Vulnerabilities > CVE-2002-1146 - Unspecified vulnerability in GNU Glibc
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).
Vulnerable Configurations
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-022.NASL description Updated glibc packages are available to fix a buffer overflow in the resolver. The GNU C library package, glibc, contains standard libraries used by multiple programs on the system. A read buffer overflow vulnerability exists in the glibc resolver code in versions of glibc up to and including 2.2.5. The vulnerability is triggered by DNS packets larger than 1024 bytes and can cause applications to crash. In addition to this, several non-security related bugs have been fixed, the majority for the Itanium (IA64) platform. All Red Hat Linux Advanced Server users are advised to upgrade to these errata packages which contain a patch to correct this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 12354 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12354 title RHEL 2.1 : glibc (RHSA-2003:022) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2003:022. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12354); script_version ("1.23"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2002-1146"); script_xref(name:"CERT", value:"738331"); script_xref(name:"RHSA", value:"2003:022"); script_name(english:"RHEL 2.1 : glibc (RHSA-2003:022)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated glibc packages are available to fix a buffer overflow in the resolver. The GNU C library package, glibc, contains standard libraries used by multiple programs on the system. A read buffer overflow vulnerability exists in the glibc resolver code in versions of glibc up to and including 2.2.5. The vulnerability is triggered by DNS packets larger than 1024 bytes and can cause applications to crash. In addition to this, several non-security related bugs have been fixed, the majority for the Itanium (IA64) platform. All Red Hat Linux Advanced Server users are advised to upgrade to these errata packages which contain a patch to correct this vulnerability." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2002-1146" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2003:022" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/10/11"); script_set_attribute(attribute:"patch_publication_date", value:"2003/02/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2003:022"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"glibc-2.2.4-31.7")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"glibc-2.2.4-31.7")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"glibc-common-2.2.4-31.7")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"glibc-devel-2.2.4-31.7")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"glibc-profile-2.2.4-31.7")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"nscd-2.2.4-31.7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-devel / glibc-profile / nscd"); } }
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-009.NASL description A read buffer overflow vulnerability exists in the resolver code in versions of glibc up to and including 2.2.5. The vulnerability is triggered by DNS packets larger than 1024 bytes, which can cause an application to crash. The updated packages have a patch applied to correct the problem. last seen 2020-06-01 modified 2020-06-02 plugin id 14109 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14109 title Mandrake Linux Security Advisory : glibc (MDKSA-2004:009) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2004:009. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14109); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2002-1146"); script_xref(name:"CERT", value:"738331"); script_xref(name:"MDKSA", value:"2004:009"); script_name(english:"Mandrake Linux Security Advisory : glibc (MDKSA-2004:009)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A read buffer overflow vulnerability exists in the resolver code in versions of glibc up to and including 2.2.5. The vulnerability is triggered by DNS packets larger than 1024 bytes, which can cause an application to crash. The updated packages have a patch applied to correct the problem." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-i18ndata"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ldconfig"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2004/02/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"glibc-2.2.5-16.4.90mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"glibc-devel-2.2.5-16.4.90mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"glibc-i18ndata-2.2.5-16.4.90mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"glibc-profile-2.2.5-16.4.90mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"glibc-static-devel-2.2.5-16.4.90mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"glibc-utils-2.2.5-16.4.90mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"ldconfig-2.2.5-16.4.90mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"nscd-2.2.5-16.4.90mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Redhat
advisories |
|
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-015.txt.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535
- http://www.iss.net/security_center/static/10295.php
- http://www.kb.cert.org/vuls/id/738331
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:009
- http://www.redhat.com/support/errata/RHSA-2002-197.html
- http://www.redhat.com/support/errata/RHSA-2002-258.html
- http://www.redhat.com/support/errata/RHSA-2003-022.html
- http://www.redhat.com/support/errata/RHSA-2003-212.html