Vulnerabilities > CVE-2001-0886
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.
Vulnerable Configurations
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2001-095.NASL description Flavio Veloso found an overflowable buffer problem in earlier versions of the glibc glob(3) implementation. It may be possible to exploit some programs that pass input to the glibc glob() function in a manner that can be modified by the user. last seen 2020-06-01 modified 2020-06-02 plugin id 13908 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13908 title Mandrake Linux Security Advisory : glibc (MDKSA-2001:095) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2001:095. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(13908); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2001-0886"); script_xref(name:"MDKSA", value:"2001:095"); script_name(english:"Mandrake Linux Security Advisory : glibc (MDKSA-2001:095)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Flavio Veloso found an overflowable buffer problem in earlier versions of the glibc glob(3) implementation. It may be possible to exploit some programs that pass input to the glibc glob() function in a manner that can be modified by the user." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ldconfig"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1"); script_set_attribute(attribute:"patch_publication_date", value:"2001/12/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"glibc-2.1.3-19.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"glibc-devel-2.1.3-19.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"glibc-profile-2.1.3-19.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"nscd-2.1.3-19.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"glibc-2.1.3-19.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"glibc-devel-2.1.3-19.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"glibc-profile-2.1.3-19.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"nscd-2.1.3-19.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"glibc-2.2.2-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"glibc-devel-2.2.2-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"glibc-profile-2.2.2-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"ldconfig-2.2.2-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"nscd-2.2.2-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"glibc-2.2.4-9.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"glibc-devel-2.2.4-9.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"glibc-profile-2.2.4-9.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"ldconfig-2.2.4-9.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"nscd-2.2.4-9.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-103.NASL description A buffer overflow has been found in the globbing code for glibc. This is the code which is used to glob patterns for filenames and is commonly used in applications like shells and FTP servers. last seen 2020-06-01 modified 2020-06-02 plugin id 14940 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14940 title Debian DSA-103-1 : glibc - buffer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-103. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(14940); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:16"); script_cve_id("CVE-2001-0886"); script_xref(name:"DSA", value:"103"); script_name(english:"Debian DSA-103-1 : glibc - buffer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "A buffer overflow has been found in the globbing code for glibc. This is the code which is used to glob patterns for filenames and is commonly used in applications like shells and FTP servers." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2002/dsa-103" ); script_set_attribute( attribute:"solution", value: "This has been fixed in version 2.1.3-20 and we recommend that you upgrade your libc package immediately." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:glibc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"patch_publication_date", value:"2002/01/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"glibc-doc", reference:"2.1.3-20")) flag++; if (deb_check(release:"2.2", prefix:"i18ndata", reference:"2.1.3-20")) flag++; if (deb_check(release:"2.2", prefix:"libc6", reference:"2.1.3-20")) flag++; if (deb_check(release:"2.2", prefix:"libc6-dbg", reference:"2.1.3-20")) flag++; if (deb_check(release:"2.2", prefix:"libc6-dev", reference:"2.1.3-20")) flag++; if (deb_check(release:"2.2", prefix:"libc6-pic", reference:"2.1.3-20")) flag++; if (deb_check(release:"2.2", prefix:"libc6-prof", reference:"2.1.3-20")) flag++; if (deb_check(release:"2.2", prefix:"libc6.1", reference:"2.1.3-20")) flag++; if (deb_check(release:"2.2", prefix:"libc6.1-dbg", reference:"2.1.3-20")) flag++; if (deb_check(release:"2.2", prefix:"libc6.1-dev", reference:"2.1.3-20")) flag++; if (deb_check(release:"2.2", prefix:"libc6.1-pic", reference:"2.1.3-20")) flag++; if (deb_check(release:"2.2", prefix:"libc6.1-prof", reference:"2.1.3-20")) flag++; if (deb_check(release:"2.2", prefix:"libnss1-compat", reference:"2.1.3-20")) flag++; if (deb_check(release:"2.2", prefix:"locales", reference:"2.1.3-20")) flag++; if (deb_check(release:"2.2", prefix:"nscd", reference:"2.1.3-20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Redhat
advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000447
- http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-037-01
- http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html
- http://www.ciac.org/ciac/bulletins/m-029.shtml
- http://www.debian.org/security/2002/dsa-103
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-095.php3
- http://www.linuxsecurity.com/advisories/other_advisory-1752.html
- http://www.redhat.com/support/errata/RHSA-2001-160.html
- http://www.securityfocus.com/archive/1/245956
- http://www.securityfocus.com/bid/3707
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-008
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7705