Vulnerabilities > CVE-2009-4881 - Numeric Errors vulnerability in GNU Glibc
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-111.NASL description Multiple vulnerabilities was discovered and fixed in glibc : Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391 (CVE-2009-4880). Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391 (CVE-2009-4881). nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function (CVE-2010-0015). The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request (CVE-2010-0296). Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header (CVE-2010-0830). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 46849 published 2010-06-09 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46849 title Mandriva Linux Security Advisory : glibc (MDVSA-2010:111) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2010:111. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(46849); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:53"); script_cve_id("CVE-2009-4880", "CVE-2009-4881", "CVE-2010-0015", "CVE-2010-0296", "CVE-2010-0830"); script_bugtraq_id(36443, 37885, 40063); script_xref(name:"MDVSA", value:"2010:111"); script_name(english:"Mandriva Linux Security Advisory : glibc (MDVSA-2010:111)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities was discovered and fixed in glibc : Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391 (CVE-2009-4880). Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391 (CVE-2009-4881). nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function (CVE-2010-0015). The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request (CVE-2010-0296). Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header (CVE-2010-0830). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct these issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(255); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-i18ndata"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/06/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.0", reference:"glibc-2.6.1-4.4mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"glibc-devel-2.6.1-4.4mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"glibc-doc-2.6.1-4.4mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"glibc-doc-pdf-2.6.1-4.4mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"glibc-i18ndata-2.6.1-4.4mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"glibc-profile-2.6.1-4.4mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"glibc-static-devel-2.6.1-4.4mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"glibc-utils-2.6.1-4.4mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"nscd-2.6.1-4.4mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"glibc-2.8-1.20080520.5.5mnb2")) flag++; if (rpm_check(release:"MDK2009.0", reference:"glibc-devel-2.8-1.20080520.5.5mnb2")) flag++; if (rpm_check(release:"MDK2009.0", reference:"glibc-doc-2.8-1.20080520.5.5mnb2")) flag++; if (rpm_check(release:"MDK2009.0", reference:"glibc-doc-pdf-2.8-1.20080520.5.5mnb2")) flag++; if (rpm_check(release:"MDK2009.0", reference:"glibc-i18ndata-2.8-1.20080520.5.5mnb2")) flag++; if (rpm_check(release:"MDK2009.0", reference:"glibc-profile-2.8-1.20080520.5.5mnb2")) flag++; if (rpm_check(release:"MDK2009.0", reference:"glibc-static-devel-2.8-1.20080520.5.5mnb2")) flag++; if (rpm_check(release:"MDK2009.0", reference:"glibc-utils-2.8-1.20080520.5.5mnb2")) flag++; if (rpm_check(release:"MDK2009.0", reference:"nscd-2.8-1.20080520.5.5mnb2")) flag++; if (rpm_check(release:"MDK2009.1", reference:"glibc-2.9-0.20081113.5.1mnb2")) flag++; if (rpm_check(release:"MDK2009.1", reference:"glibc-devel-2.9-0.20081113.5.1mnb2")) flag++; if (rpm_check(release:"MDK2009.1", reference:"glibc-doc-2.9-0.20081113.5.1mnb2")) flag++; if (rpm_check(release:"MDK2009.1", reference:"glibc-doc-pdf-2.9-0.20081113.5.1mnb2")) flag++; if (rpm_check(release:"MDK2009.1", reference:"glibc-i18ndata-2.9-0.20081113.5.1mnb2")) flag++; if (rpm_check(release:"MDK2009.1", reference:"glibc-profile-2.9-0.20081113.5.1mnb2")) flag++; if (rpm_check(release:"MDK2009.1", reference:"glibc-static-devel-2.9-0.20081113.5.1mnb2")) flag++; if (rpm_check(release:"MDK2009.1", reference:"glibc-utils-2.9-0.20081113.5.1mnb2")) flag++; if (rpm_check(release:"MDK2009.1", reference:"nscd-2.9-0.20081113.5.1mnb2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2058.NASL description Several vulnerabilities have been discovered in the GNU C Library (aka glibc) and its derivatives. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-1391, CVE-2009-4880, CVE-2009-4881 Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon family of functions. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service. - CVE-2010-0296 Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges. - CVE-2010-0830 Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 46861 published 2010-06-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46861 title Debian DSA-2058-1 : glibc, eglibc - multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2058. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(46861); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2008-1391", "CVE-2009-4880", "CVE-2009-4881", "CVE-2010-0296", "CVE-2010-0830"); script_bugtraq_id(36443, 40063); script_xref(name:"DSA", value:"2058"); script_name(english:"Debian DSA-2058-1 : glibc, eglibc - multiple vulnerabilities"); script_summary(english:"Checks dpkg output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the GNU C Library (aka glibc) and its derivatives. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-1391, CVE-2009-4880, CVE-2009-4881 Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon family of functions. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service. - CVE-2010-0296 Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges. - CVE-2010-0830 Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583908" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-1391" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-4880" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-4881" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-0296" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-0830" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2010/dsa-2058" ); script_set_attribute( attribute:"solution", value: "Upgrade the glibc or eglibc packages. For the stable distribution (lenny), these problems have been fixed in version 2.7-18lenny4 of the glibc package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:eglibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:glibc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/06/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"5.0", prefix:"glibc-doc", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"glibc-source", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-amd64", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-dbg", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-dev", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-dev-amd64", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-dev-i386", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-dev-mips64", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-dev-mipsn32", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-dev-ppc64", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-dev-s390x", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-dev-sparc64", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-i386", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-i686", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-mips64", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-mipsn32", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-pic", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-ppc64", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-prof", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-s390x", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-sparc64", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-sparcv9b", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6-xen", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6.1", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6.1-alphaev67", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6.1-dbg", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6.1-dev", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6.1-pic", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"libc6.1-prof", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"locales", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"locales-all", reference:"2.7-18lenny4")) flag++; if (deb_check(release:"5.0", prefix:"nscd", reference:"2.7-18lenny4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201011-01.NASL description The remote host is affected by the vulnerability described in GLSA-201011-01 (GNU C library: Multiple vulnerabilities) Multiple vulnerabilities were found in glibc, amongst others the widely-known recent LD_AUDIT and $ORIGIN issues. For further information please consult the CVE entries referenced below. Impact : A local attacker could execute arbitrary code as root, cause a Denial of Service, or gain privileges. Additionally, a user-assisted remote attacker could cause the execution of arbitrary code, and a context-dependent attacker could cause a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 50605 published 2010-11-16 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50605 title GLSA-201011-01 : GNU C library: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201011-01. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(50605); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2009-4880", "CVE-2009-4881", "CVE-2010-0296", "CVE-2010-0830", "CVE-2010-3847", "CVE-2010-3856"); script_bugtraq_id(36443, 40063, 44154, 44347); script_xref(name:"GLSA", value:"201011-01"); script_name(english:"GLSA-201011-01 : GNU C library: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201011-01 (GNU C library: Multiple vulnerabilities) Multiple vulnerabilities were found in glibc, amongst others the widely-known recent LD_AUDIT and $ORIGIN issues. For further information please consult the CVE entries referenced below. Impact : A local attacker could execute arbitrary code as root, cause a Denial of Service, or gain privileges. Additionally, a user-assisted remote attacker could cause the execution of arbitrary code, and a context-dependent attacker could cause a Denial of Service. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201011-01" ); script_set_attribute( attribute:"solution", value: "All GNU C library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-libs/glibc-2.11.2-r3'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:glibc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2010/11/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"sys-libs/glibc", unaffected:make_list("ge 2.11.2-r3"), vulnerable:make_list("lt 2.11.2-r3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GNU C library"); }
References
- http://sources.redhat.com/bugzilla/show_bug.cgi?id=10600
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
- http://www.debian.org/security/2010/dsa-2058
- http://security.gentoo.org/glsa/glsa-201011-01.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59241
- http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=153aa31b93be22e01b236375fb02a9f9b9a0195f