Vulnerabilities > CVE-2011-4609 - Resource Management Errors vulnerability in GNU Glibc

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
gnu
CWE-399
nessus

Summary

The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.

Vulnerable Configurations

Part Description Count
Application
Gnu
102

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2012-0013.NASL
    descriptiona. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. b. vCenter Update Manager update to JRE 1.5.0 Update 36 The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical Patch Update Advisory for June 2012. c. Update to ESX/ESXi userworld OpenSSL library The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version 0.9.8t to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues. d. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue. e. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583 to these issues. f. Update to ESX service console Perl RPM The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2761, CVE-2010-4410, and CVE-2011-3597 to these issues. g. Update to ESX service console libxml2 RPMs The ESX service console libmxl2 RPMs are updated to libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0841 to this issue. h. Update to ESX service console glibc RPM The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864 to these issue. i. Update to ESX service console GnuTLS RPM The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4128, CVE-2012-1569, and CVE-2012-1573 to these issues. j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to the following versions to resolve multiple security issues : - popt-1.10.2.3-28.el5_8 - rpm-4.4.2.3-28.el5_8 - rpm-libs-4.4.2.3-28.el5_8 - rpm-python-4.4.2.3-28.el5_8 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 to these issues. k. Vulnerability in third-party Apache Struts component The version of Apache Struts in vCenter Operations has been updated to 2.3.4 which addresses an arbitrary file overwrite vulnerability. This vulnerability allows an attacker to create a denial of service by overwriting arbitrary files without authentication. The attacker would need to be on the same network as the system where vCOps is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0393 to this issue. Note: Apache struts 2.3.4 addresses the following issues as well : CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It was found that these do not affect vCOps. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us.
    last seen2020-06-01
    modified2020-06-02
    plugin id61747
    published2012-08-31
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61747
    titleVMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from VMware Security Advisory 2012-0013. 
    # The text itself is copyright (C) VMware Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61747);
      script_version("1.56");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/30");
    
      script_cve_id("CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2010-2761", "CVE-2010-4180", "CVE-2010-4252", "CVE-2010-4410", "CVE-2011-0014", "CVE-2011-1020", "CVE-2011-1089", "CVE-2011-1833", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2699", "CVE-2011-3188", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-3597", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4110", "CVE-2011-4128", "CVE-2011-4132", "CVE-2011-4324", "CVE-2011-4325", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4609", "CVE-2011-4619", "CVE-2012-0050", "CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0207", "CVE-2012-0393", "CVE-2012-0815", "CVE-2012-0841", "CVE-2012-0864", "CVE-2012-1569", "CVE-2012-1573", "CVE-2012-1583", "CVE-2012-2110");
      script_bugtraq_id(40063, 44199, 45145, 45163, 45164, 46264, 46567, 46740, 47321, 48383, 48802, 49108, 49289, 49626, 49911, 50311, 50609, 50663, 50755, 50798, 50898, 51194, 51257, 51281, 51343, 51366, 51439, 51467, 51563, 52009, 52010, 52011, 52012, 52013, 52014, 52015, 52016, 52017, 52018, 52019, 52020, 52107, 52161, 52201, 52667, 52668, 52865, 53136, 53139, 53158, 53946, 53947, 53948, 53949, 53950, 53951, 53952, 53953, 53954, 53956, 53958, 53959, 53960);
      script_xref(name:"VMSA", value:"2012-0013");
    
      script_name(english:"VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries");
      script_summary(english:"Checks esxupdate output for the patches");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote VMware ESXi / ESX host is missing one or more
    security-related patches."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "a. vCenter and ESX update to JRE 1.6.0 Update 31
    
       The Oracle (Sun) JRE is updated to version 1.6.0_31, which
       addresses multiple security issues. Oracle has documented the
       CVE identifiers that are addressed by this update in the Oracle
       Java SE Critical Patch Update Advisory of February 2012.
    
    b. vCenter Update Manager update to JRE 1.5.0 Update 36
    
       The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple
       security issues.  Oracle has documented the CVE identifiers that
       are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical
       Patch Update Advisory for June 2012.
    
    c. Update to ESX/ESXi userworld OpenSSL library
    
       The ESX/ESXi userworld OpenSSL library is updated from version
       0.9.8p to version 0.9.8t to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2010-4180, CVE-2010-4252,
       CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576,
       CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues.
    
    d. Update to ESX service console OpenSSL RPM
    
       The service console OpenSSL RPM is updated to version
       0.9.8e-22.el5_8.3 to resolve a security issue.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2012-2110 to this issue.
    
    e. Update to ESX service console kernel
    
       The ESX service console kernel is updated to resolve multiple
       security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2011-1833, CVE-2011-2484,
       CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363,
       CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324,
       CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583
       to these issues.
    
    f. Update to ESX service console Perl RPM
    
       The ESX service console Perl RPM is updated to
       perl-5.8.8.32.1.8999.vmw to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2010-2761, CVE-2010-4410, and
       CVE-2011-3597 to these issues.
    
    g. Update to ESX service console libxml2 RPMs
    
       The ESX service console libmxl2 RPMs are updated to
       libxml2-2.6.26-2.1.15.el5_8.2 and
       libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security
       issue.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2012-0841 to this issue.
    
    h. Update to ESX service console glibc RPM
    
       The ESX service console glibc RPM is updated to version
       glibc-2.5-81.el5_8.1 to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the names CVE-2009-5029, CVE-2009-5064,
       CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864
       to these issue.
    
    i. Update to ESX service console GnuTLS RPM
    
       The ESX service console GnuTLS RPM is updated to version
       1.4.1-7.el5_8.2 to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2011-4128, CVE-2012-1569, and
       CVE-2012-1573 to these issues.
    
    j. Update to ESX service console popt, rpm, rpm-libs,
       and rpm-python RPMS
    
       The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS
       are updated to the following versions to resolve multiple
       security issues :
          - popt-1.10.2.3-28.el5_8
          - rpm-4.4.2.3-28.el5_8
          - rpm-libs-4.4.2.3-28.el5_8
          - rpm-python-4.4.2.3-28.el5_8
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2012-0060, CVE-2012-0061, and
       CVE-2012-0815 to these issues.
    
    k. Vulnerability in third-party Apache Struts component
    
       The version of Apache Struts in vCenter Operations has been
       updated to 2.3.4 which addresses an arbitrary file overwrite
       vulnerability. This vulnerability allows an attacker to create
       a denial of service by overwriting arbitrary files without
       authentication. The attacker would need to be on the same network
       as the system where vCOps is installed.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org) has
       assigned the name CVE-2012-0393 to this issue.
    
       Note: Apache struts 2.3.4 addresses the following issues as well :
       CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It
       was found that these do not affect vCOps.
    
       VMware would like to thank Alexander Minozhenko from ERPScan for
       reporting this issue to us."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://lists.vmware.com/pipermail/security-announce/2012/000197.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply the missing patches.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java Applet Field Bytecode Verifier Cache Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"VMware ESX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
      script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("vmware_esx_packages.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
    if (
      !get_kb_item("Host/VMware/esxcli_software_vibs") &&
      !get_kb_item("Host/VMware/esxupdate")
    ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    init_esx_check(date:"2012-08-30");
    flag = 0;
    
    
    if (
      esx_check(
        ver           : "ESX 4.0",
        patch         : "ESX400-201209401-SG",
        patch_updates : make_list("ESX400-201302401-SG", "ESX400-201305401-SG", "ESX400-201310401-SG", "ESX400-201404401-SG")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.0",
        patch         : "ESX400-201209402-SG",
        patch_updates : make_list("ESX400-201305404-SG", "ESX400-201310402-SG")
      )
    ) flag++;
    if (esx_check(ver:"ESX 4.0", patch:"ESX400-201209404-SG")) flag++;
    
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208101-SG",
        patch_updates : make_list("ESX410-201211401-SG", "ESX410-201301401-SG", "ESX410-201304401-SG", "ESX410-201307401-SG", "ESX410-201312401-SG", "ESX410-201404401-SG", "ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208102-SG",
        patch_updates : make_list("ESX410-201301405-SG", "ESX410-201304402-SG", "ESX410-201307405-SG", "ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208103-SG",
        patch_updates : make_list("ESX410-201307403-SG", "ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208104-SG",
        patch_updates : make_list("ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208105-SG",
        patch_updates : make_list("ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208106-SG",
        patch_updates : make_list("ESX410-201307404-SG", "ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208107-SG",
        patch_updates : make_list("ESX410-Update03")
      )
    ) flag++;
    
    if (
      esx_check(
        ver           : "ESXi 4.1",
        patch         : "ESXi410-201208101-SG",
        patch_updates : make_list("ESXi410-201211401-SG", "ESXi410-201301401-SG", "ESXi410-201304401-SG", "ESXi410-201307401-SG", "ESXi410-201312401-SG", "ESXi410-201404401-SG", "ESXi410-Update03")
      )
    ) flag++;
    
    if (esx_check(ver:"ESXi 5.0", vib:"VMware:esx-base:5.0.0-1.25.912577")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0126.NASL
    descriptionUpdated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609) Red Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830. Users should upgrade to these updated packages, which resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57924
    published2012-02-14
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57924
    titleCentOS 5 : glibc (CESA-2012:0126)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2012:0126 and 
    # CentOS Errata and Security Advisory 2012:0126 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57924);
      script_version("1.12");
      script_cvs_date("Date: 2020/01/07");
    
      script_cve_id("CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2011-1089", "CVE-2011-4609");
      script_bugtraq_id(40063, 46740, 50898, 51439);
      script_xref(name:"RHSA", value:"2012:0126");
    
      script_name(english:"CentOS 5 : glibc (CESA-2012:0126)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated glibc packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The glibc packages contain the standard C libraries used by multiple
    programs on the system. These packages contain the standard C and the
    standard math libraries. Without these two libraries, a Linux system
    cannot function properly.
    
    An integer overflow flaw, leading to a heap-based buffer overflow, was
    found in the way the glibc library read timezone files. If a
    carefully-crafted timezone file was loaded by an application linked
    against glibc, it could cause the application to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the application. (CVE-2009-5029)
    
    A flaw was found in the way the ldd utility identified dynamically
    linked libraries. If an attacker could trick a user into running ldd
    on a malicious binary, it could result in arbitrary code execution
    with the privileges of the user running ldd. (CVE-2009-5064)
    
    An integer overflow flaw, leading to a heap-based buffer overflow, was
    found in the way the glibc library loaded ELF (Executable and Linking
    Format) files. If a carefully-crafted ELF file was loaded by an
    application linked against glibc, it could cause the application to
    crash or, potentially, execute arbitrary code with the privileges of
    the user running the application. (CVE-2010-0830)
    
    It was found that the glibc addmntent() function, used by various
    mount helper utilities, did not handle certain errors correctly when
    updating the mtab (mounted file systems table) file. If such utilities
    had the setuid bit set, a local attacker could use this flaw to
    corrupt the mtab file. (CVE-2011-1089)
    
    A denial of service flaw was found in the remote procedure call (RPC)
    implementation in glibc. A remote attacker able to open a large number
    of connections to an RPC service that is using the RPC implementation
    from glibc, could use this flaw to make that service use an excessive
    amount of CPU time. (CVE-2011-4609)
    
    Red Hat would like to thank the Ubuntu Security Team for reporting
    CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The
    Ubuntu Security Team acknowledges Dan Rosenberg as the original
    reporter of CVE-2010-0830.
    
    Users should upgrade to these updated packages, which resolve these
    issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2012-February/018428.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e48699c2"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected glibc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-5064");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/02/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"glibc-2.5-65.el5_7.3")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"glibc-common-2.5-65.el5_7.3")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"glibc-devel-2.5-65.el5_7.3")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"glibc-headers-2.5-65.el5_7.3")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"glibc-utils-2.5-65.el5_7.3")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"nscd-2.5-65.el5_7.3")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc");
    }
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2012-0018.NASL
    descriptiona. vCenter Server Appliance directory traversal The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6324 to this issue. b. vCenter Server Appliance arbitrary file download The vCenter Server Appliance (vCSA) contains an XML parsing vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6325 to this issue. c. Update to ESX glibc package The ESX glibc package is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864 CVE-2012-3404, CVE-2012-3405, CVE-2012-3406 and CVE-2012-3480 to these issues. d. vCenter Server and vCSA webservice logging denial of service The vCenter Server and vCenter Server Appliance (vCSA) both contain a vulnerability that allows unauthenticated remote users to create abnormally large log entries. Exploitation of this issue may allow an attacker to fill the system volume of the vCenter host or appliance VM and create a denial-of-service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6326 to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id63332
    published2012-12-24
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63332
    titleVMSA-2012-0018 : VMware security updates for vCSA and ESXi
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from VMware Security Advisory 2012-0018. 
    # The text itself is copyright (C) VMware Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63332);
      script_version("1.22");
      script_cvs_date("Date: 2018/08/06 14:03:16");
    
      script_cve_id("CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2011-1089", "CVE-2011-4609", "CVE-2012-0864", "CVE-2012-3404", "CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480", "CVE-2012-6324", "CVE-2012-6325", "CVE-2012-6326");
      script_bugtraq_id(40063, 46740, 50898, 51439, 52201, 54374, 54982, 57021, 57022, 58139);
      script_xref(name:"VMSA", value:"2012-0018");
    
      script_name(english:"VMSA-2012-0018 : VMware security updates for vCSA and ESXi");
      script_summary(english:"Checks esxupdate output for the patches");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote VMware ESXi host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "a. vCenter Server Appliance directory traversal
    
       The vCenter Server Appliance (vCSA) contains a directory
       traversal vulnerability that allows an authenticated 
       remote user to retrieve arbitrary files. Exploitation of
       this issue may expose sensitive information stored on the 
       server. 
    
       VMware would like to thank Alexander Minozhenko from ERPScan for
       reporting this issue to us.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2012-6324 to this issue.
    
     b. vCenter Server Appliance arbitrary file download
    
       The vCenter Server Appliance (vCSA) contains an XML parsing 
       vulnerability that allows an authenticated remote user to
       retrieve arbitrary files.  Exploitation of this issue may
       expose sensitive information stored on the server.
    
       VMware would like to thank Alexander Minozhenko from ERPScan for
       reporting this issue to us.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2012-6325 to this issue.
    
     c. Update to ESX glibc package
    
       The ESX glibc package is updated to version glibc-2.5-81.el5_8.1
       to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2009-5029, CVE-2009-5064,
       CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864
       CVE-2012-3404, CVE-2012-3405, CVE-2012-3406 and CVE-2012-3480
       to these issues.
    
     d. vCenter Server and vCSA webservice logging denial of service
    
       The vCenter Server and vCenter Server Appliance (vCSA) both
       contain a vulnerability that allows unauthenticated remote 
       users to create abnormally large log entries.  Exploitation
       of this issue may allow an attacker to fill the system volume
       of the vCenter host or appliance VM and create a 
       denial-of-service condition. 
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2012-6326 to this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://lists.vmware.com/pipermail/security-announce/2013/000212.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply the missing patches.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
      script_family(english:"VMware ESX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
      script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("vmware_esx_packages.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
    if (
      !get_kb_item("Host/VMware/esxcli_software_vibs") &&
      !get_kb_item("Host/VMware/esxupdate")
    ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    init_esx_check(date:"2012-12-20");
    flag = 0;
    
    
    if (esx_check(ver:"ESXi 5.0", vib:"VMware:esx-base:5.0.0-1.25.912577")) flag++;
    if (esx_check(ver:"ESXi 5.0", vib:"VMware:tools-light:5.0.0-1.25.912577")) flag++;
    
    if (esx_check(ver:"ESXi 5.1", vib:"VMware:esx-base:5.1.0-0.11.1063671")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1396-1.NASL
    descriptionIt was discovered that the GNU C Library did not properly handle integer overflows in the timezone handling code. An attacker could use this to possibly execute arbitrary code by convincing an application to load a maliciously constructed tzfile. (CVE-2009-5029) It was discovered that the GNU C Library did not properly handle passwd.adjunct.byname map entries in the Network Information Service (NIS) code in the name service caching daemon (nscd). An attacker could use this to obtain the encrypted passwords of NIS accounts. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-0015) Chris Evans reported that the GNU C Library did not properly calculate the amount of memory to allocate in the fnmatch() code. An attacker could use this to cause a denial of service or possibly execute arbitrary code via a maliciously crafted UTF-8 string. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2011-1071) Tomas Hoger reported that an additional integer overflow was possible in the GNU C Library fnmatch() code. An attacker could use this to cause a denial of service via a maliciously crafted UTF-8 string. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1659) Dan Rosenberg discovered that the addmntent() function in the GNU C Library did not report an error status for failed attempts to write to the /etc/mtab file. This could allow an attacker to corrupt /etc/mtab, possibly causing a denial of service or otherwise manipulate mount options. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1089) Harald van Dijk discovered that the locale program included with the GNU C library did not properly quote its output. This could allow a local attacker to possibly execute arbitrary code using a crafted localization string that was evaluated in a shell script. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2011-1095) It was discovered that the GNU C library loader expanded the $ORIGIN dynamic string token when RPATH is composed entirely of this token. This could allow an attacker to gain privilege via a setuid program that had this RPATH value. (CVE-2011-1658) It was discovered that the GNU C library implementation of memcpy optimized for Supplemental Streaming SIMD Extensions 3 (SSSE3) contained a possible integer overflow. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. (CVE-2011-2702) John Zimmerman discovered that the Remote Procedure Call (RPC) implementation in the GNU C Library did not properly handle large numbers of connections. This could allow a remote attacker to cause a denial of service. (CVE-2011-4609) It was discovered that the GNU C Library vfprintf() implementation contained a possible integer overflow in the format string protection code offered by FORTIFY_SOURCE. An attacker could use this flaw in conjunction with a format string vulnerability to bypass the format string protection and possibly execute arbitrary code. (CVE-2012-0864). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id58318
    published2012-03-12
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58318
    titleUbuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : eglibc, glibc vulnerabilities (USN-1396-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1396-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58318);
      script_version("1.10");
      script_cvs_date("Date: 2019/09/19 12:54:27");
    
      script_cve_id("CVE-2009-5029", "CVE-2010-0015", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2011-1658", "CVE-2011-1659", "CVE-2011-2702", "CVE-2011-4609", "CVE-2012-0864");
      script_bugtraq_id(37885, 46563, 46740, 47370, 50898, 51439, 52201);
      script_xref(name:"USN", value:"1396-1");
    
      script_name(english:"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : eglibc, glibc vulnerabilities (USN-1396-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the GNU C Library did not properly handle
    integer overflows in the timezone handling code. An attacker could use
    this to possibly execute arbitrary code by convincing an application
    to load a maliciously constructed tzfile. (CVE-2009-5029)
    
    It was discovered that the GNU C Library did not properly handle
    passwd.adjunct.byname map entries in the Network Information Service
    (NIS) code in the name service caching daemon (nscd). An attacker
    could use this to obtain the encrypted passwords of NIS accounts. This
    issue only affected Ubuntu 8.04 LTS. (CVE-2010-0015)
    
    Chris Evans reported that the GNU C Library did not properly calculate
    the amount of memory to allocate in the fnmatch() code. An attacker
    could use this to cause a denial of service or possibly execute
    arbitrary code via a maliciously crafted UTF-8 string. This issue only
    affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 10.10.
    (CVE-2011-1071)
    
    Tomas Hoger reported that an additional integer overflow was possible
    in the GNU C Library fnmatch() code. An attacker could use this to
    cause a denial of service via a maliciously crafted UTF-8 string. This
    issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10
    and Ubuntu 11.04. (CVE-2011-1659)
    
    Dan Rosenberg discovered that the addmntent() function in the GNU C
    Library did not report an error status for failed attempts to write to
    the /etc/mtab file. This could allow an attacker to corrupt /etc/mtab,
    possibly causing a denial of service or otherwise manipulate mount
    options. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS,
    Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1089)
    
    Harald van Dijk discovered that the locale program included with the
    GNU C library did not properly quote its output. This could allow a
    local attacker to possibly execute arbitrary code using a crafted
    localization string that was evaluated in a shell script. This issue
    only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 10.10.
    (CVE-2011-1095)
    
    It was discovered that the GNU C library loader expanded the $ORIGIN
    dynamic string token when RPATH is composed entirely of this token.
    This could allow an attacker to gain privilege via a setuid program
    that had this RPATH value. (CVE-2011-1658)
    
    It was discovered that the GNU C library implementation of memcpy
    optimized for Supplemental Streaming SIMD Extensions 3 (SSSE3)
    contained a possible integer overflow. An attacker could use this to
    cause a denial of service or possibly execute arbitrary code. This
    issue only affected Ubuntu 10.04 LTS. (CVE-2011-2702)
    
    John Zimmerman discovered that the Remote Procedure Call (RPC)
    implementation in the GNU C Library did not properly handle large
    numbers of connections. This could allow a remote attacker to cause a
    denial of service. (CVE-2011-4609)
    
    It was discovered that the GNU C Library vfprintf() implementation
    contained a possible integer overflow in the format string protection
    code offered by FORTIFY_SOURCE. An attacker could use this flaw in
    conjunction with a format string vulnerability to bypass the format
    string protection and possibly execute arbitrary code. (CVE-2012-0864).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1396-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libc-bin and / or libc6 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(255);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/01/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/03/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(8\.04|10\.04|10\.10|11\.04|11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"8.04", pkgname:"libc6", pkgver:"2.7-10ubuntu8.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"libc-bin", pkgver:"2.11.1-0ubuntu7.10")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"libc6", pkgver:"2.11.1-0ubuntu7.10")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"libc-bin", pkgver:"2.12.1-0ubuntu10.4")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"libc6", pkgver:"2.12.1-0ubuntu10.4")) flag++;
    if (ubuntu_check(osver:"11.04", pkgname:"libc6", pkgver:"2.13-0ubuntu13.1")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"libc6", pkgver:"2.13-20ubuntu5.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libc-bin / libc6");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120213_GLIBC_ON_SL5_X.NASL
    descriptionThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609) Users should upgrade to these updated packages, which resolve these issues.
    last seen2020-03-18
    modified2012-08-01
    plugin id61244
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61244
    titleScientific Linux Security Update : glibc on SL5.x i386/x86_64 (20120213)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61244);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2011-1089", "CVE-2011-4609");
    
      script_name(english:"Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20120213)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The glibc packages contain the standard C libraries used by multiple
    programs on the system. These packages contain the standard C and the
    standard math libraries. Without these two libraries, a Linux system
    cannot function properly.
    
    An integer overflow flaw, leading to a heap-based buffer overflow, was
    found in the way the glibc library read timezone files. If a
    carefully-crafted timezone file was loaded by an application linked
    against glibc, it could cause the application to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the application. (CVE-2009-5029)
    
    A flaw was found in the way the ldd utility identified dynamically
    linked libraries. If an attacker could trick a user into running ldd
    on a malicious binary, it could result in arbitrary code execution
    with the privileges of the user running ldd. (CVE-2009-5064)
    
    An integer overflow flaw, leading to a heap-based buffer overflow, was
    found in the way the glibc library loaded ELF (Executable and Linking
    Format) files. If a carefully-crafted ELF file was loaded by an
    application linked against glibc, it could cause the application to
    crash or, potentially, execute arbitrary code with the privileges of
    the user running the application. (CVE-2010-0830)
    
    It was found that the glibc addmntent() function, used by various
    mount helper utilities, did not handle certain errors correctly when
    updating the mtab (mounted file systems table) file. If such utilities
    had the setuid bit set, a local attacker could use this flaw to
    corrupt the mtab file. (CVE-2011-1089)
    
    A denial of service flaw was found in the remote procedure call (RPC)
    implementation in glibc. A remote attacker able to open a large number
    of connections to an RPC service that is using the RPC implementation
    from glibc, could use this flaw to make that service use an excessive
    amount of CPU time. (CVE-2011-4609)
    
    Users should upgrade to these updated packages, which resolve these
    issues."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1202&L=scientific-linux-errata&T=0&P=2446
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b70164f6"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nscd");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/02/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL5", reference:"glibc-2.5-65.el5_7.3")) flag++;
    if (rpm_check(release:"SL5", reference:"glibc-common-2.5-65.el5_7.3")) flag++;
    if (rpm_check(release:"SL5", reference:"glibc-debuginfo-2.5-65.el5_7.3")) flag++;
    if (rpm_check(release:"SL5", reference:"glibc-debuginfo-common-2.5-65.el5_7.3")) flag++;
    if (rpm_check(release:"SL5", reference:"glibc-devel-2.5-65.el5_7.3")) flag++;
    if (rpm_check(release:"SL5", reference:"glibc-headers-2.5-65.el5_7.3")) flag++;
    if (rpm_check(release:"SL5", reference:"glibc-utils-2.5-65.el5_7.3")) flag++;
    if (rpm_check(release:"SL5", reference:"nscd-2.5-65.el5_7.3")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc");
    }
    
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_1_BUILD_1063671_REMOTE.NASL
    descriptionThe remote VMware ESXi 5.1 host is affected by the following security vulnerabilities : - An integer overflow condition exists in the glibc library in the __tzfile_read() function that allows a denial of service or arbitrary code execution. (CVE-2009-5029) - An error exists in the glibc library related to modified loaders and
    last seen2020-06-01
    modified2020-06-02
    plugin id70886
    published2013-11-13
    reporterThis script is (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70886
    titleESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check)
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_0_BUILD_912577_REMOTE.NASL
    descriptionThe remote VMware ESXi 5.0 host is affected by Multiple Vulnerabilities : - An integer overflow condition exists in the __tzfile_read() function in the glibc library. An unauthenticated, remote attacker can exploit this, via a crafted timezone (TZ) file, to cause a denial of service or the execution of arbitrary code. (CVE-2009-5029) - ldd in the glibc library is affected by a privilege escalation vulnerability due to the omission of certain LD_TRACE_LOADED_OBJECTS checks in a crafted executable file. Note that this vulnerability is disputed by the library vendor. (CVE-2009-5064) - A remote code execution vulnerability exists in the glibc library due to an integer signedness error in the elf_get_dynamic_info() function when the
    last seen2020-06-01
    modified2020-06-02
    plugin id70885
    published2013-11-13
    reporterThis script is (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70885
    titleESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120213_GLIBC_ON_SL4_X.NASL
    descriptionThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) It was discovered that the glibc addmntent() function, used by various mount helper utilities, did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into the mtab (mounted file systems table) file via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830) It was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) It was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker
    last seen2020-03-18
    modified2012-08-01
    plugin id61243
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61243
    titleScientific Linux Security Update : glibc on SL4.x i386/x86_64 (20120213)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0125.NASL
    descriptionUpdated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) It was discovered that the glibc addmntent() function, used by various mount helper utilities, did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into the mtab (mounted file systems table) file via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830) It was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) It was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker
    last seen2020-06-01
    modified2020-06-02
    plugin id57923
    published2012-02-14
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57923
    titleCentOS 4 : glibc (CESA-2012:0125)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0126.NASL
    descriptionFrom Red Hat Security Advisory 2012:0126 : Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609) Red Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830. Users should upgrade to these updated packages, which resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id68456
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68456
    titleOracle Linux 5 : glibc (ELSA-2012-0126)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0109.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes multiple security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) Red Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2009-5029 and CVE-2011-4609 (glibc issues) CVE-2012-0056 (kernel issue) CVE-2011-4108 and CVE-2012-0050 (openssl issues) This update also fixes the following bugs : * Previously, it was possible to begin a Hypervisor installation without any valid disks to install to. Now, if no valid disks are found for Hypervisor installation, a message is displayed informing the user that there are no valid disks for installation. (BZ#781471) * Previously, the user interface for the Hypervisor did not indicate whether the system was registered with Red Hat Network (RHN) Classic or RHN Satellite. As a result, customers could not easily determine the registration status of their Hypervisor installations. The TUI has been updated to display the registration status of the Hypervisor. (BZ#788223) * Previously, autoinstall would fail if the firstboot or reinstall options were passed but local_boot or upgrade were not passed. Now, neither the local_boot or upgrade parameters are required for autoinstall. (BZ#788225) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id79282
    published2014-11-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79282
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2012:0109)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2012-0013_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - Apache Struts - glibc - GnuTLS - JRE - kernel - libxml2 - OpenSSL - Perl - popt and rpm
    last seen2020-06-01
    modified2020-06-02
    plugin id89038
    published2016-02-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89038
    titleVMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0125.NASL
    descriptionFrom Red Hat Security Advisory 2012:0125 : Updated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) It was discovered that the glibc addmntent() function, used by various mount helper utilities, did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into the mtab (mounted file systems table) file via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830) It was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) It was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker
    last seen2020-06-01
    modified2020-06-02
    plugin id68455
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68455
    titleOracle Linux 4 : glibc (ELSA-2012-0125)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2012-39.NASL
    descriptionAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)
    last seen2020-06-01
    modified2020-06-02
    plugin id69646
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69646
    titleAmazon Linux AMI : glibc (ALAS-2012-39)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0058.NASL
    descriptionFrom Red Hat Security Advisory 2012:0058 : Updated glibc packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609) This update also fixes the following bugs : * glibc had incorrect information for numeric separators and groupings for specific French, Spanish, and German locales. Therefore, applications utilizing glibc
    last seen2020-06-01
    modified2020-06-02
    plugin id68436
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68436
    titleOracle Linux 6 : glibc (ELSA-2012-0058)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0125.NASL
    descriptionUpdated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) It was discovered that the glibc addmntent() function, used by various mount helper utilities, did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into the mtab (mounted file systems table) file via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830) It was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) It was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker
    last seen2020-04-16
    modified2012-02-14
    plugin id57928
    published2012-02-14
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57928
    titleRHEL 4 : glibc (RHSA-2012:0125)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0126.NASL
    descriptionUpdated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609) Red Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830. Users should upgrade to these updated packages, which resolve these issues.
    last seen2020-04-16
    modified2012-02-14
    plugin id57929
    published2012-02-14
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57929
    titleRHEL 5 : glibc (RHSA-2012:0126)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0058.NASL
    descriptionUpdated glibc packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609) This update also fixes the following bugs : * glibc had incorrect information for numeric separators and groupings for specific French, Spanish, and German locales. Therefore, applications utilizing glibc
    last seen2020-04-16
    modified2012-01-25
    plugin id57676
    published2012-01-25
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57676
    titleRHEL 6 : glibc (RHSA-2012:0058)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0058.NASL
    descriptionUpdated glibc packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609) This update also fixes the following bugs : * glibc had incorrect information for numeric separators and groupings for specific French, Spanish, and German locales. Therefore, applications utilizing glibc
    last seen2020-06-01
    modified2020-06-02
    plugin id57730
    published2012-01-31
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57730
    titleCentOS 6 : glibc (CESA-2012:0058)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120124_GLIBC_ON_SL6_X.NASL
    descriptionThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609) This update also fixes the following bugs : - glibc had incorrect information for numeric separators and groupings for specific French, Spanish, and German locales. Therefore, applications utilizing glibc
    last seen2020-03-18
    modified2012-08-01
    plugin id61223
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61223
    titleScientific Linux Security Update : glibc on SL6.x i386/x86_64 (20120124)

Redhat

advisories
  • bugzilla
    id767299
    titleCVE-2011-4609 glibc: svc_run() produces high cpu usage when accept() fails with EMFILE error
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentglibc-devel is earlier than 0:2.12-1.47.el6_2.5
            ovaloval:com.redhat.rhsa:tst:20120058001
          • commentglibc-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763006
        • AND
          • commentglibc is earlier than 0:2.12-1.47.el6_2.5
            ovaloval:com.redhat.rhsa:tst:20120058003
          • commentglibc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763004
        • AND
          • commentglibc-utils is earlier than 0:2.12-1.47.el6_2.5
            ovaloval:com.redhat.rhsa:tst:20120058005
          • commentglibc-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763012
        • AND
          • commentnscd is earlier than 0:2.12-1.47.el6_2.5
            ovaloval:com.redhat.rhsa:tst:20120058007
          • commentnscd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763014
        • AND
          • commentglibc-headers is earlier than 0:2.12-1.47.el6_2.5
            ovaloval:com.redhat.rhsa:tst:20120058009
          • commentglibc-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763010
        • AND
          • commentglibc-common is earlier than 0:2.12-1.47.el6_2.5
            ovaloval:com.redhat.rhsa:tst:20120058011
          • commentglibc-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763008
        • AND
          • commentglibc-static is earlier than 0:2.12-1.47.el6_2.5
            ovaloval:com.redhat.rhsa:tst:20120058013
          • commentglibc-static is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763002
    rhsa
    idRHSA-2012:0058
    released2012-01-24
    severityModerate
    titleRHSA-2012:0058: glibc security and bug fix update (Moderate)
  • bugzilla
    id767299
    titleCVE-2011-4609 glibc: svc_run() produces high cpu usage when accept() fails with EMFILE error
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentnptl-devel is earlier than 0:2.3.4-2.57
            ovaloval:com.redhat.rhsa:tst:20120125001
          • commentnptl-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20120125002
        • AND
          • commentglibc-devel is earlier than 0:2.3.4-2.57
            ovaloval:com.redhat.rhsa:tst:20120125003
          • commentglibc-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20120125004
        • AND
          • commentglibc-headers is earlier than 0:2.3.4-2.57
            ovaloval:com.redhat.rhsa:tst:20120125005
          • commentglibc-headers is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20120125006
        • AND
          • commentglibc-profile is earlier than 0:2.3.4-2.57
            ovaloval:com.redhat.rhsa:tst:20120125007
          • commentglibc-profile is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20120125008
        • AND
          • commentglibc is earlier than 0:2.3.4-2.57
            ovaloval:com.redhat.rhsa:tst:20120125009
          • commentglibc is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20120125010
        • AND
          • commentnscd is earlier than 0:2.3.4-2.57
            ovaloval:com.redhat.rhsa:tst:20120125011
          • commentnscd is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20120125012
        • AND
          • commentglibc-common is earlier than 0:2.3.4-2.57
            ovaloval:com.redhat.rhsa:tst:20120125013
          • commentglibc-common is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20120125014
        • AND
          • commentglibc-utils is earlier than 0:2.3.4-2.57
            ovaloval:com.redhat.rhsa:tst:20120125015
          • commentglibc-utils is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20120125016
    rhsa
    idRHSA-2012:0125
    released2012-02-13
    severityModerate
    titleRHSA-2012:0125: glibc security and bug fix update (Moderate)
  • bugzilla
    id767299
    titleCVE-2011-4609 glibc: svc_run() produces high cpu usage when accept() fails with EMFILE error
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentglibc-common is earlier than 0:2.5-65.el5_7.3
            ovaloval:com.redhat.rhsa:tst:20120126001
          • commentglibc-common is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20130022004
        • AND
          • commentglibc is earlier than 0:2.5-65.el5_7.3
            ovaloval:com.redhat.rhsa:tst:20120126003
          • commentglibc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20130022006
        • AND
          • commentnscd is earlier than 0:2.5-65.el5_7.3
            ovaloval:com.redhat.rhsa:tst:20120126005
          • commentnscd is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20130022008
        • AND
          • commentglibc-headers is earlier than 0:2.5-65.el5_7.3
            ovaloval:com.redhat.rhsa:tst:20120126007
          • commentglibc-headers is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20130022012
        • AND
          • commentglibc-utils is earlier than 0:2.5-65.el5_7.3
            ovaloval:com.redhat.rhsa:tst:20120126009
          • commentglibc-utils is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20130022002
        • AND
          • commentglibc-devel is earlier than 0:2.5-65.el5_7.3
            ovaloval:com.redhat.rhsa:tst:20120126011
          • commentglibc-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20130022010
    rhsa
    idRHSA-2012:0126
    released2012-02-13
    severityModerate
    titleRHSA-2012:0126: glibc security update (Moderate)
rpms
  • glibc-0:2.12-1.47.el6_2.5
  • glibc-common-0:2.12-1.47.el6_2.5
  • glibc-debuginfo-0:2.12-1.47.el6_2.5
  • glibc-debuginfo-common-0:2.12-1.47.el6_2.5
  • glibc-devel-0:2.12-1.47.el6_2.5
  • glibc-headers-0:2.12-1.47.el6_2.5
  • glibc-static-0:2.12-1.47.el6_2.5
  • glibc-utils-0:2.12-1.47.el6_2.5
  • nscd-0:2.12-1.47.el6_2.5
  • glibc-0:2.3.4-2.57
  • glibc-common-0:2.3.4-2.57
  • glibc-debuginfo-0:2.3.4-2.57
  • glibc-debuginfo-common-0:2.3.4-2.57
  • glibc-devel-0:2.3.4-2.57
  • glibc-headers-0:2.3.4-2.57
  • glibc-profile-0:2.3.4-2.57
  • glibc-utils-0:2.3.4-2.57
  • nptl-devel-0:2.3.4-2.57
  • nscd-0:2.3.4-2.57
  • glibc-0:2.5-65.el5_7.3
  • glibc-common-0:2.5-65.el5_7.3
  • glibc-debuginfo-0:2.5-65.el5_7.3
  • glibc-debuginfo-common-0:2.5-65.el5_7.3
  • glibc-devel-0:2.5-65.el5_7.3
  • glibc-headers-0:2.5-65.el5_7.3
  • glibc-utils-0:2.5-65.el5_7.3
  • nscd-0:2.5-65.el5_7.3