Vulnerabilities > CVE-2011-1089 - Configuration vulnerability in GNU Glibc

047910
CVSS 3.3 - LOW
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
local
gnu
CWE-16
nessus

Summary

The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.

Vulnerable Configurations

Part Description Count
Application
Gnu
101

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-148.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in samba/cifs-utils : smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089 (CVE-2011-1678). The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547 (CVE-2011-2724). Additionally for Mandriva Linux 2010.2 the cifs-utils package has been upgraded to the 4.8.1 version that brings numerous additional fixes. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56462
    published2011-10-12
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56462
    titleMandriva Linux Security Advisory : samba (MDVSA-2011:148)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2011:148. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(56462);
      script_version("1.9");
      script_cvs_date("Date: 2019/08/02 13:32:54");
    
      script_cve_id("CVE-2011-1678", "CVE-2011-2724");
      script_bugtraq_id(38326, 49939);
      script_xref(name:"MDVSA", value:"2011:148");
    
      script_name(english:"Mandriva Linux Security Advisory : samba (MDVSA-2011:148)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities has been discovered and corrected in
    samba/cifs-utils :
    
    smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to
    append to the /etc/mtab file and (2) umount.cifs to append to the
    /etc/mtab.tmp file without first checking whether resource limits
    would interfere, which allows local users to trigger corruption of the
    /etc/mtab file via a process with a small RLIMIT_FSIZE value, a
    related issue to CVE-2011-1089 (CVE-2011-1678).
    
    The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs
    in Samba 3.5.10 and earlier does not properly verify that the (1)
    device name and (2) mountpoint strings are composed of valid
    characters, which allows local users to cause a denial of service
    (mtab corruption) via a crafted string. NOTE: this vulnerability
    exists because of an incorrect fix for CVE-2010-0547 (CVE-2011-2724).
    
    Additionally for Mandriva Linux 2010.2 the cifs-utils package has been
    upgraded to the 4.8.1 version that brings numerous additional fixes.
    
    Packages for 2009.0 are provided as of the Extended Maintenance
    Program. Please visit this link to learn more:
    http://store.mandriva.com/product_info.php?cPath=149 products_id=490
    
    The updated packages have been patched to correct these issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cifs-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64netapi-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64netapi0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbclient0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbclient0-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbclient0-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbsharemodes-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbsharemodes0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64talloc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64talloc1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64tdb-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64tdb1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wbclient-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wbclient0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnetapi-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnetapi0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbclient0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbclient0-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbclient0-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbsharemodes-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbsharemodes0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtalloc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtalloc1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtdb-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtdb1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwbclient-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwbclient0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mount-cifs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nss_wins");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-domainjoin-gui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-swat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-winbind");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/10/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64netapi-devel-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64netapi0-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64smbclient0-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64smbclient0-devel-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64smbclient0-static-devel-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64smbsharemodes-devel-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64smbsharemodes0-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64talloc-devel-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64talloc1-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64tdb-devel-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64tdb1-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64wbclient-devel-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64wbclient0-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libnetapi-devel-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libnetapi0-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libsmbclient0-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libsmbclient0-devel-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libsmbclient0-static-devel-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libsmbsharemodes-devel-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libsmbsharemodes0-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libtalloc-devel-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libtalloc1-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libtdb-devel-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libtdb1-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libwbclient-devel-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libwbclient0-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mount-cifs-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"nss_wins-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"samba-client-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"samba-common-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"samba-doc-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"samba-server-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"samba-swat-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"samba-winbind-3.3.12-0.7mdv2009.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2010.1", reference:"cifs-utils-4.8.1-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64netapi-devel-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64netapi0-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64smbclient0-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64smbclient0-devel-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64smbclient0-static-devel-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64smbsharemodes-devel-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64smbsharemodes0-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64wbclient-devel-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64wbclient0-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libnetapi-devel-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libnetapi0-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libsmbclient0-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libsmbclient0-devel-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libsmbclient0-static-devel-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libsmbsharemodes-devel-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libsmbsharemodes0-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libwbclient-devel-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libwbclient0-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mount-cifs-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"nss_wins-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"samba-client-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"samba-common-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"samba-doc-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"samba-domainjoin-gui-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"samba-server-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"samba-swat-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"samba-winbind-3.5.3-3.4mdv2010.2", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2011", reference:"cifs-utils-4.9-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64netapi-devel-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64netapi0-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64smbclient0-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64smbclient0-devel-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64smbclient0-static-devel-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64smbsharemodes-devel-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64smbsharemodes0-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64wbclient-devel-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64wbclient0-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libnetapi-devel-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libnetapi0-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libsmbclient0-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libsmbclient0-devel-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libsmbclient0-static-devel-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libsmbsharemodes-devel-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libsmbsharemodes0-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libwbclient-devel-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libwbclient0-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"mount-cifs-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"nss_wins-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"samba-client-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"samba-common-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"samba-doc-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"samba-domainjoin-gui-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"samba-server-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"samba-swat-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"samba-winbind-3.5.10-1.1-mdv2011.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2012-0013.NASL
    descriptiona. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. b. vCenter Update Manager update to JRE 1.5.0 Update 36 The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical Patch Update Advisory for June 2012. c. Update to ESX/ESXi userworld OpenSSL library The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version 0.9.8t to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues. d. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue. e. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583 to these issues. f. Update to ESX service console Perl RPM The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2761, CVE-2010-4410, and CVE-2011-3597 to these issues. g. Update to ESX service console libxml2 RPMs The ESX service console libmxl2 RPMs are updated to libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0841 to this issue. h. Update to ESX service console glibc RPM The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864 to these issue. i. Update to ESX service console GnuTLS RPM The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4128, CVE-2012-1569, and CVE-2012-1573 to these issues. j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to the following versions to resolve multiple security issues : - popt-1.10.2.3-28.el5_8 - rpm-4.4.2.3-28.el5_8 - rpm-libs-4.4.2.3-28.el5_8 - rpm-python-4.4.2.3-28.el5_8 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 to these issues. k. Vulnerability in third-party Apache Struts component The version of Apache Struts in vCenter Operations has been updated to 2.3.4 which addresses an arbitrary file overwrite vulnerability. This vulnerability allows an attacker to create a denial of service by overwriting arbitrary files without authentication. The attacker would need to be on the same network as the system where vCOps is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0393 to this issue. Note: Apache struts 2.3.4 addresses the following issues as well : CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It was found that these do not affect vCOps. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us.
    last seen2020-06-01
    modified2020-06-02
    plugin id61747
    published2012-08-31
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61747
    titleVMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from VMware Security Advisory 2012-0013. 
    # The text itself is copyright (C) VMware Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61747);
      script_version("1.56");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/30");
    
      script_cve_id("CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2010-2761", "CVE-2010-4180", "CVE-2010-4252", "CVE-2010-4410", "CVE-2011-0014", "CVE-2011-1020", "CVE-2011-1089", "CVE-2011-1833", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2699", "CVE-2011-3188", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-3597", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4110", "CVE-2011-4128", "CVE-2011-4132", "CVE-2011-4324", "CVE-2011-4325", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4609", "CVE-2011-4619", "CVE-2012-0050", "CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0207", "CVE-2012-0393", "CVE-2012-0815", "CVE-2012-0841", "CVE-2012-0864", "CVE-2012-1569", "CVE-2012-1573", "CVE-2012-1583", "CVE-2012-2110");
      script_bugtraq_id(40063, 44199, 45145, 45163, 45164, 46264, 46567, 46740, 47321, 48383, 48802, 49108, 49289, 49626, 49911, 50311, 50609, 50663, 50755, 50798, 50898, 51194, 51257, 51281, 51343, 51366, 51439, 51467, 51563, 52009, 52010, 52011, 52012, 52013, 52014, 52015, 52016, 52017, 52018, 52019, 52020, 52107, 52161, 52201, 52667, 52668, 52865, 53136, 53139, 53158, 53946, 53947, 53948, 53949, 53950, 53951, 53952, 53953, 53954, 53956, 53958, 53959, 53960);
      script_xref(name:"VMSA", value:"2012-0013");
    
      script_name(english:"VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries");
      script_summary(english:"Checks esxupdate output for the patches");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote VMware ESXi / ESX host is missing one or more
    security-related patches."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "a. vCenter and ESX update to JRE 1.6.0 Update 31
    
       The Oracle (Sun) JRE is updated to version 1.6.0_31, which
       addresses multiple security issues. Oracle has documented the
       CVE identifiers that are addressed by this update in the Oracle
       Java SE Critical Patch Update Advisory of February 2012.
    
    b. vCenter Update Manager update to JRE 1.5.0 Update 36
    
       The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple
       security issues.  Oracle has documented the CVE identifiers that
       are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical
       Patch Update Advisory for June 2012.
    
    c. Update to ESX/ESXi userworld OpenSSL library
    
       The ESX/ESXi userworld OpenSSL library is updated from version
       0.9.8p to version 0.9.8t to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2010-4180, CVE-2010-4252,
       CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576,
       CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues.
    
    d. Update to ESX service console OpenSSL RPM
    
       The service console OpenSSL RPM is updated to version
       0.9.8e-22.el5_8.3 to resolve a security issue.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2012-2110 to this issue.
    
    e. Update to ESX service console kernel
    
       The ESX service console kernel is updated to resolve multiple
       security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2011-1833, CVE-2011-2484,
       CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363,
       CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324,
       CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583
       to these issues.
    
    f. Update to ESX service console Perl RPM
    
       The ESX service console Perl RPM is updated to
       perl-5.8.8.32.1.8999.vmw to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2010-2761, CVE-2010-4410, and
       CVE-2011-3597 to these issues.
    
    g. Update to ESX service console libxml2 RPMs
    
       The ESX service console libmxl2 RPMs are updated to
       libxml2-2.6.26-2.1.15.el5_8.2 and
       libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security
       issue.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2012-0841 to this issue.
    
    h. Update to ESX service console glibc RPM
    
       The ESX service console glibc RPM is updated to version
       glibc-2.5-81.el5_8.1 to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the names CVE-2009-5029, CVE-2009-5064,
       CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864
       to these issue.
    
    i. Update to ESX service console GnuTLS RPM
    
       The ESX service console GnuTLS RPM is updated to version
       1.4.1-7.el5_8.2 to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2011-4128, CVE-2012-1569, and
       CVE-2012-1573 to these issues.
    
    j. Update to ESX service console popt, rpm, rpm-libs,
       and rpm-python RPMS
    
       The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS
       are updated to the following versions to resolve multiple
       security issues :
          - popt-1.10.2.3-28.el5_8
          - rpm-4.4.2.3-28.el5_8
          - rpm-libs-4.4.2.3-28.el5_8
          - rpm-python-4.4.2.3-28.el5_8
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2012-0060, CVE-2012-0061, and
       CVE-2012-0815 to these issues.
    
    k. Vulnerability in third-party Apache Struts component
    
       The version of Apache Struts in vCenter Operations has been
       updated to 2.3.4 which addresses an arbitrary file overwrite
       vulnerability. This vulnerability allows an attacker to create
       a denial of service by overwriting arbitrary files without
       authentication. The attacker would need to be on the same network
       as the system where vCOps is installed.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org) has
       assigned the name CVE-2012-0393 to this issue.
    
       Note: Apache struts 2.3.4 addresses the following issues as well :
       CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It
       was found that these do not affect vCOps.
    
       VMware would like to thank Alexander Minozhenko from ERPScan for
       reporting this issue to us."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://lists.vmware.com/pipermail/security-announce/2012/000197.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply the missing patches.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java Applet Field Bytecode Verifier Cache Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"VMware ESX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
      script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("vmware_esx_packages.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
    if (
      !get_kb_item("Host/VMware/esxcli_software_vibs") &&
      !get_kb_item("Host/VMware/esxupdate")
    ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    init_esx_check(date:"2012-08-30");
    flag = 0;
    
    
    if (
      esx_check(
        ver           : "ESX 4.0",
        patch         : "ESX400-201209401-SG",
        patch_updates : make_list("ESX400-201302401-SG", "ESX400-201305401-SG", "ESX400-201310401-SG", "ESX400-201404401-SG")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.0",
        patch         : "ESX400-201209402-SG",
        patch_updates : make_list("ESX400-201305404-SG", "ESX400-201310402-SG")
      )
    ) flag++;
    if (esx_check(ver:"ESX 4.0", patch:"ESX400-201209404-SG")) flag++;
    
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208101-SG",
        patch_updates : make_list("ESX410-201211401-SG", "ESX410-201301401-SG", "ESX410-201304401-SG", "ESX410-201307401-SG", "ESX410-201312401-SG", "ESX410-201404401-SG", "ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208102-SG",
        patch_updates : make_list("ESX410-201301405-SG", "ESX410-201304402-SG", "ESX410-201307405-SG", "ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208103-SG",
        patch_updates : make_list("ESX410-201307403-SG", "ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208104-SG",
        patch_updates : make_list("ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208105-SG",
        patch_updates : make_list("ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208106-SG",
        patch_updates : make_list("ESX410-201307404-SG", "ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208107-SG",
        patch_updates : make_list("ESX410-Update03")
      )
    ) flag++;
    
    if (
      esx_check(
        ver           : "ESXi 4.1",
        patch         : "ESXi410-201208101-SG",
        patch_updates : make_list("ESXi410-201211401-SG", "ESXi410-201301401-SG", "ESXi410-201304401-SG", "ESXi410-201307401-SG", "ESXi410-201312401-SG", "ESXi410-201404401-SG", "ESXi410-Update03")
      )
    ) flag++;
    
    if (esx_check(ver:"ESXi 5.0", vib:"VMware:esx-base:5.0.0-1.25.912577")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0126.NASL
    descriptionUpdated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609) Red Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830. Users should upgrade to these updated packages, which resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57924
    published2012-02-14
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57924
    titleCentOS 5 : glibc (CESA-2012:0126)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2012:0126 and 
    # CentOS Errata and Security Advisory 2012:0126 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57924);
      script_version("1.12");
      script_cvs_date("Date: 2020/01/07");
    
      script_cve_id("CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2011-1089", "CVE-2011-4609");
      script_bugtraq_id(40063, 46740, 50898, 51439);
      script_xref(name:"RHSA", value:"2012:0126");
    
      script_name(english:"CentOS 5 : glibc (CESA-2012:0126)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated glibc packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The glibc packages contain the standard C libraries used by multiple
    programs on the system. These packages contain the standard C and the
    standard math libraries. Without these two libraries, a Linux system
    cannot function properly.
    
    An integer overflow flaw, leading to a heap-based buffer overflow, was
    found in the way the glibc library read timezone files. If a
    carefully-crafted timezone file was loaded by an application linked
    against glibc, it could cause the application to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the application. (CVE-2009-5029)
    
    A flaw was found in the way the ldd utility identified dynamically
    linked libraries. If an attacker could trick a user into running ldd
    on a malicious binary, it could result in arbitrary code execution
    with the privileges of the user running ldd. (CVE-2009-5064)
    
    An integer overflow flaw, leading to a heap-based buffer overflow, was
    found in the way the glibc library loaded ELF (Executable and Linking
    Format) files. If a carefully-crafted ELF file was loaded by an
    application linked against glibc, it could cause the application to
    crash or, potentially, execute arbitrary code with the privileges of
    the user running the application. (CVE-2010-0830)
    
    It was found that the glibc addmntent() function, used by various
    mount helper utilities, did not handle certain errors correctly when
    updating the mtab (mounted file systems table) file. If such utilities
    had the setuid bit set, a local attacker could use this flaw to
    corrupt the mtab file. (CVE-2011-1089)
    
    A denial of service flaw was found in the remote procedure call (RPC)
    implementation in glibc. A remote attacker able to open a large number
    of connections to an RPC service that is using the RPC implementation
    from glibc, could use this flaw to make that service use an excessive
    amount of CPU time. (CVE-2011-4609)
    
    Red Hat would like to thank the Ubuntu Security Team for reporting
    CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The
    Ubuntu Security Team acknowledges Dan Rosenberg as the original
    reporter of CVE-2010-0830.
    
    Users should upgrade to these updated packages, which resolve these
    issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2012-February/018428.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e48699c2"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected glibc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-5064");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/02/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"glibc-2.5-65.el5_7.3")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"glibc-common-2.5-65.el5_7.3")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"glibc-devel-2.5-65.el5_7.3")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"glibc-headers-2.5-65.el5_7.3")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"glibc-utils-2.5-65.el5_7.3")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"nscd-2.5-65.el5_7.3")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc");
    }
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2012-0018.NASL
    descriptiona. vCenter Server Appliance directory traversal The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6324 to this issue. b. vCenter Server Appliance arbitrary file download The vCenter Server Appliance (vCSA) contains an XML parsing vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6325 to this issue. c. Update to ESX glibc package The ESX glibc package is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864 CVE-2012-3404, CVE-2012-3405, CVE-2012-3406 and CVE-2012-3480 to these issues. d. vCenter Server and vCSA webservice logging denial of service The vCenter Server and vCenter Server Appliance (vCSA) both contain a vulnerability that allows unauthenticated remote users to create abnormally large log entries. Exploitation of this issue may allow an attacker to fill the system volume of the vCenter host or appliance VM and create a denial-of-service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6326 to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id63332
    published2012-12-24
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63332
    titleVMSA-2012-0018 : VMware security updates for vCSA and ESXi
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from VMware Security Advisory 2012-0018. 
    # The text itself is copyright (C) VMware Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63332);
      script_version("1.22");
      script_cvs_date("Date: 2018/08/06 14:03:16");
    
      script_cve_id("CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2011-1089", "CVE-2011-4609", "CVE-2012-0864", "CVE-2012-3404", "CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480", "CVE-2012-6324", "CVE-2012-6325", "CVE-2012-6326");
      script_bugtraq_id(40063, 46740, 50898, 51439, 52201, 54374, 54982, 57021, 57022, 58139);
      script_xref(name:"VMSA", value:"2012-0018");
    
      script_name(english:"VMSA-2012-0018 : VMware security updates for vCSA and ESXi");
      script_summary(english:"Checks esxupdate output for the patches");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote VMware ESXi host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "a. vCenter Server Appliance directory traversal
    
       The vCenter Server Appliance (vCSA) contains a directory
       traversal vulnerability that allows an authenticated 
       remote user to retrieve arbitrary files. Exploitation of
       this issue may expose sensitive information stored on the 
       server. 
    
       VMware would like to thank Alexander Minozhenko from ERPScan for
       reporting this issue to us.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2012-6324 to this issue.
    
     b. vCenter Server Appliance arbitrary file download
    
       The vCenter Server Appliance (vCSA) contains an XML parsing 
       vulnerability that allows an authenticated remote user to
       retrieve arbitrary files.  Exploitation of this issue may
       expose sensitive information stored on the server.
    
       VMware would like to thank Alexander Minozhenko from ERPScan for
       reporting this issue to us.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2012-6325 to this issue.
    
     c. Update to ESX glibc package
    
       The ESX glibc package is updated to version glibc-2.5-81.el5_8.1
       to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2009-5029, CVE-2009-5064,
       CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864
       CVE-2012-3404, CVE-2012-3405, CVE-2012-3406 and CVE-2012-3480
       to these issues.
    
     d. vCenter Server and vCSA webservice logging denial of service
    
       The vCenter Server and vCenter Server Appliance (vCSA) both
       contain a vulnerability that allows unauthenticated remote 
       users to create abnormally large log entries.  Exploitation
       of this issue may allow an attacker to fill the system volume
       of the vCenter host or appliance VM and create a 
       denial-of-service condition. 
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2012-6326 to this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://lists.vmware.com/pipermail/security-announce/2013/000212.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply the missing patches.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
      script_family(english:"VMware ESX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
      script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("vmware_esx_packages.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
    if (
      !get_kb_item("Host/VMware/esxcli_software_vibs") &&
      !get_kb_item("Host/VMware/esxupdate")
    ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    init_esx_check(date:"2012-12-20");
    flag = 0;
    
    
    if (esx_check(ver:"ESXi 5.0", vib:"VMware:esx-base:5.0.0-1.25.912577")) flag++;
    if (esx_check(ver:"ESXi 5.0", vib:"VMware:tools-light:5.0.0-1.25.912577")) flag++;
    
    if (esx_check(ver:"ESXi 5.1", vib:"VMware:esx-base:5.1.0-0.11.1063671")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_NCPFS-110824.NASL
    descriptionFollowing issues are fixed by this update : - The ncpfs mount and umount programs were affected by the /etc/mtab truncation problems on RLIMIT_FSIZE. (CVE-2011-1679) - on errors, the mtab lock was not removed, blocking other applications from modifying /etc/mtab. (CVE-2011-1680) - we now keep the connection socket alive to avoid losing ncpfs mounts (bnc#621810)
    last seen2020-06-01
    modified2020-06-02
    plugin id57120
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57120
    titleSuSE 11.1 Security Update : ncpfs (SAT Patch Number 5045)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57120);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/25 13:36:43");
    
      script_cve_id("CVE-2011-1089", "CVE-2011-1679", "CVE-2011-1680");
    
      script_name(english:"SuSE 11.1 Security Update : ncpfs (SAT Patch Number 5045)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Following issues are fixed by this update :
    
      - The ncpfs mount and umount programs were affected by the
        /etc/mtab truncation problems on RLIMIT_FSIZE.
        (CVE-2011-1679)
    
      - on errors, the mtab lock was not removed, blocking other
        applications from modifying /etc/mtab. (CVE-2011-1680)
    
      - we now keep the connection socket alive to avoid losing
        ncpfs mounts (bnc#621810)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=621810"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=686554"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-1089.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-1679.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-1680.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 5045.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ncpfs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ncpfs-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"ncpfs-2.2.6-147.27.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"ncpfs-2.2.6-147.27.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"ncpfs-32bit-2.2.6-147.27.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1396-1.NASL
    descriptionIt was discovered that the GNU C Library did not properly handle integer overflows in the timezone handling code. An attacker could use this to possibly execute arbitrary code by convincing an application to load a maliciously constructed tzfile. (CVE-2009-5029) It was discovered that the GNU C Library did not properly handle passwd.adjunct.byname map entries in the Network Information Service (NIS) code in the name service caching daemon (nscd). An attacker could use this to obtain the encrypted passwords of NIS accounts. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-0015) Chris Evans reported that the GNU C Library did not properly calculate the amount of memory to allocate in the fnmatch() code. An attacker could use this to cause a denial of service or possibly execute arbitrary code via a maliciously crafted UTF-8 string. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2011-1071) Tomas Hoger reported that an additional integer overflow was possible in the GNU C Library fnmatch() code. An attacker could use this to cause a denial of service via a maliciously crafted UTF-8 string. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1659) Dan Rosenberg discovered that the addmntent() function in the GNU C Library did not report an error status for failed attempts to write to the /etc/mtab file. This could allow an attacker to corrupt /etc/mtab, possibly causing a denial of service or otherwise manipulate mount options. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1089) Harald van Dijk discovered that the locale program included with the GNU C library did not properly quote its output. This could allow a local attacker to possibly execute arbitrary code using a crafted localization string that was evaluated in a shell script. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2011-1095) It was discovered that the GNU C library loader expanded the $ORIGIN dynamic string token when RPATH is composed entirely of this token. This could allow an attacker to gain privilege via a setuid program that had this RPATH value. (CVE-2011-1658) It was discovered that the GNU C library implementation of memcpy optimized for Supplemental Streaming SIMD Extensions 3 (SSSE3) contained a possible integer overflow. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. (CVE-2011-2702) John Zimmerman discovered that the Remote Procedure Call (RPC) implementation in the GNU C Library did not properly handle large numbers of connections. This could allow a remote attacker to cause a denial of service. (CVE-2011-4609) It was discovered that the GNU C Library vfprintf() implementation contained a possible integer overflow in the format string protection code offered by FORTIFY_SOURCE. An attacker could use this flaw in conjunction with a format string vulnerability to bypass the format string protection and possibly execute arbitrary code. (CVE-2012-0864). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id58318
    published2012-03-12
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58318
    titleUbuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : eglibc, glibc vulnerabilities (USN-1396-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1396-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58318);
      script_version("1.10");
      script_cvs_date("Date: 2019/09/19 12:54:27");
    
      script_cve_id("CVE-2009-5029", "CVE-2010-0015", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2011-1658", "CVE-2011-1659", "CVE-2011-2702", "CVE-2011-4609", "CVE-2012-0864");
      script_bugtraq_id(37885, 46563, 46740, 47370, 50898, 51439, 52201);
      script_xref(name:"USN", value:"1396-1");
    
      script_name(english:"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : eglibc, glibc vulnerabilities (USN-1396-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the GNU C Library did not properly handle
    integer overflows in the timezone handling code. An attacker could use
    this to possibly execute arbitrary code by convincing an application
    to load a maliciously constructed tzfile. (CVE-2009-5029)
    
    It was discovered that the GNU C Library did not properly handle
    passwd.adjunct.byname map entries in the Network Information Service
    (NIS) code in the name service caching daemon (nscd). An attacker
    could use this to obtain the encrypted passwords of NIS accounts. This
    issue only affected Ubuntu 8.04 LTS. (CVE-2010-0015)
    
    Chris Evans reported that the GNU C Library did not properly calculate
    the amount of memory to allocate in the fnmatch() code. An attacker
    could use this to cause a denial of service or possibly execute
    arbitrary code via a maliciously crafted UTF-8 string. This issue only
    affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 10.10.
    (CVE-2011-1071)
    
    Tomas Hoger reported that an additional integer overflow was possible
    in the GNU C Library fnmatch() code. An attacker could use this to
    cause a denial of service via a maliciously crafted UTF-8 string. This
    issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10
    and Ubuntu 11.04. (CVE-2011-1659)
    
    Dan Rosenberg discovered that the addmntent() function in the GNU C
    Library did not report an error status for failed attempts to write to
    the /etc/mtab file. This could allow an attacker to corrupt /etc/mtab,
    possibly causing a denial of service or otherwise manipulate mount
    options. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS,
    Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1089)
    
    Harald van Dijk discovered that the locale program included with the
    GNU C library did not properly quote its output. This could allow a
    local attacker to possibly execute arbitrary code using a crafted
    localization string that was evaluated in a shell script. This issue
    only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 10.10.
    (CVE-2011-1095)
    
    It was discovered that the GNU C library loader expanded the $ORIGIN
    dynamic string token when RPATH is composed entirely of this token.
    This could allow an attacker to gain privilege via a setuid program
    that had this RPATH value. (CVE-2011-1658)
    
    It was discovered that the GNU C library implementation of memcpy
    optimized for Supplemental Streaming SIMD Extensions 3 (SSSE3)
    contained a possible integer overflow. An attacker could use this to
    cause a denial of service or possibly execute arbitrary code. This
    issue only affected Ubuntu 10.04 LTS. (CVE-2011-2702)
    
    John Zimmerman discovered that the Remote Procedure Call (RPC)
    implementation in the GNU C Library did not properly handle large
    numbers of connections. This could allow a remote attacker to cause a
    denial of service. (CVE-2011-4609)
    
    It was discovered that the GNU C Library vfprintf() implementation
    contained a possible integer overflow in the format string protection
    code offered by FORTIFY_SOURCE. An attacker could use this flaw in
    conjunction with a format string vulnerability to bypass the format
    string protection and possibly execute arbitrary code. (CVE-2012-0864).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1396-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libc-bin and / or libc6 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(255);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/01/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/03/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(8\.04|10\.04|10\.10|11\.04|11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"8.04", pkgname:"libc6", pkgver:"2.7-10ubuntu8.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"libc-bin", pkgver:"2.11.1-0ubuntu7.10")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"libc6", pkgver:"2.11.1-0ubuntu7.10")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"libc-bin", pkgver:"2.12.1-0ubuntu10.4")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"libc6", pkgver:"2.12.1-0ubuntu10.4")) flag++;
    if (ubuntu_check(osver:"11.04", pkgname:"libc6", pkgver:"2.13-0ubuntu13.1")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"libc6", pkgver:"2.13-20ubuntu5.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libc-bin / libc6");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20111206_GLIBC_ON_SL6_X.NASL
    descriptionThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) This update also fixes several bugs and adds various enhancements. Users are advised to upgrade to these updated glibc packages, which contain backported patches to resolve these issues and add these enhancements.
    last seen2020-06-01
    modified2020-06-02
    plugin id61187
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61187
    titleScientific Linux Security Update : glibc on SL6.x i386/x86_64
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120213_GLIBC_ON_SL5_X.NASL
    descriptionThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609) Users should upgrade to these updated packages, which resolve these issues.
    last seen2020-03-18
    modified2012-08-01
    plugin id61244
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61244
    titleScientific Linux Security Update : glibc on SL5.x i386/x86_64 (20120213)
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_1_BUILD_1063671_REMOTE.NASL
    descriptionThe remote VMware ESXi 5.1 host is affected by the following security vulnerabilities : - An integer overflow condition exists in the glibc library in the __tzfile_read() function that allows a denial of service or arbitrary code execution. (CVE-2009-5029) - An error exists in the glibc library related to modified loaders and
    last seen2020-06-01
    modified2020-06-02
    plugin id70886
    published2013-11-13
    reporterThis script is (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70886
    titleESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check)
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_0_BUILD_912577_REMOTE.NASL
    descriptionThe remote VMware ESXi 5.0 host is affected by Multiple Vulnerabilities : - An integer overflow condition exists in the __tzfile_read() function in the glibc library. An unauthenticated, remote attacker can exploit this, via a crafted timezone (TZ) file, to cause a denial of service or the execution of arbitrary code. (CVE-2009-5029) - ldd in the glibc library is affected by a privilege escalation vulnerability due to the omission of certain LD_TRACE_LOADED_OBJECTS checks in a crafted executable file. Note that this vulnerability is disputed by the library vendor. (CVE-2009-5064) - A remote code execution vulnerability exists in the glibc library due to an integer signedness error in the elf_get_dynamic_info() function when the
    last seen2020-06-01
    modified2020-06-02
    plugin id70885
    published2013-11-13
    reporterThis script is (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70885
    titleESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120213_GLIBC_ON_SL4_X.NASL
    descriptionThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) It was discovered that the glibc addmntent() function, used by various mount helper utilities, did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into the mtab (mounted file systems table) file via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830) It was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) It was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker
    last seen2020-03-18
    modified2012-08-01
    plugin id61243
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61243
    titleScientific Linux Security Update : glibc on SL4.x i386/x86_64 (20120213)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0168.NASL
    descriptionAn updated rhev-hypervisor5 package that fixes several security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029) A divide-by-zero flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79283
    published2014-11-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79283
    titleRHEL 5 : rhev-hypervisor5 (RHSA-2012:0168)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2013-1251-1.NASL
    descriptionThis collective update for the GNU C library (glibc) provides the following fixes and enhancements : Security issues fixed : - Fix stack overflow in getaddrinfo with many results. (bnc#813121, CVE-2013-1914) - Fix a different stack overflow in getaddrinfo with many results. (bnc#828637) - Fix array overflow in floating point parser [bnc#775690] (CVE-2012-3480) - Fix strtod integer/buffer overflows [bnc#775690] (CVE-2012-3480) - Add patches for fix overflows in vfprintf. [bnc #770891, CVE-2012-3405, CVE-2012-3406] - Fix buffer overflow in glob. (bnc#691365) (CVE-2010-4756) - Flush stream in addmntent, to catch errors like reached file size limits. [bnc #676178, CVE-2011-1089] Bugs fixed : - Fix locking in _IO_cleanup. (bnc#796982) - Fix resolver when first query fails, but seconds succeeds. [bnc #767266] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-05-20
    plugin id83594
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83594
    titleSUSE SLES11 Security Update : glibc (SUSE-SU-2013:1251-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0125.NASL
    descriptionUpdated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) It was discovered that the glibc addmntent() function, used by various mount helper utilities, did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into the mtab (mounted file systems table) file via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830) It was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) It was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker
    last seen2020-06-01
    modified2020-06-02
    plugin id57923
    published2012-02-14
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57923
    titleCentOS 4 : glibc (CESA-2012:0125)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0126.NASL
    descriptionFrom Red Hat Security Advisory 2012:0126 : Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609) Red Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830. Users should upgrade to these updated packages, which resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id68456
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68456
    titleOracle Linux 5 : glibc (ELSA-2012-0126)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2012-0013_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - Apache Struts - glibc - GnuTLS - JRE - kernel - libxml2 - OpenSSL - Perl - popt and rpm
    last seen2020-06-01
    modified2020-06-02
    plugin id89038
    published2016-02-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89038
    titleVMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0125.NASL
    descriptionFrom Red Hat Security Advisory 2012:0125 : Updated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) It was discovered that the glibc addmntent() function, used by various mount helper utilities, did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into the mtab (mounted file systems table) file via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830) It was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) It was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker
    last seen2020-06-01
    modified2020-06-02
    plugin id68455
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68455
    titleOracle Linux 4 : glibc (ELSA-2012-0125)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_NCPFS-110824.NASL
    descriptionFollowing issues are fixed by this update: The ncpfs mount and umount programs were affected by the /etc/mtab truncation problems on RLIMIT_FSIZE. (CVE-2011-1679) Also on errors, the mtab lock was not removed, blocking other applications from modifying /etc/mtab. (CVE-2011-1680)
    last seen2020-06-01
    modified2020-06-02
    plugin id75680
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75680
    titleopenSUSE Security Update : ncpfs (openSUSE-SU-2011:0985-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2013-1287-1.NASL
    descriptionThis collective update for the GNU C library (glibc) provides the following fixes and enhancements : Security issues fixed : - Fix stack overflow in getaddrinfo with many results. (bnc#813121, CVE-2013-1914) - Fixed another stack overflow in getaddrinfo with many results (bnc#828637) - Fix buffer overflow in glob. (bnc#691365) (CVE-2010-4756) - Fix array overflow in floating point parser [bnc#775690] (CVE-2012-3480) - Fix strtod integer/buffer overflows [bnc#775690] (CVE-2012-3480) Make addmntent return errors also for cached streams. [bnc #676178, CVE-2011-1089] - Fix overflows in vfprintf. [bnc #770891, CVE 2012-3406] - Add vfprintf-nargs.diff for possible format string overflow. [bnc #747768, CVE-2012-0864] - Check values from file header in __tzfile_read. [bnc #735850, CVE-2009-5029] Also several bugs were fixed : - Fix locking in _IO_cleanup. (bnc#796982) - Fix memory leak in execve. (bnc#805899) Fix nscd timestamps in logging (bnc#783196) - Fix perl script error message (bnc#774467) - Fall back to localhost if no nameserver defined (bnc#818630) - Fix incomplete results from nscd. [bnc #753756] - Fix a deadlock in dlsym in case the symbol isn
    last seen2020-06-05
    modified2015-05-20
    plugin id83597
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83597
    titleSUSE SLES10 Security Update : glibc (SUSE-SU-2013:1287-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-048.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in ncpfs : ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the /etc/mtab file and (2) ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089 (CVE-2011-1679). ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors (CVE-2011-1680). The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id66062
    published2013-04-20
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66062
    titleMandriva Linux Security Advisory : ncpfs (MDVSA-2013:048)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_NCPFS-7710.NASL
    descriptionFollowing issues are fixed by this update : - The ncpfs mount and umount programs were affected by the /etc/mtab truncation problems on RLIMIT_FSIZE. (CVE-2011-1679) - on errors, the mtab lock was not removed, blocking other applications from modifying /etc/mtab. (CVE-2011-1680) - we now keep the connection socket alive to avoid losing ncpfs mounts. (bnc#621810)
    last seen2020-06-01
    modified2020-06-02
    plugin id56610
    published2011-10-24
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56610
    titleSuSE 10 Security Update : ncpfs (ZYPP Patch Number 7710)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-083.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in util-linux : mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089 (CVE-2011-1675). mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors (CVE-2011-1677). The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id59304
    published2012-05-30
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59304
    titleMandriva Linux Security Advisory : util-linux (MDVSA-2012:083)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1526.NASL
    descriptionUpdated glibc packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) Red Hat would like to thank Dan Rosenberg for reporting the CVE-2011-1089 issue. This update also fixes several bugs and adds various enhancements. Documentation for these bug fixes and enhancements will be available shortly from the Technical Notes document, linked to in the References section. Users are advised to upgrade to these updated glibc packages, which contain backported patches to resolve these issues and add these enhancements.
    last seen2020-06-01
    modified2020-06-02
    plugin id57011
    published2011-12-06
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57011
    titleRHEL 6 : glibc (RHSA-2011:1526)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0125.NASL
    descriptionUpdated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) It was discovered that the glibc addmntent() function, used by various mount helper utilities, did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into the mtab (mounted file systems table) file via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830) It was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) It was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker
    last seen2020-04-16
    modified2012-02-14
    plugin id57928
    published2012-02-14
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57928
    titleRHEL 4 : glibc (RHSA-2012:0125)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0126.NASL
    descriptionUpdated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609) Red Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830. Users should upgrade to these updated packages, which resolve these issues.
    last seen2020-04-16
    modified2012-02-14
    plugin id57929
    published2012-02-14
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57929
    titleRHEL 5 : glibc (RHSA-2012:0126)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201312-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201312-01 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GNU C Library. Please review the CVE identifiers referenced below for details. Impact : A local attacker could trigger vulnerabilities in dynamic library loader, making it possible to load attacker-controlled shared objects during execution of setuid/setgid programs to escalate privileges. A context-dependent attacker could trigger various vulnerabilities in GNU C Library, including a buffer overflow, leading to execution of arbitrary code or a Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id71167
    published2013-12-03
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71167
    titleGLSA-201312-01 : GNU C Library: Multiple vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-179.NASL
    descriptionMultiple vulnerabilities was discovered and fixed in glibc : The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296 (CVE-2011-1089). Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071 (CVE-2011-1659). crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483). The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id61938
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61938
    titleMandriva Linux Security Advisory : glibc (MDVSA-2011:179)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_NCPFS-7711.NASL
    descriptionFollowing issues are fixed by this update : - The ncpfs mount and umount programs were affected by the /etc/mtab truncation problems on RLIMIT_FSIZE. (CVE-2011-1679) - on errors, the mtab lock was not removed, blocking other applications from modifying /etc/mtab. (CVE-2011-1680) - we now keep the connection socket alive to avoid losing ncpfs mounts. (bnc#621810)
    last seen2020-06-01
    modified2020-06-02
    plugin id57231
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57231
    titleSuSE 10 Security Update : ncpfs (ZYPP Patch Number 7711)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-178.NASL
    descriptionMultiple vulnerabilities was discovered and fixed in glibc : Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has in (a) RPATH or (b) RUNPATH. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847 (CVE-2011-0536). The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a stack extension attack, a related issue to CVE-2010-2898, as originally reported for use of this library by Google Chrome (CVE-2011-1071). The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296 (CVE-2011-1089). locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function (CVE-2011-1095). Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071 (CVE-2011-1659). crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483). The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56953
    published2011-11-28
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56953
    titleMandriva Linux Security Advisory : glibc (MDVSA-2011:178)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GLIBC-8351.NASL
    descriptionThis collective update to the GNU Lib C library (glibc) provides the following fixes : - Make addmntent() return errors also for cached streams. (bnc#676178, CVE-2011-1089) - Fix overflows in vfprintf(). (bnc#770891, CVE-2012-3406) - Fix incomplete results from nscd. (bnc#753756) - Fix a deadlock in dlsym in case the symbol isn
    last seen2020-06-05
    modified2012-11-19
    plugin id62960
    published2012-11-19
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62960
    titleSuSE 10 Security Update : glibc (ZYPP Patch Number 8351)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2012-1488-1.NASL
    descriptionThis collective update to the GNU Lib C library (glibc) provides the following fixes : - Make addmntent() return errors also for cached streams (bnc#676178, CVE-2011-1089) - Fix overflows in vfprintf() (bnc#770891, CVE-2012-3406) - Fix incomplete results from nscd (bnc#753756) - Fix a deadlock in dlsym in case the symbol isn
    last seen2020-06-05
    modified2015-05-20
    plugin id83565
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83565
    titleSUSE SLED10 / SLES10 Security Update : glibc (SUSE-SU-2012:1488-1)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2015-0023.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long [Orabug 19951108] - Use a /sys/devices/system/cpu/online for _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin) - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532). - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Fix patch for integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Fix return code when starting an already started nscd daemon (#979413). - Fix getnameinfo for many PTR record queries (#1020486). - Return EINVAL error for negative sizees to getgroups (#995207). - Fix integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420). - Revert incomplete fix for bug #758193. - Fix _nl_find_msg malloc failure case, and callers (#957089). - Test on init_fct, not result->__init_fct, after demangling (#816647). - Don
    last seen2020-06-01
    modified2020-06-02
    plugin id81118
    published2015-02-02
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81118
    titleOracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_NCPFS-110824.NASL
    descriptionFollowing issues are fixed by this update: The ncpfs mount and umount programs were affected by the /etc/mtab truncation problems on RLIMIT_FSIZE. (CVE-2011-1679) Also on errors, the mtab lock was not removed, blocking other applications from modifying /etc/mtab. (CVE-2011-1680)
    last seen2020-06-01
    modified2020-06-02
    plugin id75974
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75974
    titleopenSUSE Security Update : ncpfs (openSUSE-SU-2011:0985-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-084.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in ncpfs : ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the /etc/mtab file and (2) ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089 (CVE-2011-1679). ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors (CVE-2011-1680). The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id59305
    published2012-05-30
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59305
    titleMandriva Linux Security Advisory : ncpfs (MDVSA-2012:084)

Redhat

advisories
bugzilla
id739184
titleStatically-linked binaries that call gethostbyname crash when executed.
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • commentglibc-utils is earlier than 0:2.12-1.47.el6
          ovaloval:com.redhat.rhsa:tst:20111526001
        • commentglibc-utils is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20120763012
      • AND
        • commentglibc-common is earlier than 0:2.12-1.47.el6
          ovaloval:com.redhat.rhsa:tst:20111526003
        • commentglibc-common is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20120763008
      • AND
        • commentglibc-headers is earlier than 0:2.12-1.47.el6
          ovaloval:com.redhat.rhsa:tst:20111526005
        • commentglibc-headers is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20120763010
      • AND
        • commentglibc-devel is earlier than 0:2.12-1.47.el6
          ovaloval:com.redhat.rhsa:tst:20111526007
        • commentglibc-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20120763006
      • AND
        • commentnscd is earlier than 0:2.12-1.47.el6
          ovaloval:com.redhat.rhsa:tst:20111526009
        • commentnscd is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20120763014
      • AND
        • commentglibc is earlier than 0:2.12-1.47.el6
          ovaloval:com.redhat.rhsa:tst:20111526011
        • commentglibc is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20120763004
      • AND
        • commentglibc-static is earlier than 0:2.12-1.47.el6
          ovaloval:com.redhat.rhsa:tst:20111526013
        • commentglibc-static is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20120763002
rhsa
idRHSA-2011:1526
released2011-12-05
severityLow
titleRHSA-2011:1526: glibc security, bug fix, and enhancement update (Low)
rpms
  • glibc-0:2.12-1.47.el6
  • glibc-common-0:2.12-1.47.el6
  • glibc-debuginfo-0:2.12-1.47.el6
  • glibc-debuginfo-common-0:2.12-1.47.el6
  • glibc-devel-0:2.12-1.47.el6
  • glibc-headers-0:2.12-1.47.el6
  • glibc-static-0:2.12-1.47.el6
  • glibc-utils-0:2.12-1.47.el6
  • nscd-0:2.12-1.47.el6
  • glibc-0:2.3.4-2.57
  • glibc-common-0:2.3.4-2.57
  • glibc-debuginfo-0:2.3.4-2.57
  • glibc-debuginfo-common-0:2.3.4-2.57
  • glibc-devel-0:2.3.4-2.57
  • glibc-headers-0:2.3.4-2.57
  • glibc-profile-0:2.3.4-2.57
  • glibc-utils-0:2.3.4-2.57
  • nptl-devel-0:2.3.4-2.57
  • nscd-0:2.3.4-2.57
  • glibc-0:2.5-65.el5_7.3
  • glibc-common-0:2.5-65.el5_7.3
  • glibc-debuginfo-0:2.5-65.el5_7.3
  • glibc-debuginfo-common-0:2.5-65.el5_7.3
  • glibc-devel-0:2.5-65.el5_7.3
  • glibc-headers-0:2.5-65.el5_7.3
  • glibc-utils-0:2.5-65.el5_7.3
  • nscd-0:2.5-65.el5_7.3