Vulnerabilities > CVE-2010-2898 - Unspecified vulnerability in Google Chrome
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors.
Vulnerable Configurations
Nessus
NASL family Windows NASL id GOOGLE_CHROME_5_0_375_125.NASL description The version of Google Chrome installed on the remote host is earlier than 5.0.375.125. As such, it is reportedly affected by multiple vulnerabilities : - An unspecified error in the layout code allows memory contents to be disclosed. (Issue #42736) - An unspecified error exists in the handling of large canvases. (Issue #43813) - A memory corruption error exists in the rendering code. (Issue #47866) - A memory corruption error exists in the handling of SVG content. (Issue #48284) - An unspecified error exists regarding hostname name truncation and incorrect eliding. (Issue #48597) last seen 2020-06-01 modified 2020-06-02 plugin id 47859 published 2010-07-27 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47859 title Google Chrome < 5.0.375.125 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(47859); script_version("1.17"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_cve_id( "CVE-2010-2897", "CVE-2010-2898", "CVE-2010-2899", "CVE-2010-2900", "CVE-2010-2901", "CVE-2010-2902", "CVE-2010-2903" ); script_bugtraq_id(41976); script_xref(name:"Secunia", value:"40743"); script_name(english:"Google Chrome < 5.0.375.125 Multiple Vulnerabilities"); script_summary(english:"Checks version number of Google Chrome"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote host is earlier than 5.0.375.125. As such, it is reportedly affected by multiple vulnerabilities : - An unspecified error in the layout code allows memory contents to be disclosed. (Issue #42736) - An unspecified error exists in the handling of large canvases. (Issue #43813) - A memory corruption error exists in the rendering code. (Issue #47866) - A memory corruption error exists in the handling of SVG content. (Issue #48284) - An unspecified error exists regarding hostname name truncation and incorrect eliding. (Issue #48597)"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?db5829ad"); script_set_attribute(attribute:"solution", value:"Upgrade to Google Chrome 5.0.375.125 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/26"); script_set_attribute(attribute:"patch_publication_date", value:"2010/07/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/27"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("google_chrome_installed.nasl"); script_require_keys("SMB/Google_Chrome/Installed"); exit(0); } include("google_chrome_version.inc"); get_kb_item_or_exit("SMB/Google_Chrome/Installed"); installs = get_kb_list("SMB/Google_Chrome/*"); google_chrome_check_version(installs:installs, fix:'5.0.375.125', severity:SECURITY_HOLE);NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL15885.NASL description The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a last seen 2020-06-01 modified 2020-06-02 plugin id 79606 published 2014-11-28 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79606 title F5 Networks BIG-IP : GNU C Library vulnerability (SOL15885) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution SOL15885. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(79606); script_version("1.7"); script_cvs_date("Date: 2019/01/04 10:03:40"); script_cve_id("CVE-2007-4782", "CVE-2010-1917", "CVE-2010-2898", "CVE-2011-1071"); script_bugtraq_id(26403, 41991, 46563); script_name(english:"F5 Networks BIG-IP : GNU C Library vulnerability (SOL15885)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a 'stack extension attack,' a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome. (CVE-2011-1071)" ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K15885" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution SOL15885." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(94); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "SOL15885"; vmatrix = make_array(); # APM vmatrix["APM"] = make_array(); vmatrix["APM"]["affected" ] = make_list("10.1.0-10.2.4"); vmatrix["APM"]["unaffected"] = make_list("11.0.0-11.6.0"); # ASM vmatrix["ASM"] = make_array(); vmatrix["ASM"]["affected" ] = make_list("10.0.0-10.2.4"); vmatrix["ASM"]["unaffected"] = make_list("11.0.0-11.6.0"); # GTM vmatrix["GTM"] = make_array(); vmatrix["GTM"]["affected" ] = make_list("10.0.0-10.2.4"); vmatrix["GTM"]["unaffected"] = make_list("11.0.0-11.6.0"); # LC vmatrix["LC"] = make_array(); vmatrix["LC"]["affected" ] = make_list("10.0.0-10.2.4"); vmatrix["LC"]["unaffected"] = make_list("11.0.0-11.6.0"); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("10.0.0-10.2.4"); vmatrix["LTM"]["unaffected"] = make_list("11.0.0-11.6.0"); # PSM vmatrix["PSM"] = make_array(); vmatrix["PSM"]["affected" ] = make_list("10.0.0-10.2.4"); vmatrix["PSM"]["unaffected"] = make_list("11.0.0-11.4.1"); # WAM vmatrix["WAM"] = make_array(); vmatrix["WAM"]["affected" ] = make_list("10.0.0-10.2.4"); vmatrix["WAM"]["unaffected"] = make_list("11.0.0-11.3.0"); # WOM vmatrix["WOM"] = make_array(); vmatrix["WOM"]["affected" ] = make_list("10.0.0-10.2.4"); vmatrix["WOM"]["unaffected"] = make_list("11.0.0-11.3.0"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get()); else security_hole(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running any of the affected modules"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-178.NASL description Multiple vulnerabilities was discovered and fixed in glibc : Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has in (a) RPATH or (b) RUNPATH. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847 (CVE-2011-0536). The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a stack extension attack, a related issue to CVE-2010-2898, as originally reported for use of this library by Google Chrome (CVE-2011-1071). The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296 (CVE-2011-1089). locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function (CVE-2011-1095). Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071 (CVE-2011-1659). crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56953 published 2011-11-28 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56953 title Mandriva Linux Security Advisory : glibc (MDVSA-2011:178) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2011:178. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(56953); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:54"); script_cve_id( "CVE-2011-0536", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2011-1659", "CVE-2011-2483" ); script_bugtraq_id( 46563, 46740, 47370, 49241 ); script_xref(name:"MDVSA", value:"2011:178"); script_name(english:"Mandriva Linux Security Advisory : glibc (MDVSA-2011:178)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities was discovered and fixed in glibc : Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has in (a) RPATH or (b) RUNPATH. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847 (CVE-2011-0536). The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a stack extension attack, a related issue to CVE-2010-2898, as originally reported for use of this library by Google Chrome (CVE-2011-1071). The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296 (CVE-2011-1089). locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function (CVE-2011-1095). Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071 (CVE-2011-1659). crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483). The updated packages have been patched to correct these issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-i18ndata"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1"); script_set_attribute(attribute:"patch_publication_date", value:"2011/11/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2010.1", reference:"glibc-2.11.1-8.3mnb2")) flag++; if (rpm_check(release:"MDK2010.1", reference:"glibc-devel-2.11.1-8.3mnb2")) flag++; if (rpm_check(release:"MDK2010.1", reference:"glibc-doc-2.11.1-8.3mnb2")) flag++; if (rpm_check(release:"MDK2010.1", reference:"glibc-doc-pdf-2.11.1-8.3mnb2")) flag++; if (rpm_check(release:"MDK2010.1", reference:"glibc-i18ndata-2.11.1-8.3mnb2")) flag++; if (rpm_check(release:"MDK2010.1", reference:"glibc-profile-2.11.1-8.3mnb2")) flag++; if (rpm_check(release:"MDK2010.1", reference:"glibc-static-devel-2.11.1-8.3mnb2")) flag++; if (rpm_check(release:"MDK2010.1", reference:"glibc-utils-2.11.1-8.3mnb2")) flag++; if (rpm_check(release:"MDK2010.1", reference:"nscd-2.11.1-8.3mnb2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Oval
| accepted | 2013-08-12T04:01:00.373-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors. | ||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:12104 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2010-08-25T11:10:59 | ||||||||||||||||||||||||
| title | Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library | ||||||||||||||||||||||||
| version | 50 |