:opensuse:glibc-profile-32bit", "p-cpe:/a:novell:opensuse:libxcrypt", "p-cpe:/a:novell:opensuse:libxcrypt-32bit", "p-cpe:/a:novell:opensuse:libxcrypt-devel", "p-cpe:/a:novell:opensuse:nscd", "p-cpe:/a:novell:opensuse:glibc", "p-cpe:/a:novell:opensuse:glibc-32bit", "p-cpe:/a:novell:opensuse:glibc-devel", "p-cpe:/a:novell:opensuse:glibc-devel-32bit", "p-cpe:/a:novell:opensuse:glibc-html", "p-cpe:/a:novell:opensuse:glibc-i18ndata", "p-cpe:/a:novell:opensuse:glibc-info", "p-cpe:/a:novell:opensuse:glibc-locale", "p-cpe:/a:novell:opensuse:glibc-locale-32bit", "p-cpe:/a:novell:opensuse:pam-modules", "p-cpe:/a:novell:opensuse:pam-modules-32bit", "p-cpe:/a:novell:opensuse:pwdutils", "p-cpe:/a:novell:opensuse:pwdutils-plugin-audit", "p-cpe:/a:novell:opensuse:pwdutils-rpasswd", "p-cpe:/a:novell:opensuse:pwdutils-rpasswd-32bit", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_GLIBC-110729.NASL", "href": "https://www.tenable.com/plugins/nessus/75519", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update glibc-4943.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75519);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"openSUSE Security Update : glibc (openSUSE-SU-2011:0921-1)\");\n script_summary(english:\"Check for the glibc-4943 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The implementation of the blowfish based password hashing method had a\nbug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force\nmethods (CVE-2011-2483).\n\nSUSE's crypt() implementation supports the blowfish password hashing\nfunction (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After\ninstalling the update existing $2a hashes therefore no longer match\nhashes generated with the new, correct implementation if the password\ncontains 8bit characters. For system logins via PAM the pam_unix2\nmodule activates a compat mode and keeps processing existing $2a\nhashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously\nidentify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are\nadvised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords\nusing the blowfish hash do not have such a compat mode. That means\nusers with 8bit passwords that use such services will not be able to\nlog in anymore after the update. As workaround administrators may edit\nthe service's password database and change stored hashes from $2a to\n$2x. This will result in crypt() using the old algorithm. Users should\nbe required to change their passwords to make sure they are migrated\nto the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any\nway? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by\ndefault: $2x -> buggy algorithm $2a -> buggy algorithm $2y\n\n-> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0 <username>\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the\npassword database and change the '$2a' prefix of the affected users'\nhashes to '$2x'. They will be able to log in again but should change\ntheir password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set\nBLOWFISH_2a2x=no in /etc/default/passwd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=700876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-modules-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-plugin-audit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-rpasswd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-rpasswd-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"glibc-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"glibc-devel-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"glibc-html-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"glibc-i18ndata-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"glibc-info-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"glibc-locale-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"glibc-obsolete-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"glibc-profile-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libxcrypt-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libxcrypt-devel-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"nscd-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"pam-modules-11.3-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"pwdutils-3.2.10-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"pwdutils-plugin-audit-3.2.10-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"pwdutils-rpasswd-3.2.10-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"glibc-32bit-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libxcrypt-32bit-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"pam-modules-32bit-11.3-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"pwdutils-rpasswd-32bit-3.2.10-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-32bit / glibc-devel / glibc-devel-32bit / glibc-html / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:47:11", "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nA signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'.\n\nFor Scientific Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nFor Scientific Linux 4 and 5, the updated postgresql packages contain a backported patch.\n\nAll PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : postgresql on SL4.x, SL5.x, SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111017_POSTGRESQL_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61155", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61155);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"Scientific Linux Security Update : postgresql on SL4.x, SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nA signedness issue was found in the way the crypt() function in the\nPostgreSQL pgcrypto module handled 8-bit characters in passwords when\nusing Blowfish hashing. Up to three characters immediately preceding a\nnon-ASCII character (one with the high bit set) had no effect on the\nhash result, thus shortening the effective password length. This made\nbrute-force guessing more efficient as several different passwords\nwere hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to applications that store user\npasswords, hashed with Blowfish using the PostgreSQL crypt() function,\nin a back-end PostgreSQL database. Unsafe processing can be re-enabled\nfor specific passwords (allowing affected users to log in) by changing\ntheir hash prefix to '$2x$'.\n\nFor Scientific Linux 6, the updated postgresql packages upgrade\nPostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for\na full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nFor Scientific Linux 4 and 5, the updated postgresql packages contain\na backported patch.\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct this issue. If the postgresql service is running, it\nwill be automatically restarted after installing this update.\"\n );\n # http://www.postgresql.org/docs/8.4/static/release.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/8.4/release.html\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=1584\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?98aeaf38\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-contrib-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-debuginfo-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-devel-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-docs-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-jdbc-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-libs-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-pl-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-python-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-server-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-tcl-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-test-7.4.30-3.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"postgresql-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-contrib-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-debuginfo-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-devel-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-docs-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-libs-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-pl-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-python-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-server-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-tcl-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-test-8.1.23-1.el5_7.2\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"postgresql-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-contrib-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-debuginfo-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-devel-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-docs-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-libs-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-plperl-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-plpython-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-pltcl-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-server-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-test-8.4.9-1.el6_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:28:09", "description": "A vulnerability was discovered and fixed in php-suhosin :\n\ncrypt_blowfish before 1.1, as used in suhosin does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483).\n\nThe updated packages have been patched to correct this issue.", "cvss3": {}, "published": "2011-11-29T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : php-suhosin (MDVSA-2011:180)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:php-suhosin", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2011-180.NASL", "href": "https://www.tenable.com/plugins/nessus/56968", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:180. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56968);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-2483\");\n script_bugtraq_id(49241);\n script_xref(name:\"MDVSA\", value:\"2011:180\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php-suhosin (MDVSA-2011:180)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered and fixed in php-suhosin :\n\ncrypt_blowfish before 1.1, as used in suhosin does not properly handle\n8-bit characters, which makes it easier for context-dependent\nattackers to determine a cleartext password by leveraging knowledge of\na password hash (CVE-2011-2483).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php-suhosin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-suhosin-0.9.32.1-0.6mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"php-suhosin-0.9.32.1-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:24:58", "description": "The security update for CVE-2011-2483 broke changing blowfish passwords if compat mode was turned on (default). This update fixes the regression.", "cvss3": {}, "published": "2011-08-31T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : libxcrypt (SAT Patch Number 5041)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libxcrypt", "p-cpe:/a:novell:suse_linux:11:libxcrypt-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBXCRYPT-110824.NASL", "href": "https://www.tenable.com/plugins/nessus/56018", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56018);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"SuSE 11.1 Security Update : libxcrypt (SAT Patch Number 5041)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The security update for CVE-2011-2483 broke changing blowfish\npasswords if compat mode was turned on (default). This update fixes\nthe regression.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5041.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libxcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libxcrypt-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libxcrypt-3.0.3-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libxcrypt-3.0.3-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libxcrypt-32bit-3.0.3-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libxcrypt-3.0.3-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libxcrypt-32bit-3.0.3-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libxcrypt-32bit-3.0.3-0.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:26:55", "description": "This update of yast2-core fixes security issues, bugs, and adds a debugging feature.", "cvss3": {}, "published": "2011-10-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : yast2-core (ZYPP Patch Number 7725)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_YAST2-CORE-7725.NASL", "href": "https://www.tenable.com/plugins/nessus/56619", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56619);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"SuSE 10 Security Update : yast2-core (ZYPP Patch Number 7725)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of yast2-core fixes security issues, bugs, and adds a\ndebugging feature.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7725.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"yast2-core-2.13.48-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"yast2-core-devel-2.13.48-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:14:05", "description": "- update to 5.0.26 [bnc#848594]\n\n - Added the .cf TLD server.\n\n - Updated the .bi TLD server.\n\n - Added a new ASN allocation.\n\n - includes changes from 5.0.25\n\n - Added the .ax, .bn, .iq, .pw and .rw TLD servers.\n\n - Updated one or more translations.\n\n - includes updates changes 5.0.24 :\n\n - Merged documentation fixes and the whois.conf(5) man page\n\n - Added a new ASN allocation.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.23\n\n - whois.nic.or.kr switched from EUC-KR to UTF-8.\n\n - includes changes from 5.0.22\n\n - Fixed cross-compiling\n\n - includes changes from 5.0.21\n\n - Fixed parsing of 6to4 addresses\n\n - Added the .xn--j1amh (.&Ntilde;&#131;&ETH;&ordm;&Ntilde;&#128;, Ukraine) TLD server.\n\n - Updated the .bi, .se and .vn TLD servers.\n\n - Removed whois.pandi.or.id from the list of servers which support the RIPE extensions, since it does not anymore and queries are broken.\n\n - Updated some disclaimer suppression strings.\n\n - Respect DEB_HOST_GNU_TYPE when selecting CC for cross-compiling.\n\n - includes changes form 5.0.20\n\n - Updated the .by, .ng, .om, .sm, .tn, .ug and .vn TLD servers.\n\n - Added the .bw, .td, .xn--mgb9awbf (&Oslash;&sup1;&Ugrave;&#133;&Oslash;&sect;&Ugrave;&#134 ;., Oman), .xn--mgberp4a5d4ar (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sup3;&Oslash;&sup 1;&Ugrave;&#136;&Oslash;&macr;&Ugrave;&#138;&Oslash;&cop y;, Saudi Arabia) and .xn--mgbx4cd0ab (&iuml;&raquo;&cent;&iuml;&raquo;&nbsp;&iuml;&raquo;&acu te;&iuml;&ordm;&acute;&iuml;&raquo;&sup3;&iuml;&ordm;&#1 41;., Malaysia) TLD servers.\n\n - Removed the .kp, .mc, .rw and .xn--mgba3a4f16a (&Oslash;&sect;&Ucirc;&#140;&Oslash;&plusmn;&Oslash;&sec t;&Ugrave;&#134;., Iran) TLD servers.\n\n - includes changes from 5.0.19\n\n - Added the .post TLD server.\n\n - Updated the .co.za SLD servers.\n\n - Added the .alt.za, .net.za and .web.za SLD servers.\n\n - whois.ua changed (?) the encoding to utf-8.\n\n - Fixed the parsing of 6to4 addresses like whois 2002:xxxx::.\n\n - includes changes from 5.0.18\n\n - Updated the .ae and .xn--mgbaam7a8h (.&Oslash;&sect;&Ugrave;&#133;&Oslash;&sect;&Oslash;&plu smn;&Oslash;&sect;&Oslash;&ordf;, United Arabs Emirates) TLDs.\n\n - Updated the server charset table for .fr and .it.\n\n - includes changes from whois 5.0.17\n\n - Updated the .bi, .fo, .gr and .gt TLD servers.\n\n - Removed support for recursion of .org queries, it has been a thick registry since 2005.\n\n - includes changes from 5.0.16\n\n - Added the .xn--80ao21a (.&Ograve;&#154;&ETH;&#144;&ETH;&#151;, Kazakhstan) TLD server.\n\n - Updated the .ec and .ee TLD servers.\n\n - Removed the .xn--mgbc0a9azcg (.&Oslash;&sect;&Ugrave;&#132;&Ugrave;&#133;&Oslash;&ord m;&Oslash;&plusmn;&Oslash;&uml;, Morocco) and .xn--mgberp4a5d4ar (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sup3;&Oslash;&sup 1;&Ugrave;&#136;&Oslash;&macr;&Ugrave;&#138;&Oslash;&cop y;, Saudi Arabia) TLD servers.\n\n - Added a new ASN allocation.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.15\n\n - Added the .xn--mgba3a4f16a (&Oslash;&sect;&Ucirc;&#140;&Oslash;&plusmn;&Oslash;&sec t;&Ugrave;&#134;., Iran) TLD server.\n\n - Updated the .pe TLD server, this time for real.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.14\n\n - Added the .sx TLD server.\n\n - Updated the .pe TLD server.\n\n - includes changes from 5.0.13\n\n - Updated the .hr TLD server.\n\n - Improved the package description\n\n - Updated the FSF address in licenses.\n\n - includes changes from 5.0.12\n\n - Recursion disabled when the query string contains spaces, because probably the query format will not be compatible with the referral server (e.g. whois to rwhois or ARIN to RIPE).\n\n - Add the '+' flag by default to queries to whois.arin.net if the argument looks like an IP address. Also add the 'a' and 'n' flags. No thanks to ARIN for breaking every whois client.\n\n - Added the .cv, .lk, .mq, .sy, .so, .biz.ua, .co.ua, .pp.ua, .qa, .xn--3e0b707e (.&iacute;&#149;&#156;&ecirc;&micro;&shy;, Korea), .xn--45brj9c (.&agrave;&brvbar;&shy;&agrave;&brvbar;&frac34;&agrave;& brvbar;&deg;&agrave;&brvbar;&curren;, India, Bengali), .xn--90a3ac (.&ETH;&iexcl;&ETH;&nbsp;&ETH;&#145;, Serbia), .xn--clchc0ea0b2g2a9gcd (.&agrave;&reg;&#154;&agrave;&reg;&iquest;&agrave;&reg;& #153;&agrave;&macr;&#141;&agrave;&reg;&#149;&agrave;&reg ;&ordf;&agrave;&macr;&#141;&agrave;&reg;&ordf;&agrave;&m acr;&#130;&agrave;&reg;&deg;&agrave;&macr;&#141;, Singapore, Tamil), .xn--fpcrj9c3d (.&agrave;&deg;&shy;&agrave;&deg;&frac34;&agrave;&deg;&d eg;&agrave;&deg;&curren;&agrave;&plusmn;&#141;, India, Telugu), .xn--fzc2c9e2c (.&agrave;&para;&frac12;&agrave;&para;&#130;&agrave;&par a;&#154;&agrave;&middot;&#143;, Sri Lanka, Sinhala), .xn--gecrj9c (.&agrave;&ordf;&shy;&agrave;&ordf;&frac34;&agrave;&ordf ;&deg;&agrave;&ordf;&curren;, India, Gujarati), .xn--h2brj9c (.&agrave;&curren;&shy;&agrave;&curren;&frac34;&agrave;& curren;&deg;&agrave;&curren;&curren;, India, Hindi), .xn--lgbbat1ad8j (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&not;&Oslash;&sup2 ;&Oslash;&sect;&Oslash;&brvbar;&Oslash;&plusmn;, Algeria), .xn--mgbayh7gpa (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sect;&Oslash;&plu smn;&Oslash;&macr;&Ugrave;&#134;, Jordan), .xn--mgbbh1a71e (.&Oslash;&uml;&Uacute;&frac34;&Oslash;&sect;&Oslash;&pl usmn;&Oslash;&ordf;, India, Urdu), .xn--mgbc0a9azcg (.&Oslash;&sect;&Ugrave;&#132;&Ugrave;&#133;&Oslash;&ord m;&Oslash;&plusmn;&Oslash;&uml;, Morocco), .xn--ogbpf8fl (.&Oslash;&sup3;&Ugrave;&#136;&Oslash;&plusmn;&Ugrave;&# 138;&Oslash;&copy;, Syria), .xn--s9brj9c (.&agrave;&uml;&shy;&agrave;&uml;&frac34;&agrave;&uml;&d eg;&agrave;&uml;&curren;, India, Punjabi), .xn--xkc2al3hye2a (.&agrave;&reg;&#135;&agrave;&reg;&sup2;&agrave;&reg;&#1 53;&agrave;&macr;&#141;&agrave;&reg;&#149;&agrave;&macr;\n &#136;, Sri Lanka, Tamil), .xn--wgbl6a (.&Ugrave;&#130;&Oslash;&middot;&Oslash;&plusmn;, Qatar), .xn--xkc2dl3a5ee0h (.&agrave;&reg;&#135;&agrave;&reg;&uml;&agrave;&macr;&#1 41;&agrave;&reg;&curren;&agrave;&reg;&iquest;&agrave;&re g;&macr;&agrave;&reg;&frac34;, India, Tamil), .xn--yfro4i67o (.&aelig;&#150;&deg;&aring;&#138;&nbsp;&aring;&#157;&iex cl;, Singapore, Chinese) and .xxx TLD servers. (Closes:\n #642424),\n\n - Added the .priv.at pseudo-SLD server.\n\n - Updated the .co, .gf, .gp, .kr, .li, .rs, .ru, .su, .sv, .ua and .xn--p1ai TLD servers. (Closes: #590425, #634830, #627478)\n\n - Added a new ASN allocation.\n\n - Fixed a typo and -t syntax in whois(1). (Closes:\n #614973, #632588)\n\n - Made whois return an error in some cases, code contributed by David Souther.\n\n - Split HAVE_LINUX_CRYPT_GENSALT from HAVE_XCRYPT to support SuSE, which has it builtin in the libc. Added untested support for Solaris' crypt_gensalt(3). This and the following changes have been contributed by Ludwig Nussel of SuSE.\n\n - mkpasswd: stop rejecting non-ASCII characters.\n\n - mkpasswd: added support for the 2y algorithm, which fixes CVE-2011-2483.\n\n - mkpasswd: raised the number of rounds for 2a/2y from 4 to 5, which is the current default.\n\n - mkpasswd: removed support for 2 and (SHA), which actually are not supported by FreeBSD and libxcrypt.\n\n - packaging changes\n\n - removed patches accepted upstream:\n whois-5.0.11-mkpasswd-support-Owl-patched-libcrypt.diff whois-5.0.11-mkpasswd-crypt_gensalt-might-change-the-pre fix.diff whois-5.0.11-mkpasswd-support-8bit-characters.diff whois-5.0.11-mkpasswd-add-support-for-the-new-2y-blowfis h-tag-CVE-2011-2483.diff whois-5.0.11-mkpasswd-set-default-blowfish-rounds-to-5.d iff whois-5.0.11-mkpasswd-remove-obsolete-settings.diff\n\n - removed patches no longer required:\n whois-5.0.11-mkpasswd-fix-compiler-warnings.diff\n\n - updated patches: whois-4.7.33-nb.patch to whois-5.0.25-nb.patch\n\n - verify source signatures\n\n - crypt_gensalt moved to separate library libowcrypt (fate#314945)\n\n - update to 5.0.26 [bnc#848594]\n\n - Added the .cf TLD server.\n\n - Updated the .bi TLD server.\n\n - Added a new ASN allocation.\n\n - includes changes from 5.0.25\n\n - Added the .ax, .bn, .iq, .pw and .rw TLD servers.\n\n - Updated one or more translations.\n\n - includes updates changes 5.0.24 :\n\n - Merged documentation fixes and the whois.conf(5) man page\n\n - Added a new ASN allocation.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.23\n\n - whois.nic.or.kr switched from EUC-KR to UTF-8.\n\n - includes changes from 5.0.22\n\n - Fixed cross-compiling\n\n - includes changes from 5.0.21\n\n - Fixed parsing of 6to4 addresses\n\n - Added the .xn--j1amh (.&Ntilde;&#131;&ETH;&ordm;&Ntilde;&#128;, Ukraine) TLD server.\n\n - Updated the .bi, .se and .vn TLD servers.\n\n - Removed whois.pandi.or.id from the list of servers which support the RIPE extensions, since it does not anymore and queries are broken.\n\n - Updated some disclaimer suppression strings.\n\n - Respect DEB_HOST_GNU_TYPE when selecting CC for cross-compiling.\n\n - includes changes form 5.0.20\n\n - Updated the .by, .ng, .om, .sm, .tn, .ug and .vn TLD servers.\n\n - Added the .bw, .td, .xn--mgb9awbf (&Oslash;&sup1;&Ugrave;&#133;&Oslash;&sect;&Ugrave;&#134 ;., Oman), .xn--mgberp4a5d4ar (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sup3;&Oslash;&sup 1;&Ugrave;&#136;&Oslash;&macr;&Ugrave;&#138;&Oslash;&cop y;, Saudi Arabia) and .xn--mgbx4cd0ab (&iuml;&raquo;&cent;&iuml;&raquo;&nbsp;&iuml;&raquo;&acu te;&iuml;&ordm;&acute;&iuml;&raquo;&sup3;&iuml;&ordm;&#1 41;., Malaysia) TLD servers.\n\n - Removed the .kp, .mc, .rw and .xn--mgba3a4f16a (&Oslash;&sect;&Ucirc;&#140;&Oslash;&plusmn;&Oslash;&sec t;&Ugrave;&#134;., Iran) TLD servers.\n\n - includes changes from 5.0.19\n\n - Added the .post TLD server.\n\n - Updated the .co.za SLD servers.\n\n - Added the .alt.za, .net.za and .web.za SLD servers.\n\n - whois.ua changed (?) the encoding to utf-8.\n\n - Fixed the parsing of 6to4 addresses like whois 2002:xxxx::.\n\n - includes changes from 5.0.18\n\n - Updated the .ae and .xn--mgbaam7a8h (.&Oslash;&sect;&Ugrave;&#133;&Oslash;&sect;&Oslash;&plu smn;&Oslash;&sect;&Oslash;&ordf;, United Arabs Emirates) TLDs.\n\n - Updated the server charset table for .fr and .it.\n\n - includes changes from whois 5.0.17\n\n - Updated the .bi, .fo, .gr and .gt TLD servers.\n\n - Removed support for recursion of .org queries, it has been a thick registry since 2005.\n\n - includes changes from 5.0.16\n\n - Added the .xn--80ao21a (.&Ograve;&#154;&ETH;&#144;&ETH;&#151;, Kazakhstan) TLD server.\n\n - Updated the .ec and .ee TLD servers.\n\n - Removed the .xn--mgbc0a9azcg (.&Oslash;&sect;&Ugrave;&#132;&Ugrave;&#133;&Oslash;&ord m;&Oslash;&plusmn;&Oslash;&uml;, Morocco) and .xn--mgberp4a5d4ar (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sup3;&Oslash;&sup 1;&Ugrave;&#136;&Oslash;&macr;&Ugrave;&#138;&Oslash;&cop y;, Saudi Arabia) TLD servers.\n\n - Added a new ASN allocation.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.15\n\n - Added the .xn--mgba3a4f16a (&Oslash;&sect;&Ucirc;&#140;&Oslash;&plusmn;&Oslash;&sec t;&Ugrave;&#134;., Iran) TLD server.\n\n - Updated the .pe TLD server, this time for real.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.14\n\n - Added the .sx TLD server.\n\n - Updated the .pe TLD server.\n\n - includes changes from 5.0.13\n\n - Updated the .hr TLD server.\n\n - Improved the package description\n\n - Updated the FSF address in licenses.\n\n - includes changes from 5.0.12\n\n - Recursion disabled when the query string contains spaces, because probably the query format will not be compatible with the referral server (e.g. whois to rwhois or ARIN to RIPE).\n\n - Add the '+' flag by default to queries to whois.arin.net if the argument looks like an IP address. Also add the 'a' and 'n' flags. No thanks to ARIN for breaking every whois client.\n\n - Added the .cv, .lk, .mq, .sy, .so, .biz.ua, .co.ua, .pp.ua, .qa, .xn--3e0b707e (.&iacute;&#149;&#156;&ecirc;&micro;&shy;, Korea), .xn--45brj9c (.&agrave;&brvbar;&shy;&agrave;&brvbar;&frac34;&agrave;& brvbar;&deg;&agrave;&brvbar;&curren;, India, Bengali), .xn--90a3ac (.&ETH;&iexcl;&ETH;&nbsp;&ETH;&#145;, Serbia), .xn--clchc0ea0b2g2a9gcd (.&agrave;&reg;&#154;&agrave;&reg;&iquest;&agrave;&reg;& #153;&agrave;&macr;&#141;&agrave;&reg;&#149;&agrave;&reg ;&ordf;&agrave;&macr;&#141;&agrave;&reg;&ordf;&agrave;&m acr;&#130;&agrave;&reg;&deg;&agrave;&macr;&#141;, Singapore, Tamil), .xn--fpcrj9c3d (.&agrave;&deg;&shy;&agrave;&deg;&frac34;&agrave;&deg;&d eg;&agrave;&deg;&curren;&agrave;&plusmn;&#141;, India, Telugu), .xn--fzc2c9e2c (.&agrave;&para;&frac12;&agrave;&para;&#130;&agrave;&par a;&#154;&agrave;&middot;&#143;, Sri Lanka, Sinhala), .xn--gecrj9c (.&agrave;&ordf;&shy;&agrave;&ordf;&frac34;&agrave;&ordf ;&deg;&agrave;&ordf;&curren;, India, Gujarati), .xn--h2brj9c (.&agrave;&curren;&shy;&agrave;&curren;&frac34;&agrave;& curren;&deg;&agrave;&curren;&curren;, India, Hindi), .xn--lgbbat1ad8j (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&not;&Oslash;&sup2 ;&Oslash;&sect;&Oslash;&brvbar;&Oslash;&plusmn;, Algeria), .xn--mgbayh7gpa (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sect;&Oslash;&plu smn;&Oslash;&macr;&Ugrave;&#134;, Jordan), .xn--mgbbh1a71e (.&Oslash;&uml;&Uacute;&frac34;&Oslash;&sect;&Oslash;&pl usmn;&Oslash;&ordf;, India, Urdu), .xn--mgbc0a9azcg (.&Oslash;&sect;&Ugrave;&#132;&Ugrave;&#133;&Oslash;&ord m;&Oslash;&plusmn;&Oslash;&uml;, Morocco), .xn--ogbpf8fl (.&Oslash;&sup3;&Ugrave;&#136;&Oslash;&plusmn;&Ugrave;&# 138;&Oslash;&copy;, Syria), .xn--s9brj9c (.&agrave;&uml;&shy;&agrave;&uml;&frac34;&agrave;&uml;&d eg;&agrave;&uml;&curren;, India, Punjabi), .xn--xkc2al3hye2a (.&agrave;&reg;&#135;&agrave;&reg;&sup2;&agrave;&reg;&#1 53;&agrave;&macr;&#141;&agrave;&reg;&#149;&agrave;&macr;\n &#136;, Sri Lanka, Tamil), .xn--wgbl6a (.&Ugrave;&#130;&Oslash;&middot;&Oslash;&plusmn;, Qatar), .xn--xkc2dl3a5ee0h (.&agrave;&reg;&#135;&agrave;&reg;&uml;&agrave;&macr;&#1 41;&agrave;&reg;&curren;&agrave;&reg;&iquest;&agrave;&re g;&macr;&agrave;&reg;&frac34;, India, Tamil), .xn--yfro4i67o (.&aelig;&#150;&deg;&aring;&#138;&nbsp;&aring;&#157;&iex cl;, Singapore, Chinese) and .xxx TLD servers. (Closes:\n #642424),\n\n - Added the .priv.at pseudo-SLD server.\n\n - Updated the .co, .gf, .gp, .kr, .li, .rs, .ru, .su, .sv, .ua and .xn--p1ai TLD servers. (Closes: #590425, #634830, #627478)\n\n - Added a new ASN allocation.\n\n - Fixed a typo and -t syntax in whois(1). (Closes:\n #614973, #632588)\n\n - Made whois return an error in some cases, code contributed by David Souther.\n\n - Split HAVE_LINUX_CRYPT_GENSALT from HAVE_XCRYPT to support SuSE, which has it builtin in the libc. Added untested support for Solaris' crypt_gensalt(3). This and the following changes have been contributed by Ludwig Nussel of SuSE.\n\n - mkpasswd: stop rejecting non-ASCII characters.\n\n - mkpasswd: added support for the 2y algorithm, which fixes CVE-2011-2483.\n\n - mkpasswd: raised the number of rounds for 2a/2y from 4 to 5, which is the current default.\n\n - mkpasswd: removed support for 2 and (SHA), which actually are not supported by FreeBSD and libxcrypt.\n\n - packaging changes\n\n - removed patches accepted upstream:\n whois-5.0.11-mkpasswd-support-Owl-patched-libcrypt.diff whois-5.0.11-mkpasswd-crypt_gensalt-might-change-the-pre fix.diff whois-5.0.11-mkpasswd-support-8bit-characters.diff whois-5.0.11-mkpasswd-add-support-for-the-new-2y-blowfis h-tag-CVE-2011-2483.diff whois-5.0.11-mkpasswd-set-default-blowfish-rounds-to-5.d iff whois-5.0.11-mkpasswd-remove-obsolete-settings.diff\n\n - removed patches no longer required:\n whois-5.0.11-mkpasswd-fix-compiler-warnings.diff\n\n - updated patches: whois-4.7.33-nb.patch to whois-5.0.25-nb.patch\n\n - verify source signatures\n\n - crypt_gensalt moved to separate library libowcrypt (fate#314945)", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : whois (openSUSE-SU-2013:1670-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:whois", "p-cpe:/a:novell:opensuse:whois-debuginfo", "p-cpe:/a:novell:opensuse:whois-debugsource", "cpe:/o:novell:opensuse:12.2", "cpe:/o:novell:opensuse:12.3"], "id": "OPENSUSE-2013-849.NASL", "href": "https://www.tenable.com/plugins/nessus/75198", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-849.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75198);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"openSUSE Security Update : whois (openSUSE-SU-2013:1670-1)\");\n script_summary(english:\"Check for the openSUSE-2013-849 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to 5.0.26 [bnc#848594]\n\n - Added the .cf TLD server.\n\n - Updated the .bi TLD server.\n\n - Added a new ASN allocation.\n\n - includes changes from 5.0.25\n\n - Added the .ax, .bn, .iq, .pw and .rw TLD servers.\n\n - Updated one or more translations.\n\n - includes updates changes 5.0.24 :\n\n - Merged documentation fixes and the whois.conf(5) man\n page\n\n - Added a new ASN allocation.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.23\n\n - whois.nic.or.kr switched from EUC-KR to UTF-8.\n\n - includes changes from 5.0.22\n\n - Fixed cross-compiling\n\n - includes changes from 5.0.21\n\n - Fixed parsing of 6to4 addresses\n\n - Added the .xn--j1amh\n (.&Ntilde;&#131;&ETH;&ordm;&Ntilde;&#128;, Ukraine) TLD\n server.\n\n - Updated the .bi, .se and .vn TLD servers.\n\n - Removed whois.pandi.or.id from the list of servers which\n support the RIPE extensions, since it does not anymore\n and queries are broken.\n\n - Updated some disclaimer suppression strings.\n\n - Respect DEB_HOST_GNU_TYPE when selecting CC for\n cross-compiling.\n\n - includes changes form 5.0.20\n\n - Updated the .by, .ng, .om, .sm, .tn, .ug and .vn TLD\n servers.\n\n - Added the .bw, .td, .xn--mgb9awbf\n (&Oslash;&sup1;&Ugrave;&#133;&Oslash;&sect;&Ugrave;&#134\n ;., Oman), .xn--mgberp4a5d4ar\n (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sup3;&Oslash;&sup\n 1;&Ugrave;&#136;&Oslash;&macr;&Ugrave;&#138;&Oslash;&cop\n y;, Saudi Arabia) and .xn--mgbx4cd0ab\n (&iuml;&raquo;&cent;&iuml;&raquo;&nbsp;&iuml;&raquo;&acu\n te;&iuml;&ordm;&acute;&iuml;&raquo;&sup3;&iuml;&ordm;&#1\n 41;., Malaysia) TLD servers.\n\n - Removed the .kp, .mc, .rw and .xn--mgba3a4f16a\n (&Oslash;&sect;&Ucirc;&#140;&Oslash;&plusmn;&Oslash;&sec\n t;&Ugrave;&#134;., Iran) TLD servers.\n\n - includes changes from 5.0.19\n\n - Added the .post TLD server.\n\n - Updated the .co.za SLD servers.\n\n - Added the .alt.za, .net.za and .web.za SLD servers.\n\n - whois.ua changed (?) the encoding to utf-8.\n\n - Fixed the parsing of 6to4 addresses like whois\n 2002:xxxx::.\n\n - includes changes from 5.0.18\n\n - Updated the .ae and .xn--mgbaam7a8h\n (.&Oslash;&sect;&Ugrave;&#133;&Oslash;&sect;&Oslash;&plu\n smn;&Oslash;&sect;&Oslash;&ordf;, United Arabs Emirates)\n TLDs.\n\n - Updated the server charset table for .fr and .it.\n\n - includes changes from whois 5.0.17\n\n - Updated the .bi, .fo, .gr and .gt TLD servers.\n\n - Removed support for recursion of .org queries, it has\n been a thick registry since 2005.\n\n - includes changes from 5.0.16\n\n - Added the .xn--80ao21a\n (.&Ograve;&#154;&ETH;&#144;&ETH;&#151;, Kazakhstan) TLD\n server.\n\n - Updated the .ec and .ee TLD servers.\n\n - Removed the .xn--mgbc0a9azcg\n (.&Oslash;&sect;&Ugrave;&#132;&Ugrave;&#133;&Oslash;&ord\n m;&Oslash;&plusmn;&Oslash;&uml;, Morocco) and\n .xn--mgberp4a5d4ar\n (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sup3;&Oslash;&sup\n 1;&Ugrave;&#136;&Oslash;&macr;&Ugrave;&#138;&Oslash;&cop\n y;, Saudi Arabia) TLD servers.\n\n - Added a new ASN allocation.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.15\n\n - Added the .xn--mgba3a4f16a\n (&Oslash;&sect;&Ucirc;&#140;&Oslash;&plusmn;&Oslash;&sec\n t;&Ugrave;&#134;., Iran) TLD server.\n\n - Updated the .pe TLD server, this time for real.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.14\n\n - Added the .sx TLD server.\n\n - Updated the .pe TLD server.\n\n - includes changes from 5.0.13\n\n - Updated the .hr TLD server.\n\n - Improved the package description\n\n - Updated the FSF address in licenses.\n\n - includes changes from 5.0.12\n\n - Recursion disabled when the query string contains\n spaces, because probably the query format will not be\n compatible with the referral server (e.g. whois to\n rwhois or ARIN to RIPE).\n\n - Add the '+' flag by default to queries to whois.arin.net\n if the argument looks like an IP address. Also add the\n 'a' and 'n' flags. No thanks to ARIN for breaking every\n whois client.\n\n - Added the .cv, .lk, .mq, .sy, .so, .biz.ua, .co.ua,\n .pp.ua, .qa, .xn--3e0b707e\n (.&iacute;&#149;&#156;&ecirc;&micro;&shy;, Korea),\n .xn--45brj9c\n (.&agrave;&brvbar;&shy;&agrave;&brvbar;&frac34;&agrave;&\n brvbar;&deg;&agrave;&brvbar;&curren;, India, Bengali),\n .xn--90a3ac (.&ETH;&iexcl;&ETH;&nbsp;&ETH;&#145;,\n Serbia), .xn--clchc0ea0b2g2a9gcd\n (.&agrave;&reg;&#154;&agrave;&reg;&iquest;&agrave;&reg;&\n #153;&agrave;&macr;&#141;&agrave;&reg;&#149;&agrave;&reg\n ;&ordf;&agrave;&macr;&#141;&agrave;&reg;&ordf;&agrave;&m\n acr;&#130;&agrave;&reg;&deg;&agrave;&macr;&#141;,\n Singapore, Tamil), .xn--fpcrj9c3d\n (.&agrave;&deg;&shy;&agrave;&deg;&frac34;&agrave;&deg;&d\n eg;&agrave;&deg;&curren;&agrave;&plusmn;&#141;, India,\n Telugu), .xn--fzc2c9e2c\n (.&agrave;&para;&frac12;&agrave;&para;&#130;&agrave;&par\n a;&#154;&agrave;&middot;&#143;, Sri Lanka, Sinhala),\n .xn--gecrj9c\n (.&agrave;&ordf;&shy;&agrave;&ordf;&frac34;&agrave;&ordf\n ;&deg;&agrave;&ordf;&curren;, India, Gujarati),\n .xn--h2brj9c\n (.&agrave;&curren;&shy;&agrave;&curren;&frac34;&agrave;&\n curren;&deg;&agrave;&curren;&curren;, India, Hindi),\n .xn--lgbbat1ad8j\n (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&not;&Oslash;&sup2\n ;&Oslash;&sect;&Oslash;&brvbar;&Oslash;&plusmn;,\n Algeria), .xn--mgbayh7gpa\n (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sect;&Oslash;&plu\n smn;&Oslash;&macr;&Ugrave;&#134;, Jordan),\n .xn--mgbbh1a71e\n (.&Oslash;&uml;&Uacute;&frac34;&Oslash;&sect;&Oslash;&pl\n usmn;&Oslash;&ordf;, India, Urdu), .xn--mgbc0a9azcg\n (.&Oslash;&sect;&Ugrave;&#132;&Ugrave;&#133;&Oslash;&ord\n m;&Oslash;&plusmn;&Oslash;&uml;, Morocco), .xn--ogbpf8fl\n (.&Oslash;&sup3;&Ugrave;&#136;&Oslash;&plusmn;&Ugrave;&#\n 138;&Oslash;&copy;, Syria), .xn--s9brj9c\n (.&agrave;&uml;&shy;&agrave;&uml;&frac34;&agrave;&uml;&d\n eg;&agrave;&uml;&curren;, India, Punjabi),\n .xn--xkc2al3hye2a\n (.&agrave;&reg;&#135;&agrave;&reg;&sup2;&agrave;&reg;&#1\n 53;&agrave;&macr;&#141;&agrave;&reg;&#149;&agrave;&macr;\n &#136;, Sri Lanka, Tamil), .xn--wgbl6a\n (.&Ugrave;&#130;&Oslash;&middot;&Oslash;&plusmn;,\n Qatar), .xn--xkc2dl3a5ee0h\n (.&agrave;&reg;&#135;&agrave;&reg;&uml;&agrave;&macr;&#1\n 41;&agrave;&reg;&curren;&agrave;&reg;&iquest;&agrave;&re\n g;&macr;&agrave;&reg;&frac34;, India, Tamil),\n .xn--yfro4i67o\n (.&aelig;&#150;&deg;&aring;&#138;&nbsp;&aring;&#157;&iex\n cl;, Singapore, Chinese) and .xxx TLD servers. (Closes:\n #642424),\n\n - Added the .priv.at pseudo-SLD server.\n\n - Updated the .co, .gf, .gp, .kr, .li, .rs, .ru, .su, .sv,\n .ua and .xn--p1ai TLD servers. (Closes: #590425,\n #634830, #627478)\n\n - Added a new ASN allocation.\n\n - Fixed a typo and -t syntax in whois(1). (Closes:\n #614973, #632588)\n\n - Made whois return an error in some cases, code\n contributed by David Souther.\n\n - Split HAVE_LINUX_CRYPT_GENSALT from HAVE_XCRYPT to\n support SuSE, which has it builtin in the libc. Added\n untested support for Solaris' crypt_gensalt(3). This and\n the following changes have been contributed by Ludwig\n Nussel of SuSE.\n\n - mkpasswd: stop rejecting non-ASCII characters.\n\n - mkpasswd: added support for the 2y algorithm, which\n fixes CVE-2011-2483.\n\n - mkpasswd: raised the number of rounds for 2a/2y from 4\n to 5, which is the current default.\n\n - mkpasswd: removed support for 2 and (SHA), which\n actually are not supported by FreeBSD and libxcrypt.\n\n - packaging changes\n\n - removed patches accepted upstream:\n whois-5.0.11-mkpasswd-support-Owl-patched-libcrypt.diff\n whois-5.0.11-mkpasswd-crypt_gensalt-might-change-the-pre\n fix.diff\n whois-5.0.11-mkpasswd-support-8bit-characters.diff\n whois-5.0.11-mkpasswd-add-support-for-the-new-2y-blowfis\n h-tag-CVE-2011-2483.diff\n whois-5.0.11-mkpasswd-set-default-blowfish-rounds-to-5.d\n iff whois-5.0.11-mkpasswd-remove-obsolete-settings.diff\n\n - removed patches no longer required:\n whois-5.0.11-mkpasswd-fix-compiler-warnings.diff\n\n - updated patches: whois-4.7.33-nb.patch to\n whois-5.0.25-nb.patch\n\n - verify source signatures\n\n - crypt_gensalt moved to separate library libowcrypt\n (fate#314945)\n\n - update to 5.0.26 [bnc#848594]\n\n - Added the .cf TLD server.\n\n - Updated the .bi TLD server.\n\n - Added a new ASN allocation.\n\n - includes changes from 5.0.25\n\n - Added the .ax, .bn, .iq, .pw and .rw TLD servers.\n\n - Updated one or more translations.\n\n - includes updates changes 5.0.24 :\n\n - Merged documentation fixes and the whois.conf(5) man\n page\n\n - Added a new ASN allocation.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.23\n\n - whois.nic.or.kr switched from EUC-KR to UTF-8.\n\n - includes changes from 5.0.22\n\n - Fixed cross-compiling\n\n - includes changes from 5.0.21\n\n - Fixed parsing of 6to4 addresses\n\n - Added the .xn--j1amh\n (.&Ntilde;&#131;&ETH;&ordm;&Ntilde;&#128;, Ukraine) TLD\n server.\n\n - Updated the .bi, .se and .vn TLD servers.\n\n - Removed whois.pandi.or.id from the list of servers which\n support the RIPE extensions, since it does not anymore\n and queries are broken.\n\n - Updated some disclaimer suppression strings.\n\n - Respect DEB_HOST_GNU_TYPE when selecting CC for\n cross-compiling.\n\n - includes changes form 5.0.20\n\n - Updated the .by, .ng, .om, .sm, .tn, .ug and .vn TLD\n servers.\n\n - Added the .bw, .td, .xn--mgb9awbf\n (&Oslash;&sup1;&Ugrave;&#133;&Oslash;&sect;&Ugrave;&#134\n ;., Oman), .xn--mgberp4a5d4ar\n (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sup3;&Oslash;&sup\n 1;&Ugrave;&#136;&Oslash;&macr;&Ugrave;&#138;&Oslash;&cop\n y;, Saudi Arabia) and .xn--mgbx4cd0ab\n (&iuml;&raquo;&cent;&iuml;&raquo;&nbsp;&iuml;&raquo;&acu\n te;&iuml;&ordm;&acute;&iuml;&raquo;&sup3;&iuml;&ordm;&#1\n 41;., Malaysia) TLD servers.\n\n - Removed the .kp, .mc, .rw and .xn--mgba3a4f16a\n (&Oslash;&sect;&Ucirc;&#140;&Oslash;&plusmn;&Oslash;&sec\n t;&Ugrave;&#134;., Iran) TLD servers.\n\n - includes changes from 5.0.19\n\n - Added the .post TLD server.\n\n - Updated the .co.za SLD servers.\n\n - Added the .alt.za, .net.za and .web.za SLD servers.\n\n - whois.ua changed (?) the encoding to utf-8.\n\n - Fixed the parsing of 6to4 addresses like whois\n 2002:xxxx::.\n\n - includes changes from 5.0.18\n\n - Updated the .ae and .xn--mgbaam7a8h\n (.&Oslash;&sect;&Ugrave;&#133;&Oslash;&sect;&Oslash;&plu\n smn;&Oslash;&sect;&Oslash;&ordf;, United Arabs Emirates)\n TLDs.\n\n - Updated the server charset table for .fr and .it.\n\n - includes changes from whois 5.0.17\n\n - Updated the .bi, .fo, .gr and .gt TLD servers.\n\n - Removed support for recursion of .org queries, it has\n been a thick registry since 2005.\n\n - includes changes from 5.0.16\n\n - Added the .xn--80ao21a\n (.&Ograve;&#154;&ETH;&#144;&ETH;&#151;, Kazakhstan) TLD\n server.\n\n - Updated the .ec and .ee TLD servers.\n\n - Removed the .xn--mgbc0a9azcg\n (.&Oslash;&sect;&Ugrave;&#132;&Ugrave;&#133;&Oslash;&ord\n m;&Oslash;&plusmn;&Oslash;&uml;, Morocco) and\n .xn--mgberp4a5d4ar\n (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sup3;&Oslash;&sup\n 1;&Ugrave;&#136;&Oslash;&macr;&Ugrave;&#138;&Oslash;&cop\n y;, Saudi Arabia) TLD servers.\n\n - Added a new ASN allocation.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.15\n\n - Added the .xn--mgba3a4f16a\n (&Oslash;&sect;&Ucirc;&#140;&Oslash;&plusmn;&Oslash;&sec\n t;&Ugrave;&#134;., Iran) TLD server.\n\n - Updated the .pe TLD server, this time for real.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.14\n\n - Added the .sx TLD server.\n\n - Updated the .pe TLD server.\n\n - includes changes from 5.0.13\n\n - Updated the .hr TLD server.\n\n - Improved the package description\n\n - Updated the FSF address in licenses.\n\n - includes changes from 5.0.12\n\n - Recursion disabled when the query string contains\n spaces, because probably the query format will not be\n compatible with the referral server (e.g. whois to\n rwhois or ARIN to RIPE).\n\n - Add the '+' flag by default to queries to whois.arin.net\n if the argument looks like an IP address. Also add the\n 'a' and 'n' flags. No thanks to ARIN for breaking every\n whois client.\n\n - Added the .cv, .lk, .mq, .sy, .so, .biz.ua, .co.ua,\n .pp.ua, .qa, .xn--3e0b707e\n (.&iacute;&#149;&#156;&ecirc;&micro;&shy;, Korea),\n .xn--45brj9c\n (.&agrave;&brvbar;&shy;&agrave;&brvbar;&frac34;&agrave;&\n brvbar;&deg;&agrave;&brvbar;&curren;, India, Bengali),\n .xn--90a3ac (.&ETH;&iexcl;&ETH;&nbsp;&ETH;&#145;,\n Serbia), .xn--clchc0ea0b2g2a9gcd\n (.&agrave;&reg;&#154;&agrave;&reg;&iquest;&agrave;&reg;&\n #153;&agrave;&macr;&#141;&agrave;&reg;&#149;&agrave;&reg\n ;&ordf;&agrave;&macr;&#141;&agrave;&reg;&ordf;&agrave;&m\n acr;&#130;&agrave;&reg;&deg;&agrave;&macr;&#141;,\n Singapore, Tamil), .xn--fpcrj9c3d\n (.&agrave;&deg;&shy;&agrave;&deg;&frac34;&agrave;&deg;&d\n eg;&agrave;&deg;&curren;&agrave;&plusmn;&#141;, India,\n Telugu), .xn--fzc2c9e2c\n (.&agrave;&para;&frac12;&agrave;&para;&#130;&agrave;&par\n a;&#154;&agrave;&middot;&#143;, Sri Lanka, Sinhala),\n .xn--gecrj9c\n (.&agrave;&ordf;&shy;&agrave;&ordf;&frac34;&agrave;&ordf\n ;&deg;&agrave;&ordf;&curren;, India, Gujarati),\n .xn--h2brj9c\n (.&agrave;&curren;&shy;&agrave;&curren;&frac34;&agrave;&\n curren;&deg;&agrave;&curren;&curren;, India, Hindi),\n .xn--lgbbat1ad8j\n (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&not;&Oslash;&sup2\n ;&Oslash;&sect;&Oslash;&brvbar;&Oslash;&plusmn;,\n Algeria), .xn--mgbayh7gpa\n (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sect;&Oslash;&plu\n smn;&Oslash;&macr;&Ugrave;&#134;, Jordan),\n .xn--mgbbh1a71e\n (.&Oslash;&uml;&Uacute;&frac34;&Oslash;&sect;&Oslash;&pl\n usmn;&Oslash;&ordf;, India, Urdu), .xn--mgbc0a9azcg\n (.&Oslash;&sect;&Ugrave;&#132;&Ugrave;&#133;&Oslash;&ord\n m;&Oslash;&plusmn;&Oslash;&uml;, Morocco), .xn--ogbpf8fl\n (.&Oslash;&sup3;&Ugrave;&#136;&Oslash;&plusmn;&Ugrave;&#\n 138;&Oslash;&copy;, Syria), .xn--s9brj9c\n (.&agrave;&uml;&shy;&agrave;&uml;&frac34;&agrave;&uml;&d\n eg;&agrave;&uml;&curren;, India, Punjabi),\n .xn--xkc2al3hye2a\n (.&agrave;&reg;&#135;&agrave;&reg;&sup2;&agrave;&reg;&#1\n 53;&agrave;&macr;&#141;&agrave;&reg;&#149;&agrave;&macr;\n &#136;, Sri Lanka, Tamil), .xn--wgbl6a\n (.&Ugrave;&#130;&Oslash;&middot;&Oslash;&plusmn;,\n Qatar), .xn--xkc2dl3a5ee0h\n (.&agrave;&reg;&#135;&agrave;&reg;&uml;&agrave;&macr;&#1\n 41;&agrave;&reg;&curren;&agrave;&reg;&iquest;&agrave;&re\n g;&macr;&agrave;&reg;&frac34;, India, Tamil),\n .xn--yfro4i67o\n (.&aelig;&#150;&deg;&aring;&#138;&nbsp;&aring;&#157;&iex\n cl;, Singapore, Chinese) and .xxx TLD servers. (Closes:\n #642424),\n\n - Added the .priv.at pseudo-SLD server.\n\n - Updated the .co, .gf, .gp, .kr, .li, .rs, .ru, .su, .sv,\n .ua and .xn--p1ai TLD servers. (Closes: #590425,\n #634830, #627478)\n\n - Added a new ASN allocation.\n\n - Fixed a typo and -t syntax in whois(1). (Closes:\n #614973, #632588)\n\n - Made whois return an error in some cases, code\n contributed by David Souther.\n\n - Split HAVE_LINUX_CRYPT_GENSALT from HAVE_XCRYPT to\n support SuSE, which has it builtin in the libc. Added\n untested support for Solaris' crypt_gensalt(3). This and\n the following changes have been contributed by Ludwig\n Nussel of SuSE.\n\n - mkpasswd: stop rejecting non-ASCII characters.\n\n - mkpasswd: added support for the 2y algorithm, which\n fixes CVE-2011-2483.\n\n - mkpasswd: raised the number of rounds for 2a/2y from 4\n to 5, which is the current default.\n\n - mkpasswd: removed support for 2 and (SHA), which\n actually are not supported by FreeBSD and libxcrypt.\n\n - packaging changes\n\n - removed patches accepted upstream:\n whois-5.0.11-mkpasswd-support-Owl-patched-libcrypt.diff\n whois-5.0.11-mkpasswd-crypt_gensalt-might-change-the-pre\n fix.diff\n whois-5.0.11-mkpasswd-support-8bit-characters.diff\n whois-5.0.11-mkpasswd-add-support-for-the-new-2y-blowfis\n h-tag-CVE-2011-2483.diff\n whois-5.0.11-mkpasswd-set-default-blowfish-rounds-to-5.d\n iff whois-5.0.11-mkpasswd-remove-obsolete-settings.diff\n\n - removed patches no longer required:\n whois-5.0.11-mkpasswd-fix-compiler-warnings.diff\n\n - updated patches: whois-4.7.33-nb.patch to\n whois-5.0.25-nb.patch\n\n - verify source signatures\n\n - crypt_gensalt moved to separate library libowcrypt\n (fate#314945)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=848594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-11/msg00025.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected whois packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:whois\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:whois-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:whois-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"whois-5.0.26-10.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"whois-debuginfo-5.0.26-10.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"whois-debugsource-5.0.26-10.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"whois-5.0.26-12.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"whois-debuginfo-5.0.26-12.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"whois-debugsource-5.0.26-12.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"whois / whois-debuginfo / whois-debugsource\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:11:08", "description": "The crypt(3) manpage was updated to also list the 2y prefix.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : man-pages (openSUSE-SU-2011:0970-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:man-pages", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_MAN-PAGES-110823.NASL", "href": "https://www.tenable.com/plugins/nessus/75642", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update man-pages-5032.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75642);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"openSUSE Security Update : man-pages (openSUSE-SU-2011:0970-1)\");\n script_summary(english:\"Check for the man-pages-5032 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"The crypt(3) manpage was updated to also list the 2y prefix.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00044.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected man-pages package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:man-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"man-pages-3.25-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"man-pages\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:25:32", "description": "A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'.", "cvss3": {}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : postgresql (ALAS-2011-12)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:postgresql", "p-cpe:/a:amazon:linux:postgresql-contrib", "p-cpe:/a:amazon:linux:postgresql-debuginfo", "p-cpe:/a:amazon:linux:postgresql-devel", "p-cpe:/a:amazon:linux:postgresql-docs", "p-cpe:/a:amazon:linux:postgresql-libs", "p-cpe:/a:amazon:linux:postgresql-plperl", "p-cpe:/a:amazon:linux:postgresql-plpython", "p-cpe:/a:amazon:linux:postgresql-pltcl", "p-cpe:/a:amazon:linux:postgresql-server", "p-cpe:/a:amazon:linux:postgresql-test", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2011-12.NASL", "href": "https://www.tenable.com/plugins/nessus/69571", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2011-12.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69571);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2011-2483\");\n script_xref(name:\"ALAS\", value:\"2011-12\");\n script_xref(name:\"RHSA\", value:\"2011:1377\");\n\n script_name(english:\"Amazon Linux AMI : postgresql (ALAS-2011-12)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A signedness issue was found in the way the crypt() function in the\nPostgreSQL pgcrypto module handled 8-bit characters in passwords when\nusing Blowfish hashing. Up to three characters immediately preceding a\nnon-ASCII character (one with the high bit set) had no effect on the\nhash result, thus shortening the effective password length. This made\nbrute-force guessing more efficient as several different passwords\nwere hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to applications that store user\npasswords, hashed with Blowfish using the PostgreSQL crypt() function,\nin a back-end PostgreSQL database. Unsafe processing can be re-enabled\nfor specific passwords (allowing affected users to log in) by changing\ntheir hash prefix to '$2x$'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2011-12.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update postgresql' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-contrib-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-debuginfo-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-devel-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-docs-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-libs-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-plperl-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-plpython-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-pltcl-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-server-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-test-8.4.9-1.13.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:42:20", "description": "It was discovered that the blowfish algorithm in the pgcrypto module incorrectly handled certain 8-bit characters, resulting in the password hashes being easier to crack than expected. An attacker who could obtain the password hashes would be able to recover the plaintext with less effort.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-10-14T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : postgresql-8.3, postgresql-8.4 vulnerability (USN-1229-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2019-09-19T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:11.04", "p-cpe:/a:canonical:ubuntu_linux:postgresql-8.3", "p-cpe:/a:canonical:ubuntu_linux:postgresql-8.4"], "id": "UBUNTU_USN-1229-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56506", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1229-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56506);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2483\");\n script_bugtraq_id(49241);\n script_xref(name:\"USN\", value:\"1229-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : postgresql-8.3, postgresql-8.4 vulnerability (USN-1229-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the blowfish algorithm in the pgcrypto module\nincorrectly handled certain 8-bit characters, resulting in the\npassword hashes being easier to crack than expected. An attacker who\ncould obtain the password hashes would be able to recover the\nplaintext with less effort.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1229-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql-8.3 and / or postgresql-8.4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-8.3\", pkgver:\"8.3.16-0ubuntu0.8.04\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"postgresql-8.4\", pkgver:\"8.4.9-0ubuntu0.10.04\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"postgresql-8.4\", pkgver:\"8.4.9-0ubuntu0.10.10\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"postgresql-8.4\", pkgver:\"8.4.9-0ubuntu0.11.04\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql-8.3 / postgresql-8.4\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:42:53", "description": "magnum discovered that the blowfish password hashing used amongst others in PostgreSQL contained a weakness that would give passwords with 8 bit characters the same hash as weaker equivalents.", "cvss3": {}, "published": "2011-11-08T00:00:00", "type": "nessus", "title": "Debian DSA-2340-1 : postgresql-8.3, postgresql-8.4, postgresql-9.0 - weak password hashing", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:postgresql-8.3", "p-cpe:/a:debian:debian_linux:postgresql-8.4", "p-cpe:/a:debian:debian_linux:postgresql-9.0", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2340.NASL", "href": "https://www.tenable.com/plugins/nessus/56730", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2340. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56730);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2483\");\n script_bugtraq_id(49241);\n script_xref(name:\"DSA\", value:\"2340\");\n\n script_name(english:\"Debian DSA-2340-1 : postgresql-8.3, postgresql-8.4, postgresql-9.0 - weak password hashing\");\n script_summary(english:\"Checks dpkg output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"magnum discovered that the blowfish password hashing used amongst\nothers in PostgreSQL contained a weakness that would give passwords\nwith 8 bit characters the same hash as weaker equivalents.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/postgresql-8.4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2340\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the postgresql packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\npostgresql-8.3 version 8.3.16-0lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\npostgresql-8.4 version 8.4.9-0squeeze1.\n\nThe updates also include reliability improvements, originally\nscheduled for inclusion into the next point release; for details see\nthe respective changelogs.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-8.3\", reference:\"8.3.16-0lenny1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libecpg-compat3\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libecpg-dev\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libecpg6\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpgtypes3\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpq-dev\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpq5\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-8.4\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-client\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-client-8.4\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-contrib\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-contrib-8.4\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-doc\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-doc-8.4\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-plperl-8.4\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-plpython-8.4\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-pltcl-8.4\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-server-dev-8.4\", reference:\"8.4.9-0squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:12:05", "description": "The crypt(3) manpage was updated to also list the 2y prefix.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : man-pages (openSUSE-SU-2011:0970-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:man-pages", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_MAN-PAGES-110823.NASL", "href": "https://www.tenable.com/plugins/nessus/75943", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update man-pages-5032.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75943);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"openSUSE Security Update : man-pages (openSUSE-SU-2011:0970-1)\");\n script_summary(english:\"Check for the man-pages-5032 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"The crypt(3) manpage was updated to also list the 2y prefix.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00044.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected man-pages package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:man-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"man-pages-3.32-4.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"man-pages\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:11:07", "description": "The security update for CVE-2011-2483 broke changing blowfish passwords if compat mode was turned on (default). This update fixes the regression.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libxcrypt (openSUSE-SU-2011:0972-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libxcrypt", "p-cpe:/a:novell:opensuse:libxcrypt-32bit", "p-cpe:/a:novell:opensuse:libxcrypt-devel", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_LIBXCRYPT-110824.NASL", "href": "https://www.tenable.com/plugins/nessus/75631", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libxcrypt-5049.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75631);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"openSUSE Security Update : libxcrypt (openSUSE-SU-2011:0972-1)\");\n script_summary(english:\"Check for the libxcrypt-5049 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The security update for CVE-2011-2483 broke changing blowfish\npasswords if compat mode was turned on (default). This update fixes\nthe regression.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00045.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxcrypt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libxcrypt-3.0.3-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libxcrypt-devel-3.0.3-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libxcrypt-32bit-3.0.3-5.11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxcrypt / libxcrypt-32bit / libxcrypt-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:26:56", "description": "Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system (DBMS).\n\nA signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'.\n\nFor Red Hat Enterprise Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nFor Red Hat Enterprise Linux 4 and 5, the updated postgresql packages contain a backported patch.\n\nAll PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.", "cvss3": {}, "published": "2011-10-19T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : postgresql (CESA-2011:1377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:postgresql", "p-cpe:/a:centos:centos:postgresql-contrib", "p-cpe:/a:centos:centos:postgresql-devel", "p-cpe:/a:centos:centos:postgresql-docs", "p-cpe:/a:centos:centos:postgresql-jdbc", "p-cpe:/a:centos:centos:postgresql-libs", "p-cpe:/a:centos:centos:postgresql-pl", "p-cpe:/a:centos:centos:postgresql-python", "p-cpe:/a:centos:centos:postgresql-server", "p-cpe:/a:centos:centos:postgresql-tcl", "p-cpe:/a:centos:centos:postgresql-test", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1377.NASL", "href": "https://www.tenable.com/plugins/nessus/56535", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1377 and \n# CentOS Errata and Security Advisory 2011:1377 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56535);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-2483\");\n script_bugtraq_id(49241);\n script_xref(name:\"RHSA\", value:\"2011:1377\");\n\n script_name(english:\"CentOS 4 / 5 : postgresql (CESA-2011:1377)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated postgresql packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nA signedness issue was found in the way the crypt() function in the\nPostgreSQL pgcrypto module handled 8-bit characters in passwords when\nusing Blowfish hashing. Up to three characters immediately preceding a\nnon-ASCII character (one with the high bit set) had no effect on the\nhash result, thus shortening the effective password length. This made\nbrute-force guessing more efficient as several different passwords\nwere hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to applications that store user\npasswords, hashed with Blowfish using the PostgreSQL crypt() function,\nin a back-end PostgreSQL database. Unsafe processing can be re-enabled\nfor specific passwords (allowing affected users to log in) by changing\ntheir hash prefix to '$2x$'.\n\nFor Red Hat Enterprise Linux 6, the updated postgresql packages\nupgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release\nNotes for a full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nFor Red Hat Enterprise Linux 4 and 5, the updated postgresql packages\ncontain a backported patch.\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct this issue. If the postgresql service is running, it\nwill be automatically restarted after installing this update.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018165.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6786291\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018166.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c47b658f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018115.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cd9d35e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018116.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cedd88ec\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-contrib-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-contrib-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-devel-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-devel-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-docs-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-docs-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-jdbc-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-jdbc-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-libs-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-libs-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-pl-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-pl-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-python-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-python-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-server-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-server-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-tcl-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-tcl-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-test-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-test-7.4.30-3.el4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-contrib-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-devel-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-docs-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-libs-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-pl-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-python-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-server-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-tcl-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-test-8.1.23-1.el5_7.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:25:00", "description": "The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any way? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd", "cvss3": {}, "published": "2011-08-20T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : glibc (ZYPP Patch Number 7659)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GLIBC-7659.NASL", "href": "https://www.tenable.com/plugins/nessus/55920", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55920);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"SuSE 10 Security Update : glibc (ZYPP Patch Number 7659)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The implementation of the blowfish based password hashing method had a\nbug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force\nmethods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing\nfunction (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After\ninstalling the update existing $2a hashes therefore no longer match\nhashes generated with the new, correct implementation if the password\ncontains 8bit characters. For system logins via PAM the pam_unix2\nmodule activates a compat mode and keeps processing existing $2a\nhashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously\nidentify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are\nadvised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords\nusing the blowfish hash do not have such a compat mode. That means\nusers with 8bit passwords that use such services will not be able to\nlog in anymore after the update. As workaround administrators may edit\nthe service's password database and change stored hashes from $2a to\n$2x. This will result in crypt() using the old algorithm. Users should\nbe required to change their passwords to make sure they are migrated\nto the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any\nway? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x ->\nbuggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the\npassword database and change the '$2a' prefix of the affected users'\nhashes to '$2x'. They will be able to log in again but should change\ntheir password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set\nBLOWFISH_2a2x=no in /etc/default/passwd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7659.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-devel-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-html-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-i18ndata-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-info-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-locale-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-profile-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"libxcrypt-2.4-12.9.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"libxcrypt-devel-2.4-12.9.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"nscd-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"pam-modules-10-2.17.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"pwdutils-3.0.7.1-17.34.36.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"pwdutils-plugin-audit-3.0.7.1-17.34.36.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"libxcrypt-32bit-2.4-12.9.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"pam-modules-32bit-10-2.17.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2019-05-29T18:39:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-11-28T00:00:00", "type": "openvas", "title": "Mandriva Update for glibc MDVSA-2011:178 (glibc)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2898", "CVE-2010-0296", "CVE-2011-2483", "CVE-2011-1659", "CVE-2011-1071", "CVE-2011-1095", "CVE-2010-3847", "CVE-2011-0536", "CVE-2011-1089"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831500", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831500", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for glibc MDVSA-2011:178 (glibc)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-11/msg00037.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831500\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-28 12:50:20 +0530 (Mon, 28 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:178\");\n script_cve_id(\"CVE-2010-3847\", \"CVE-2011-0536\", \"CVE-2010-2898\", \"CVE-2011-1071\",\n \"CVE-2010-0296\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\",\n \"CVE-2011-2483\");\n script_name(\"Mandriva Update for glibc MDVSA-2011:178 (glibc)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1)\");\n script_tag(name:\"affected\", value:\"glibc on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities was discovered and fixed in glibc:\n Multiple untrusted search path vulnerabilities in elf/dl-object.c in\n certain modified versions of the GNU C Library (aka glibc or libc6),\n including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat\n Enterprise Linux, allow local users to gain privileges via a crafted\n dynamic shared object (DSO) in a subdirectory of the current working\n directory during execution of a (1) setuid or (2) setgid program that\n has in (a) RPATH or (b) RUNPATH. NOTE: this issue exists because\n of an incorrect fix for CVE-2010-3847 (CVE-2011-0536).\n\n The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC\n (EGLIBC) allow context-dependent attackers to execute arbitrary code\n or cause a denial of service (memory consumption) via a long UTF8\n string that is used in an fnmatch call, aka a stack extension attack,\n a related issue to CVE-2010-2898, as originally reported for use of\n this library by Google Chrome (CVE-2011-1071).\n\n The addmntent function in the GNU C Library (aka glibc or libc6) 2.13\n and earlier does not report an error status for failed attempts to\n write to the /etc/mtab file, which makes it easier for local users\n to trigger corruption of this file, as demonstrated by writes from\n a process with a small RLIMIT_FSIZE value, a different vulnerability\n than CVE-2010-0296 (CVE-2011-1089).\n\n locale/programs/locale.c in locale in the GNU C Library (aka glibc\n or libc6) before 2.13 does not quote its output, which might allow\n local users to gain privileges via a crafted localization environment\n variable, in conjunction with a program that executes a script that\n uses the eval function (CVE-2011-1095).\n\n Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or\n libc6) 2.13 and earlier allows context-dependent attackers to cause a\n denial of service (application crash) via a long UTF8 string that is\n used in an fnmatch call with a crafted pattern argument, a different\n vulnerability than CVE-2011-1071 (CVE-2011-1659).\n\n crypt_blowfish before 1.1, as used in glibc on certain platforms,\n does not properly handle 8-bit characters, which makes it easier\n for context-dependent attackers to determine a cleartext password by\n leveraging knowledge of a password hash (CVE-2011-2483).\n\n The updated packages have been patched to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.8~1.20080520.5.8mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.8~1.20080520.5.8mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc\", rpm:\"glibc-doc~2.8~1.20080520.5.8mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc-pdf\", rpm:\"glibc-doc-pdf~2.8~1.20080520.5.8mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.8~1.20080520.5.8mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.8~1.20080520.5.8mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-static-devel\", rpm:\"glibc-static-devel~2.8~1.20080520.5.8mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.8~1.20080520.5.8mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.8~1.20080520.5.8mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.11.1~8.3mnb2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.11.1~8.3mnb2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc\", rpm:\"glibc-doc~2.11.1~8.3mnb2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc-pdf\", rpm:\"glibc-doc-pdf~2.11.1~8.3mnb2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.11.1~8.3mnb2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.11.1~8.3mnb2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-static-devel\", rpm:\"glibc-static-devel~2.11.1~8.3mnb2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.11.1~8.3mnb2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.11.1~8.3mnb2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:35", "description": "Check for the Version of glibc", "cvss3": {}, "published": "2011-11-28T00:00:00", "type": "openvas", "title": "Mandriva Update for glibc MDVSA-2011:178 (glibc)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2898", "CVE-2010-0296", "CVE-2011-2483", "CVE-2011-1659", "CVE-2011-1071", "CVE-2011-1095", "CVE-2010-3847", "CVE-2011-0536", "CVE-2011-1089"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:831500", "href": "http://plugins.openvas.org/nasl.php?oid=831500", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for glibc MDVSA-2011:178 (glibc)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities was discovered and fixed in glibc:\n Multiple untrusted search path vulnerabilities in elf/dl-object.c in\n certain modified versions of the GNU C Library (aka glibc or libc6),\n including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat\n Enterprise Linux, allow local users to gain privileges via a crafted\n dynamic shared object (DSO) in a subdirectory of the current working\n directory during execution of a (1) setuid or (2) setgid program that\n has in (a) RPATH or (b) RUNPATH. NOTE: this issue exists because\n of an incorrect fix for CVE-2010-3847 (CVE-2011-0536).\n\n The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC\n (EGLIBC) allow context-dependent attackers to execute arbitrary code\n or cause a denial of service (memory consumption) via a long UTF8\n string that is used in an fnmatch call, aka a stack extension attack,\n a related issue to CVE-2010-2898, as originally reported for use of\n this library by Google Chrome (CVE-2011-1071).\n\n The addmntent function in the GNU C Library (aka glibc or libc6) 2.13\n and earlier does not report an error status for failed attempts to\n write to the /etc/mtab file, which makes it easier for local users\n to trigger corruption of this file, as demonstrated by writes from\n a process with a small RLIMIT_FSIZE value, a different vulnerability\n than CVE-2010-0296 (CVE-2011-1089).\n\n locale/programs/locale.c in locale in the GNU C Library (aka glibc\n or libc6) before 2.13 does not quote its output, which might allow\n local users to gain privileges via a crafted localization environment\n variable, in conjunction with a program that executes a script that\n uses the eval function (CVE-2011-1095).\n\n Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or\n libc6) 2.13 and earlier allows context-dependent attackers to cause a\n denial of service (application crash) via a long UTF8 string that is\n used in an fnmatch call with a crafted pattern argument, a different\n vulnerability than CVE-2011-1071 (CVE-2011-1659).\n\n crypt_blowfish before 1.1, as used in glibc on certain platforms,\n does not properly handle 8-bit characters, which makes it easier\n for context-dependent attackers to determine a cleartext password by\n leveraging knowledge of a password hash (CVE-2011-2483).\n\n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"glibc on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-11/msg00037.php\");\n script_id(831500);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-28 12:50:20 +0530 (Mon, 28 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:178\");\n script_cve_id(\"CVE-2010-3847\", \"CVE-2011-0536\", \"CVE-2010-2898\", \"CVE-2011-1071\",\n \"CVE-2010-0296\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\",\n \"CVE-2011-2483\");\n script_name(\"Mandriva Update for glibc MDVSA-2011:178 (glibc)\");\n\n script_summary(\"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.8~1.20080520.5.8mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.8~1.20080520.5.8mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc\", rpm:\"glibc-doc~2.8~1.20080520.5.8mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc-pdf\", rpm:\"glibc-doc-pdf~2.8~1.20080520.5.8mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.8~1.20080520.5.8mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.8~1.20080520.5.8mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-static-devel\", rpm:\"glibc-static-devel~2.8~1.20080520.5.8mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.8~1.20080520.5.8mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.8~1.20080520.5.8mnb2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.11.1~8.3mnb2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.11.1~8.3mnb2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc\", rpm:\"glibc-doc~2.11.1~8.3mnb2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-doc-pdf\", rpm:\"glibc-doc-pdf~2.11.1~8.3mnb2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.11.1~8.3mnb2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.11.1~8.3mnb2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-static-devel\", rpm:\"glibc-static-devel~2.11.1~8.3mnb2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.11.1~8.3mnb2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.11.1~8.3mnb2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for glibc CESA-2011:0412 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0296", "CVE-2011-1071", "CVE-2011-1095", "CVE-2010-3847", "CVE-2011-0536"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880538", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880538", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2011:0412 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-April/017297.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880538\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0412\");\n script_cve_id(\"CVE-2010-0296\", \"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\", \"CVE-2010-3847\");\n script_name(\"CentOS Update for glibc CESA-2011:0412 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"glibc on CentOS 5\");\n script_tag(name:\"insight\", value:\"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n The fix for CVE-2010-3847 introduced a regression in the way the dynamic\n loader expanded the $ORIGIN dynamic string token specified in the RPATH and\n RUNPATH entries in the ELF library header. A local attacker could use this\n flaw to escalate their privileges via a setuid or setgid program using\n such a library. (CVE-2011-0536)\n\n It was discovered that the glibc addmntent() function did not sanitize its\n input properly. A local attacker could possibly use this flaw to inject\n malformed lines into /etc/mtab via certain setuid mount helpers, if the\n attacker were allowed to mount to an arbitrary directory under their\n control. (CVE-2010-0296)\n\n It was discovered that the glibc fnmatch() function did not properly\n restrict the use of alloca(). If the function was called on sufficiently\n large inputs, it could cause an application using fnmatch() to crash or,\n possibly, execute arbitrary code with the privileges of the application.\n (CVE-2011-1071)\n\n It was discovered that the locale command did not produce properly escaped\n output as required by the POSIX specification. If an attacker were able to\n set the locale environment variables in the environment of a script that\n performed shell evaluation on the output of the locale command, and that\n script were run with different privileges than the attacker's, it could\n execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\n All users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-04-06T00:00:00", "type": "openvas", "title": "RedHat Update for glibc RHSA-2011:0412-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0296", "CVE-2011-1071", "CVE-2011-1095", "CVE-2010-3847", "CVE-2011-0536"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870417", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870417", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2011:0412-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-April/msg00000.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870417\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-06 16:20:31 +0200 (Wed, 06 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:0412-01\");\n script_cve_id(\"CVE-2010-0296\", \"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\", \"CVE-2010-3847\");\n script_name(\"RedHat Update for glibc RHSA-2011:0412-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"glibc on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n The fix for CVE-2010-3847 introduced a regression in the way the dynamic\n loader expanded the $ORIGIN dynamic string token specified in the RPATH and\n RUNPATH entries in the ELF library header. A local attacker could use this\n flaw to escalate their privileges via a setuid or setgid program using\n such a library. (CVE-2011-0536)\n\n It was discovered that the glibc addmntent() function did not sanitize its\n input properly. A local attacker could possibly use this flaw to inject\n malformed lines into /etc/mtab via certain setuid mount helpers, if the\n attacker were allowed to mount to an arbitrary directory under their\n control. (CVE-2010-0296)\n\n It was discovered that the glibc fnmatch() function did not properly\n restrict the use of alloca(). If the function was called on sufficiently\n large inputs, it could cause an application using fnmatch() to crash or,\n possibly, execute arbitrary code with the privileges of the application.\n (CVE-2011-1071)\n\n It was discovered that the locale command did not produce properly escaped\n output as required by the POSIX specification. If an attacker were able to\n set the locale environment variables in the environment of a script that\n performed shell evaluation on the output of the locale command, and that\n script were run with different privileges than the attacker's, it could\n execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\n All users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~58.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~58.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.5~58.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.5~58.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~58.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~58.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~58.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~58.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:42", "description": "Check for the Version of glibc", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for glibc CESA-2011:0412 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0296", "CVE-2011-1071", "CVE-2011-1095", "CVE-2010-3847", "CVE-2011-0536"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880538", "href": "http://plugins.openvas.org/nasl.php?oid=880538", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2011:0412 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n The fix for CVE-2010-3847 introduced a regression in the way the dynamic\n loader expanded the $ORIGIN dynamic string token specified in the RPATH and\n RUNPATH entries in the ELF library header. A local attacker could use this\n flaw to escalate their privileges via a setuid or setgid program using\n such a library. (CVE-2011-0536)\n \n It was discovered that the glibc addmntent() function did not sanitize its\n input properly. A local attacker could possibly use this flaw to inject\n malformed lines into /etc/mtab via certain setuid mount helpers, if the\n attacker were allowed to mount to an arbitrary directory under their\n control. (CVE-2010-0296)\n \n It was discovered that the glibc fnmatch() function did not properly\n restrict the use of alloca(). If the function was called on sufficiently\n large inputs, it could cause an application using fnmatch() to crash or,\n possibly, execute arbitrary code with the privileges of the application.\n (CVE-2011-1071)\n \n It was discovered that the locale command did not produce properly escaped\n output as required by the POSIX specification. If an attacker were able to\n set the locale environment variables in the environment of a script that\n performed shell evaluation on the output of the locale command, and that\n script were run with different privileges than the attacker's, it could\n execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n \n All users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"glibc on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017297.html\");\n script_id(880538);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0412\");\n script_cve_id(\"CVE-2010-0296\", \"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\", \"CVE-2010-3847\");\n script_name(\"CentOS Update for glibc CESA-2011:0412 centos5 i386\");\n\n script_summary(\"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:57:29", "description": "Check for the Version of glibc", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for glibc CESA-2011:0412 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0296", "CVE-2011-1071", "CVE-2011-1095", "CVE-2010-3847", "CVE-2011-0536"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:881328", "href": "http://plugins.openvas.org/nasl.php?oid=881328", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2011:0412 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n The fix for CVE-2010-3847 introduced a regression in the way the dynamic\n loader expanded the $ORIGIN dynamic string token specified in the RPATH and\n RUNPATH entries in the ELF library header. A local attacker could use this\n flaw to escalate their privileges via a setuid or setgid program using\n such a library. (CVE-2011-0536)\n \n It was discovered that the glibc addmntent() function did not sanitize its\n input properly. A local attacker could possibly use this flaw to inject\n malformed lines into /etc/mtab via certain setuid mount helpers, if the\n attacker were allowed to mount to an arbitrary directory under their\n control. (CVE-2010-0296)\n \n It was discovered that the glibc fnmatch() function did not properly\n restrict the use of alloca(). If the function was called on sufficiently\n large inputs, it could cause an application using fnmatch() to crash or,\n possibly, execute arbitrary code with the privileges of the application.\n (CVE-2011-1071)\n \n It was discovered that the locale command did not produce properly escaped\n output as required by the POSIX specification. If an attacker were able to\n set the locale environment variables in the environment of a script that\n performed shell evaluation on the output of the locale command, and that\n script were run with different privileges than the attacker's, it could\n execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n \n All users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\n\ntag_affected = \"glibc on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017298.html\");\n script_id(881328);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:24:58 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-0296\", \"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\",\n \"CVE-2010-3847\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0412\");\n script_name(\"CentOS Update for glibc CESA-2011:0412 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:25", "description": "Check for the Version of glibc", "cvss3": {}, "published": "2011-04-06T00:00:00", "type": "openvas", "title": "RedHat Update for glibc RHSA-2011:0412-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0296", "CVE-2011-1071", "CVE-2011-1095", "CVE-2010-3847", "CVE-2011-0536"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870417", "href": "http://plugins.openvas.org/nasl.php?oid=870417", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2011:0412-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n The fix for CVE-2010-3847 introduced a regression in the way the dynamic\n loader expanded the $ORIGIN dynamic string token specified in the RPATH and\n RUNPATH entries in the ELF library header. A local attacker could use this\n flaw to escalate their privileges via a setuid or setgid program using\n such a library. (CVE-2011-0536)\n \n It was discovered that the glibc addmntent() function did not sanitize its\n input properly. A local attacker could possibly use this flaw to inject\n malformed lines into /etc/mtab via certain setuid mount helpers, if the\n attacker were allowed to mount to an arbitrary directory under their\n control. (CVE-2010-0296)\n \n It was discovered that the glibc fnmatch() function did not properly\n restrict the use of alloca(). If the function was called on sufficiently\n large inputs, it could cause an application using fnmatch() to crash or,\n possibly, execute arbitrary code with the privileges of the application.\n (CVE-2011-1071)\n \n It was discovered that the locale command did not produce properly escaped\n output as required by the POSIX specification. If an attacker were able to\n set the locale environment variables in the environment of a script that\n performed shell evaluation on the output of the locale command, and that\n script were run with different privileges than the attacker's, it could\n execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n \n All users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\n\ntag_affected = \"glibc on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-April/msg00000.html\");\n script_id(870417);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-06 16:20:31 +0200 (Wed, 06 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:0412-01\");\n script_cve_id(\"CVE-2010-0296\", \"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\", \"CVE-2010-3847\");\n script_name(\"RedHat Update for glibc RHSA-2011:0412-01\");\n\n script_summary(\"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~58.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~58.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.5~58.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.5~58.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~58.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~58.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~58.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~58.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for glibc CESA-2011:0412 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0296", "CVE-2011-1071", "CVE-2011-1095", "CVE-2010-3847", "CVE-2011-0536"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881328", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881328", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2011:0412 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-April/017298.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881328\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:24:58 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-0296\", \"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\",\n \"CVE-2010-3847\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0412\");\n script_name(\"CentOS Update for glibc CESA-2011:0412 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"glibc on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n The fix for CVE-2010-3847 introduced a regression in the way the dynamic\n loader expanded the $ORIGIN dynamic string token specified in the RPATH and\n RUNPATH entries in the ELF library header. A local attacker could use this\n flaw to escalate their privileges via a setuid or setgid program using\n such a library. (CVE-2011-0536)\n\n It was discovered that the glibc addmntent() function did not sanitize its\n input properly. A local attacker could possibly use this flaw to inject\n malformed lines into /etc/mtab via certain setuid mount helpers, if the\n attacker were allowed to mount to an arbitrary directory under their\n control. (CVE-2010-0296)\n\n It was discovered that the glibc fnmatch() function did not properly\n restrict the use of alloca(). If the function was called on sufficiently\n large inputs, it could cause an application using fnmatch() to crash or,\n possibly, execute arbitrary code with the privileges of the application.\n (CVE-2011-1071)\n\n It was discovered that the locale command did not produce properly escaped\n output as required by the POSIX specification. If an attacker were able to\n set the locale environment variables in the environment of a script that\n performed shell evaluation on the output of the locale command, and that\n script were run with different privileges than the attacker's, it could\n execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\n All users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~58.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:57:52", "description": "Check for the Version of glibc", "cvss3": {}, "published": "2012-06-06T00:00:00", "type": "openvas", "title": "RedHat Update for glibc RHSA-2011:0413-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1071", "CVE-2011-1095", "CVE-2010-3847", "CVE-2011-0536"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:870670", "href": "http://plugins.openvas.org/nasl.php?oid=870670", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2011:0413-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n The fix for CVE-2010-3847 introduced a regression in the way the dynamic\n loader expanded the $ORIGIN dynamic string token specified in the RPATH and\n RUNPATH entries in the ELF library header. A local attacker could use this\n flaw to escalate their privileges via a setuid or setgid program using\n such a library. (CVE-2011-0536)\n\n It was discovered that the glibc fnmatch() function did not properly\n restrict the use of alloca(). If the function was called on sufficiently\n large inputs, it could cause an application using fnmatch() to crash or,\n possibly, execute arbitrary code with the privileges of the application.\n (CVE-2011-1071)\n\n It was discovered that the locale command did not produce properly escaped\n output as required by the POSIX specification. If an attacker were able to\n set the locale environment variables in the environment of a script that\n performed shell evaluation on the output of the locale command, and that\n script were run with different privileges than the attacker's, it could\n execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\n All users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\n\ntag_affected = \"glibc on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-April/msg00001.html\");\n script_id(870670);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:45:07 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\", \"CVE-2010-3847\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:0413-01\");\n script_name(\"RedHat Update for glibc RHSA-2011:0413-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.7.el6_0.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.7.el6_0.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.12~1.7.el6_0.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.7.el6_0.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.7.el6_0.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.7.el6_0.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.7.el6_0.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:55", "description": "Oracle Linux Local Security Checks ELSA-2011-0412", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-0412", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1658", "CVE-2010-0296", "CVE-2011-1659", "CVE-2011-1071", "CVE-2011-1095", "CVE-2011-0536"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122203", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122203", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0412.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122203\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:45 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0412\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0412 - glibc security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0412\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0412.html\");\n script_cve_id(\"CVE-2010-0296\", \"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\", \"CVE-2011-1658\", \"CVE-2011-1659\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~58.el5_6.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~58.el5_6.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~58.el5_6.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~58.el5_6.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~58.el5_6.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~58.el5_6.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-06-06T00:00:00", "type": "openvas", "title": "RedHat Update for glibc RHSA-2011:0413-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1071", "CVE-2011-1095", "CVE-2010-3847", "CVE-2011-0536"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870670", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870670", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2011:0413-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-April/msg00001.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870670\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:45:07 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2011-0536\", \"CVE-2011-1071\", \"CVE-2011-1095\", \"CVE-2010-3847\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:0413-01\");\n script_name(\"RedHat Update for glibc RHSA-2011:0413-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"glibc on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n The fix for CVE-2010-3847 introduced a regression in the way the dynamic\n loader expanded the $ORIGIN dynamic string token specified in the RPATH and\n RUNPATH entries in the ELF library header. A local attacker could use this\n flaw to escalate their privileges via a setuid or setgid program using\n such a library. (CVE-2011-0536)\n\n It was discovered that the glibc fnmatch() function did not properly\n restrict the use of alloca(). If the function was called on sufficiently\n large inputs, it could cause an application using fnmatch() to crash or,\n possibly, execute arbitrary code with the privileges of the application.\n (CVE-2011-1071)\n\n It was discovered that the locale command did not produce properly escaped\n output as required by the POSIX specification. If an attacker were able to\n set the locale environment variables in the environment of a script that\n performed shell evaluation on the output of the locale command, and that\n script were run with different privileges than the attacker's, it could\n execute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\n All users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.7.el6_0.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.7.el6_0.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.12~1.7.el6_0.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.7.el6_0.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.7.el6_0.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.7.el6_0.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.7.el6_0.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:50", "description": "Gentoo Linux Local Security Checks GLSA 201312-01", "cvss3": {}, "published": "2015-09-29