UbuntuUSN-2306-2GNU C Library regression
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.2 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.032 Low
EPSS
Percentile
91.1%
Releases
- Ubuntu 10.04
Packages
- eglibc - GNU C Library
Details
USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS,
the security update cause a regression in certain environments that use
the Name Service Caching Daemon (nscd), such as those configured for LDAP
or MySQL authentication. In these environments, the nscd daemon may need
to be stopped manually for name resolution to resume working so that
updates can be downloaded, including environments configured for unattended
updates.
We apologize for the inconvenience.
Original advisory details:
Maksymilian Arciemowicz discovered that the GNU C Library incorrectly
handled the getaddrinfo() function. An attacker could use this issue to
cause a denial of service. This issue only affected Ubuntu 10.04 LTS.
(CVE-2013-4357)
It was discovered that the GNU C Library incorrectly handled the
getaddrinfo() function. An attacker could use this issue to cause a denial
of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS.
(CVE-2013-4458)
Stephane Chazelas discovered that the GNU C Library incorrectly handled
locale environment variables. An attacker could use this issue to possibly
bypass certain restrictions such as the ForceCommand restrictions in
OpenSSH. (CVE-2014-0475)
David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C
Library incorrectly handled posix_spawn_file_actions_addopen() path
arguments. An attacker could use this issue to cause a denial of service.
(CVE-2014-4043)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 10.04 | noarch | libc6 | < 2.11.1-0ubuntu7.15 | UNKNOWN |
| Ubuntu | 10.04 | noarch | libc-bin | < 2.11.1-0ubuntu7.15 | UNKNOWN |
| Ubuntu | 10.04 | noarch | libc-dev-bin | < 2.11.1-0ubuntu7.15 | UNKNOWN |
| Ubuntu | 10.04 | noarch | libc6-dbg | < 2.11.1-0ubuntu7.15 | UNKNOWN |
| Ubuntu | 10.04 | noarch | libc6-dev | < 2.11.1-0ubuntu7.15 | UNKNOWN |
| Ubuntu | 10.04 | noarch | libc6-dev-i386 | < 2.11.1-0ubuntu7.15 | UNKNOWN |
| Ubuntu | 10.04 | noarch | libc6-i386 | < 2.11.1-0ubuntu7.15 | UNKNOWN |
| Ubuntu | 10.04 | noarch | libc6-pic | < 2.11.1-0ubuntu7.15 | UNKNOWN |
| Ubuntu | 10.04 | noarch | libc6-prof | < 2.11.1-0ubuntu7.15 | UNKNOWN |
| Ubuntu | 10.04 | noarch | libc6-udeb | < 2.11.1-0ubuntu7.15 | UNKNOWN |
References
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.2 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.032 Low
EPSS
Percentile
91.1%